1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Background audio and Google redirect Malware

Discussion in 'Virus & Other Malware Removal' started by Sun_and_Steel, Oct 28, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Sun_and_Steel

    Sun_and_Steel Thread Starter

    Joined:
    Oct 28, 2011
    Messages:
    7
    Hello everyone!

    I've been having issues starting a month ago when some phony anti-spyware got onto my computer. I removed it successfully but ever since then, my google searches have been redirected and just recently, some various audio of ads play in the background on my computer. I often find my cpu usage hitting 99-100% as well.

    Anyway, here is my System info log:

    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows 7 Home Premium , Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz, Intel64 Family 6 Model 30 Stepping 5
    Processor Count: 4
    RAM: 4087 Mb
    Graphics Card: NVIDIA GeForce GT 220, 1024 Mb
    Hard Drives: C: Total - 476837 MB, Free - 236316 MB;
    Motherboard: ASUSTeK Computer INC., P7P55D-E PRO, Rev 1.xx, 103136680000203
    Antivirus: Kaspersky Internet Security, Disabled

    And my HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:31:32 PM, on 10/28/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\AIM6\aim6.exe
    C:\Program Files (x86)\AIM6\aolsoftware.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\CallBurner\callburner.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Johnny\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [AppCallBurner] C:\Program Files (x86)\CallBurner\callburner.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe (User 'Default user')
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13419 bytes

    Thanks in advance!
     
  2. Sun_and_Steel

    Sun_and_Steel Thread Starter

    Joined:
    Oct 28, 2011
    Messages:
    7
  3. Sun_and_Steel

    Sun_and_Steel Thread Starter

    Joined:
    Oct 28, 2011
    Messages:
    7
    Bumping again
     
  4. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds file to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.
     
  5. Sun_and_Steel

    Sun_and_Steel Thread Starter

    Joined:
    Oct 28, 2011
    Messages:
    7
    Hey, thanks for the help!

    Here is the DDS log and the attach file should be attached:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Johnny at 19:53:59 on 2011-11-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.1736 [GMT -5:00]
    .
    AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
    SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\locator.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\AIM6\aim6.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\CallBurner\callburner.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\AIM6\aolsoftware.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtblfs.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe
    C:\Users\Johnny\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Johnny\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\AIM6\aolsoftware.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = my.daemon-search.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    uRun: [PlayNC Launcher]
    uRun: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [AppCallBurner] C:\Program Files (x86)\CallBurner\callburner.exe
    uRun: [Akamai NetSession Interface] C:\Users\Johnny\AppData\Local\Akamai\netsession_win.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    LSP: mswsock.dll
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{FADAFBAA-434F-442E-884D-74EF271ECE18} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    BHO-X64: link filter bho - No File
    TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\nqnlvt62.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/startpage|http://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
    FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Kaspersky URL Advisor: [email protected] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
    FF - Ext: ImageHost Grabber: {E4091D66-127C-11DB-903A-DE80D2EFDFE8} - %profile%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
    FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AVP;Kaspersky Internet Security;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340520]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-6-7 240232]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2010-6-6 24652]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S0 calnts;calnts;C:\Windows\system32\DRIVERS\calnts.sys --> C:\Windows\system32\DRIVERS\calnts.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-4 136176]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-6-5 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-6-2 79360]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-4 136176]
    S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-10 00:00:26 -------- d-----w- C:\Users\Johnny\AppData\Local\Akamai
    2011-11-08 21:32:38 -------- d-----w- C:\Program Files\iPod
    2011-11-08 21:32:37 -------- d-----w- C:\Program Files\iTunes
    2011-11-08 21:32:37 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-11-08 21:23:36 -------- d-----w- C:\Program Files\Bonjour
    2011-11-08 21:23:36 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-11-08 16:36:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1B639BF-003C-45EF-949F-71239DE7B7FD}\offreg.dll
    2011-11-08 16:36:39 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1B639BF-003C-45EF-949F-71239DE7B7FD}\mpengine.dll
    2011-10-26 04:22:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-26 04:10:07 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-10-26 03:39:30 -------- d-----w- C:\Windows\pss
    2011-10-25 20:59:00 -------- d-----w- C:\Users\Johnny\AppData\Local\{043A5561-5426-437B-9A37-E3ED50F7EA74}
    2011-10-25 20:58:46 -------- d-----w- C:\Users\Johnny\AppData\Local\{C04E866A-A965-4257-A307-13E8815225F2}
    2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-10-24 14:17:17 -------- d-----w- C:\Users\Johnny\AppData\Local\{A378971A-A064-4E1E-B9B9-245F3BE07A94}
    2011-10-24 14:16:42 -------- d-----w- C:\Users\Johnny\AppData\Local\{35C4D4A9-4DCF-42F6-8F27-4580DE4C9268}
    2011-10-23 21:56:55 -------- d-----w- C:\Users\Johnny\AppData\Local\{498E1AA6-F64F-49A9-ACD2-D50CD9C771B8}
    2011-10-23 21:56:44 -------- d-----w- C:\Users\Johnny\AppData\Local\{F9082D37-48C8-4FFC-830F-CF01BBE4DCA3}
    2011-10-23 06:10:07 -------- d-----w- C:\Users\Johnny\AppData\Local\{0090E325-9AFD-4FCB-9682-204AF3127A94}
    2011-10-23 06:09:56 -------- d-----w- C:\Users\Johnny\AppData\Local\{726726C0-F889-4876-B897-9980A7A4C64D}
    2011-10-23 06:07:48 -------- d-----w- C:\Windows\en
    2011-10-23 06:03:01 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
    2011-10-23 05:57:03 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\951efb891cc914805\bingbarsetup.exe
    2011-10-23 05:55:54 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\DSETUP.dll
    2011-10-23 05:55:54 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\DXSETUP.exe
    2011-10-23 05:55:54 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\dsetup32.dll
    2011-10-23 05:55:49 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\699098541cc914803\DSETUP.dll
    2011-10-23 05:55:49 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\699098541cc914803\DXSETUP.exe
    2011-10-23 05:55:49 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\699098541cc914803\dsetup32.dll
    2011-10-23 05:55:19 -------- d-----w- C:\Users\Johnny\AppData\Local\Windows Live
    2011-10-20 00:47:37 -------- d-----w- C:\Users\Johnny\AppData\Roaming\Dev-Cpp
    2011-10-20 00:47:11 -------- d-----w- C:\Dev-Cpp
    2011-10-18 02:30:13 -------- d-----w- C:\Program Files (x86)\CodeBlocks
    2011-10-12 22:46:39 3138048 ----a-w- C:\Windows\System32\win32k.sys
    2011-10-12 22:46:26 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2011-10-12 22:46:26 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2011-10-12 22:46:26 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2011-10-12 22:46:26 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2011-10-12 22:46:19 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-10-12 22:46:19 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-10-12 22:46:19 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-10-12 22:46:19 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    .
    ==================== Find3M ====================
    .
    2011-10-11 00:15:19 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys
    2011-10-07 05:25:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-10-07 05:25:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-08-31 04:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
    2011-08-31 04:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-08-31 04:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-08-31 04:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-08-31 04:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    .
    ============= FINISH: 19:55:17.83 ===============
     

    Attached Files:

  6. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    BitTorrent

    Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


    Download aswMBR to your desktop. Double click the aswMBR.exe to run it
    Click the Scan button to start scan

    On completion of the scan click save log, save it to your desktop and post in your next reply.
     
  7. Sun_and_Steel

    Sun_and_Steel Thread Starter

    Joined:
    Oct 28, 2011
    Messages:
    7
    Uninstalled BitTorrent and here is the log:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-12 01:30:10
    -----------------------------
    01:30:10.524 OS Version: Windows x64 6.1.7601 Service Pack 1
    01:30:10.524 Number of processors: 4 586 0x1E05
    01:30:10.525 ComputerName: OMNISSIAH UserName: Johnny
    01:30:14.535 Initialize success
    01:31:16.956 AVAST engine download error: 0
    01:32:17.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6
    01:32:17.686 Disk 0 Vendor: WDC_WD5000AAKS-00D2B0 12.01C02 Size: 476940MB BusType: 3
    01:32:19.701 Disk 0 MBR read successfully
    01:32:19.707 Disk 0 MBR scan
    01:32:19.712 Disk 0 Windows 7 default MBR code
    01:32:19.717 Service scanning
    01:32:29.106 Modules scanning
    01:32:29.113 Disk 0 trace - called modules:
    01:32:29.141 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
    01:32:29.149 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004db0060]
    01:32:29.156 3 CLASSPNP.SYS[fffff880019d143f] -> nt!IofCallDriver -> [0xfffffa8004af1670]
    01:32:29.163 5 ACPI.sys[fffff88000f0a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-6[0xfffffa8004b66060]
    01:32:29.170 Scan finished successfully
    01:32:50.120 Disk 0 MBR has been saved successfully to "C:\Users\Johnny\Desktop\MBR.dat"
    01:32:50.129 The log file has been saved successfully to "C:\Users\Johnny\Desktop\aswMBR.txt"
     
  8. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
     
  9. Sun_and_Steel

    Sun_and_Steel Thread Starter

    Joined:
    Oct 28, 2011
    Messages:
    7
    Here is the ComboFix log:

    ComboFix 11-11-14.03 - Johnny 11/15/2011 1:09.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.2851 [GMT -5:00]
    Running from: c:\users\Johnny\Desktop\ComboFix.exe
    AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
    SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Johnny\AppData\Roaming\.#
    c:\windows\assembly\tmp\U
    c:\windows\assembly\tmp\U\00000001.@
    c:\windows\assembly\tmp\U\00000002.@
    c:\windows\assembly\tmp\U\00000004.@
    c:\windows\assembly\tmp\U\000000c0.@
    c:\windows\assembly\tmp\U\000000cb.@
    c:\windows\assembly\tmp\U\000000cf.@
    c:\windows\assembly\tmp\U\80000000.@
    c:\windows\assembly\tmp\U\80000004.@
    c:\windows\assembly\tmp\U\80000032.@
    c:\windows\assembly\tmp\U\80000064.@
    c:\windows\assembly\tmp\U\800000c0.@
    c:\windows\assembly\tmp\U\800000cb.@
    c:\windows\assembly\tmp\U\800000cf.@
    c:\windows\security\Database\tmp.edb
    c:\windows\system32\consrv.dll
    c:\windows\System64
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-15 06:18 . 2011-11-15 06:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-11-15 06:18 . 2011-11-15 06:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-11 14:18 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EB045EB-522C-4C82-B345-EC643C187E39}\mpengine.dll
    2011-11-10 00:00 . 2011-11-12 06:17 -------- d-----w- c:\users\Johnny\AppData\Local\Akamai
    2011-11-09 23:05 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 23:05 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 23:05 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 23:05 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
    2011-11-08 21:32 . 2011-11-08 21:32 -------- d-----w- c:\program files\iPod
    2011-11-08 21:32 . 2011-11-08 21:33 -------- d-----w- c:\program files\iTunes
    2011-11-08 21:32 . 2011-11-08 21:33 -------- d-----w- c:\program files (x86)\iTunes
    2011-11-08 21:23 . 2011-11-08 21:23 -------- d-----w- c:\program files\Bonjour
    2011-11-08 21:23 . 2011-11-08 21:23 -------- d-----w- c:\program files (x86)\Bonjour
    2011-10-26 04:22 . 2011-10-26 04:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-26 04:17 . 2011-10-26 04:17 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-10-26 04:10 . 2011-10-26 04:10 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-10-26 04:10 . 2011-10-03 09:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2011-10-23 06:07 . 2011-10-23 06:07 -------- d-----w- c:\windows\en
    2011-10-23 06:03 . 2011-05-13 19:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-10-23 05:57 . 2011-10-23 05:57 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\951efb891cc914805\bingbarsetup.exe
    2011-10-23 05:55 . 2011-10-23 05:55 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\DSETUP.dll
    2011-10-23 05:55 . 2011-10-23 05:55 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\DXSETUP.exe
    2011-10-23 05:55 . 2011-10-23 05:55 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\dsetup32.dll
    2011-10-23 05:55 . 2011-10-23 05:55 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\699098541cc914803\DSETUP.dll
    2011-10-23 05:55 . 2011-10-23 05:55 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\699098541cc914803\DXSETUP.exe
    2011-10-23 05:55 . 2011-10-23 05:55 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\699098541cc914803\dsetup32.dll
    2011-10-23 05:55 . 2011-10-26 04:10 -------- d-----w- c:\users\Johnny\AppData\Local\Windows Live
    2011-10-20 00:47 . 2011-10-20 00:49 -------- d-----w- c:\users\Johnny\AppData\Roaming\Dev-Cpp
    2011-10-20 00:47 . 2011-10-20 00:47 -------- d-----w- C:\Dev-Cpp
    2011-10-18 02:30 . 2011-10-18 02:30 -------- d-----w- c:\program files (x86)\CodeBlocks
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-23 06:01 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-10-11 00:15 . 2011-10-11 00:15 24448 ----a-w- c:\windows\SysWow64\drivers\rkhdrv40.sys
    2011-10-07 05:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-10-07 05:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-08-31 21:00 . 2011-09-30 02:07 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-31 04:05 . 2011-08-31 04:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 04:05 . 2011-08-31 04:05 85864 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 04:05 . 2011-08-31 04:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-08-31 04:05 . 2011-08-31 04:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
    2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-08-27 05:37 . 2011-10-12 22:46 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-27 05:37 . 2011-10-12 22:46 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-27 04:26 . 2011-10-12 22:46 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-08-27 04:26 . 2011-10-12 22:46 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-04 39408]
    "Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-02 1242448]
    "Aim6"="c:\program files (x86)\AIM6\aim6.exe" [2009-04-27 49968]
    "igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "AppCallBurner"="c:\program files (x86)\CallBurner\callburner.exe" [2011-01-31 5696512]
    "Akamai NetSession Interface"="c:\users\Johnny\AppData\Local\Akamai\netsession_win.exe" [2011-11-12 3303000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-26 106496]
    "P17RunE"="P17RunE.dll" [2008-03-28 14848]
    "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWow64\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer8"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R0 calnts;calnts;c:\windows\system32\DRIVERS\calnts.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-05 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-02 79360]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176]
    R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    R3 rkhdrv40;Rootkit Unhooker Driver; [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
    S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 06:15]
    .
    2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 06:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF8341.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = my.daemon-search.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    FF - ProfilePath - c:\users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\nqnlvt62.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/startpage|http://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
    FF - Ext: ImageHost Grabber: {E4091D66-127C-11DB-903A-DE80D2EFDFE8} - %profile%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
    FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-Gmask 1.70 English - c:\program files (x86)\Poop\uninstal.exe
    AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_dac4cfd.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
    36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
    5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
    ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
    e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
    "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
    36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:ee,52,5e,69,52,94,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\DOMStorage\lay.halfhourmeals.com*]
    @=dword:00000000
    .
    [HKEY_USERS\S-1-5-21-4267705656-4287265929-3320305393-1001\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-11-15 01:27:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-15 06:27
    .
    Pre-Run: 248,783,446,016 bytes free
    Post-Run: 249,328,017,408 bytes free
    .
    - - End Of File - - F542197571B28D129DD1CCA18A3A8461




    And the new DDS log:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Johnny at 1:44:18 on 2011-11-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.2120 [GMT -5:00]
    .
    AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
    SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\locator.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\AIM6\aim6.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\CallBurner\callburner.exe
    C:\Users\Johnny\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Johnny\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\AIM6\aolsoftware.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtblfs.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = my.daemon-search.com
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    uRun: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [AppCallBurner] C:\Program Files (x86)\CallBurner\callburner.exe
    uRun: [Akamai NetSession Interface] C:\Users\Johnny\AppData\Local\Akamai\netsession_win.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{FADAFBAA-434F-442E-884D-74EF271ECE18} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    BHO-X64: link filter bho - No File
    TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\nqnlvt62.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/startpage|http://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
    FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Kaspersky URL Advisor: [email protected] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
    FF - Ext: ImageHost Grabber: {E4091D66-127C-11DB-903A-DE80D2EFDFE8} - %profile%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
    FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AVP;Kaspersky Internet Security;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340520]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-6-7 240232]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2010-6-6 24652]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S0 calnts;calnts;C:\Windows\system32\DRIVERS\calnts.sys --> C:\Windows\system32\DRIVERS\calnts.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-4 136176]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-6-5 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-6-2 79360]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-4 136176]
    S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-15 06:31:56 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-11-15 06:25:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3EB045EB-522C-4C82-B345-EC643C187E39}\offreg.dll
    2011-11-15 06:06:58 98816 ----a-w- C:\Windows\sed.exe
    2011-11-15 06:06:58 518144 ----a-w- C:\Windows\SWREG.exe
    2011-11-15 06:06:58 256000 ----a-w- C:\Windows\PEV.exe
    2011-11-15 06:06:58 208896 ----a-w- C:\Windows\MBR.exe
    2011-11-11 14:18:09 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3EB045EB-522C-4C82-B345-EC643C187E39}\mpengine.dll
    2011-11-10 00:00:26 -------- d-----w- C:\Users\Johnny\AppData\Local\Akamai
    2011-11-09 23:05:58 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 23:05:58 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 23:05:57 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-09 23:05:56 3144704 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-08 21:32:38 -------- d-----w- C:\Program Files\iPod
    2011-11-08 21:32:37 -------- d-----w- C:\Program Files\iTunes
    2011-11-08 21:32:37 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-11-08 21:23:36 -------- d-----w- C:\Program Files\Bonjour
    2011-11-08 21:23:36 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-10-26 04:22:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-26 04:10:07 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-10-26 03:39:30 -------- d-----w- C:\Windows\pss
    2011-10-25 20:59:00 -------- d-----w- C:\Users\Johnny\AppData\Local\{043A5561-5426-437B-9A37-E3ED50F7EA74}
    2011-10-25 20:58:46 -------- d-----w- C:\Users\Johnny\AppData\Local\{C04E866A-A965-4257-A307-13E8815225F2}
    2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-10-24 14:17:17 -------- d-----w- C:\Users\Johnny\AppData\Local\{A378971A-A064-4E1E-B9B9-245F3BE07A94}
    2011-10-24 14:16:42 -------- d-----w- C:\Users\Johnny\AppData\Local\{35C4D4A9-4DCF-42F6-8F27-4580DE4C9268}
    2011-10-23 21:56:55 -------- d-----w- C:\Users\Johnny\AppData\Local\{498E1AA6-F64F-49A9-ACD2-D50CD9C771B8}
    2011-10-23 21:56:44 -------- d-----w- C:\Users\Johnny\AppData\Local\{F9082D37-48C8-4FFC-830F-CF01BBE4DCA3}
    2011-10-23 06:10:07 -------- d-----w- C:\Users\Johnny\AppData\Local\{0090E325-9AFD-4FCB-9682-204AF3127A94}
    2011-10-23 06:09:56 -------- d-----w- C:\Users\Johnny\AppData\Local\{726726C0-F889-4876-B897-9980A7A4C64D}
    2011-10-23 06:07:48 -------- d-----w- C:\Windows\en
    2011-10-23 06:03:01 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
    2011-10-23 05:57:03 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\951efb891cc914805\bingbarsetup.exe
    2011-10-23 05:55:54 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\DSETUP.dll
    2011-10-23 05:55:54 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\DXSETUP.exe
    2011-10-23 05:55:54 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\dsetup32.dll
    2011-10-23 05:55:49 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\699098541cc914803\DSETUP.dll
    2011-10-23 05:55:49 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\699098541cc914803\DXSETUP.exe
    2011-10-23 05:55:49 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\699098541cc914803\dsetup32.dll
    2011-10-23 05:55:19 -------- d-----w- C:\Users\Johnny\AppData\Local\Windows Live
    2011-10-20 00:47:37 -------- d-----w- C:\Users\Johnny\AppData\Roaming\Dev-Cpp
    2011-10-20 00:47:11 -------- d-----w- C:\Dev-Cpp
    2011-10-18 02:30:13 -------- d-----w- C:\Program Files (x86)\CodeBlocks
    .
    ==================== Find3M ====================
    .
    2011-10-11 00:15:19 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys
    2011-10-07 05:25:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-10-07 05:25:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-08-31 04:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
    2011-08-31 04:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-08-31 04:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-08-31 04:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-08-31 04:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    .
    ============= FINISH: 1:44:40.74 ===============
     

    Attached Files:

  10. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi again,

    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    DDS::
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

    [​IMG]

    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
    Then post the resultant log.


    Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.

    Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
    • Click Scan
    • Wait for the scan to finish.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
     
  11. Sun_and_Steel

    Sun_and_Steel Thread Starter

    Joined:
    Oct 28, 2011
    Messages:
    7
    I did the ESET scan but there is no log though it does show a list of bad items it found, I'm not sure how to go about posting it. I have the CF and DDS logs though.

    ComboFix Log:

    ComboFix 11-11-14.03 - Johnny 11/17/2011 22:41:55.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.2860 [GMT -5:00]
    Running from: c:\users\Johnny\Desktop\ComboFix.exe
    Command switches used :: c:\users\Johnny\Desktop\CFScript.txt
    AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
    SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\assembly\tmp\U
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-18 03:51 . 2011-11-18 03:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-11-18 03:51 . 2011-11-18 03:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-17 22:19 . 2011-11-17 22:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77AEA266-41BC-4924-B159-9CD4987AF738}\offreg.dll
    2011-11-15 16:35 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77AEA266-41BC-4924-B159-9CD4987AF738}\mpengine.dll
    2011-11-10 00:00 . 2011-11-18 01:15 -------- d-----w- c:\users\Johnny\AppData\Local\Akamai
    2011-11-09 23:05 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 23:05 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 23:05 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 23:05 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
    2011-11-08 21:32 . 2011-11-08 21:32 -------- d-----w- c:\program files\iPod
    2011-11-08 21:32 . 2011-11-08 21:33 -------- d-----w- c:\program files\iTunes
    2011-11-08 21:32 . 2011-11-08 21:33 -------- d-----w- c:\program files (x86)\iTunes
    2011-11-08 21:23 . 2011-11-08 21:23 -------- d-----w- c:\program files\Bonjour
    2011-11-08 21:23 . 2011-11-08 21:23 -------- d-----w- c:\program files (x86)\Bonjour
    2011-10-26 04:22 . 2011-10-26 04:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-26 04:17 . 2011-10-26 04:17 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-10-26 04:10 . 2011-10-26 04:10 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-10-26 04:10 . 2011-10-03 09:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2011-10-23 06:07 . 2011-10-23 06:07 -------- d-----w- c:\windows\en
    2011-10-23 06:03 . 2011-05-13 19:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-10-23 05:57 . 2011-10-23 05:57 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\951efb891cc914805\bingbarsetup.exe
    2011-10-23 05:55 . 2011-10-23 05:55 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\DSETUP.dll
    2011-10-23 05:55 . 2011-10-23 05:55 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\DXSETUP.exe
    2011-10-23 05:55 . 2011-10-23 05:55 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\dsetup32.dll
    2011-10-23 05:55 . 2011-10-23 05:55 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\699098541cc914803\DSETUP.dll
    2011-10-23 05:55 . 2011-10-23 05:55 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\699098541cc914803\DXSETUP.exe
    2011-10-23 05:55 . 2011-10-23 05:55 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\699098541cc914803\dsetup32.dll
    2011-10-23 05:55 . 2011-10-26 04:10 -------- d-----w- c:\users\Johnny\AppData\Local\Windows Live
    2011-10-20 00:47 . 2011-10-20 00:49 -------- d-----w- c:\users\Johnny\AppData\Roaming\Dev-Cpp
    2011-10-20 00:47 . 2011-10-20 00:47 -------- d-----w- C:\Dev-Cpp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-23 06:01 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-10-11 00:15 . 2011-10-11 00:15 24448 ----a-w- c:\windows\SysWow64\drivers\rkhdrv40.sys
    2011-10-07 05:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-10-07 05:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-08-31 21:00 . 2011-09-30 02:07 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-31 04:05 . 2011-08-31 04:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 04:05 . 2011-08-31 04:05 85864 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 04:05 . 2011-08-31 04:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-08-31 04:05 . 2011-08-31 04:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
    2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-08-27 05:37 . 2011-10-12 22:46 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-27 05:37 . 2011-10-12 22:46 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-27 04:26 . 2011-10-12 22:46 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-08-27 04:26 . 2011-10-12 22:46 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-11-15_06.20.52 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-03-16 11:31 . 2011-11-17 22:19 39072 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2011-11-15 06:22 35476 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-11-17 13:53 35476 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-06-04 13:39 . 2011-11-17 13:53 11660 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4267705656-4287265929-3320305393-1001_UserData.bin
    - 2010-06-05 05:59 . 2011-11-15 04:17 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-06-05 05:59 . 2011-11-17 13:44 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-11-15 04:17 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-17 13:44 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2011-11-15 16:33 93248 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-11-17 22:17 . 2011-11-17 22:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-11-15 06:20 . 2011-11-15 06:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-11-17 22:17 . 2011-11-17 22:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-11-15 06:20 . 2011-11-15 06:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2011-11-17 22:22 635834 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-11-15 04:23 635834 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-11-17 22:22 111408 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-11-15 04:23 111408 c:\windows\system32\perfc009.dat
    - 2010-06-05 05:59 . 2011-11-15 04:17 720896 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-06-05 05:59 . 2011-11-17 13:44 720896 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 05:01 . 2011-11-17 14:16 390392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-11-15 06:19 390392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 04:54 . 2011-11-15 06:06 2392064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-11-17 13:29 2392064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-11-15 06:06 8372224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-17 13:29 8372224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-07-14 05:44 . 2011-11-17 08:51 1947940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4267705656-4287265929-3320305393-501-8192.dat
    + 2010-06-07 03:00 . 2011-11-17 14:16 2211048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4267705656-4287265929-3320305393-1001-8192.dat
    + 2009-07-14 04:54 . 2011-11-17 13:29 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-11-15 06:06 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-04 39408]
    "Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-02 1242448]
    "Aim6"="c:\program files (x86)\AIM6\aim6.exe" [2009-04-27 49968]
    "igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "AppCallBurner"="c:\program files (x86)\CallBurner\callburner.exe" [2011-01-31 5696512]
    "Akamai NetSession Interface"="c:\users\Johnny\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-26 106496]
    "P17RunE"="P17RunE.dll" [2008-03-28 14848]
    "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\SysWow64\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer8"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R0 calnts;calnts;c:\windows\system32\DRIVERS\calnts.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-05 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-02 79360]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176]
    R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    R3 rkhdrv40;Rootkit Unhooker Driver; [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
    S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 06:15]
    .
    2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 06:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_Dlls"=0x1
    "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = my.daemon-search.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    FF - ProfilePath - c:\users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\nqnlvt62.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/startpage|http://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
    FF - Ext: ImageHost Grabber: {E4091D66-127C-11DB-903A-DE80D2EFDFE8} - %profile%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
    FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
    36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
    5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
    ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
    e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
    "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
    36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:ee,52,5e,69,52,94,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\DOMStorage\lay.halfhourmeals.com*]
    @=dword:00000000
    .
    [HKEY_USERS\S-1-5-21-4267705656-4287265929-3320305393-1001\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-11-17 22:53:30
    ComboFix-quarantined-files.txt 2011-11-18 03:53
    ComboFix2.txt 2011-11-15 06:27
    .
    Pre-Run: 248,479,686,656 bytes free
    Post-Run: 248,418,967,552 bytes free
    .
    - - End Of File - - D885D11527D31557C871BE703C6F9AC6

    DDS log:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Johnny at 21:13:12 on 2011-11-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.1636 [GMT -5:00]
    .
    AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
    SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\locator.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\CallBurner\callburner.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtblfs.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
    C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\AIM6\aim6.exe
    C:\Program Files (x86)\AIM6\aolsoftware.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = my.daemon-search.com
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    uRun: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [AppCallBurner] C:\Program Files (x86)\CallBurner\callburner.exe
    uRun: [Akamai NetSession Interface] C:\Users\Johnny\AppData\Local\Akamai\netsession_win.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{FADAFBAA-434F-442E-884D-74EF271ECE18} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    BHO-X64: link filter bho - No File
    TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\nqnlvt62.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/startpage|http://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
    FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Kaspersky URL Advisor: [email protected] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
    FF - Ext: ImageHost Grabber: {E4091D66-127C-11DB-903A-DE80D2EFDFE8} - %profile%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
    FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S0 calnts;calnts;C:\Windows\system32\DRIVERS\calnts.sys --> C:\Windows\system32\DRIVERS\calnts.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-18 21:59:00 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-11-18 12:43:18 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DB5D0B6-7FA2-4FD0-9BEA-ADE126FEE99C}\offreg.dll
    2011-11-18 12:43:15 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DB5D0B6-7FA2-4FD0-9BEA-ADE126FEE99C}\mpengine.dll
    2011-11-18 04:13:43 -------- d-----w- C:\Program Files (x86)\ESET
    2011-11-18 04:08:24 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-15 06:06:58 98816 ----a-w- C:\Windows\sed.exe
    2011-11-15 06:06:58 518144 ----a-w- C:\Windows\SWREG.exe
    2011-11-15 06:06:58 256000 ----a-w- C:\Windows\PEV.exe
    2011-11-15 06:06:58 208896 ----a-w- C:\Windows\MBR.exe
    2011-11-10 00:00:26 -------- d-----w- C:\Users\Johnny\AppData\Local\Akamai
    2011-11-09 23:05:58 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 23:05:58 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 23:05:57 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-09 23:05:56 3144704 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-08 21:32:38 -------- d-----w- C:\Program Files\iPod
    2011-11-08 21:32:37 -------- d-----w- C:\Program Files\iTunes
    2011-11-08 21:32:37 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-11-08 21:23:36 -------- d-----w- C:\Program Files\Bonjour
    2011-11-08 21:23:36 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-10-26 04:10:07 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-10-26 03:39:30 -------- d-----w- C:\Windows\pss
    2011-10-25 20:59:00 -------- d-----w- C:\Users\Johnny\AppData\Local\{043A5561-5426-437B-9A37-E3ED50F7EA74}
    2011-10-25 20:58:46 -------- d-----w- C:\Users\Johnny\AppData\Local\{C04E866A-A965-4257-A307-13E8815225F2}
    2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-10-24 14:17:17 -------- d-----w- C:\Users\Johnny\AppData\Local\{A378971A-A064-4E1E-B9B9-245F3BE07A94}
    2011-10-24 14:16:42 -------- d-----w- C:\Users\Johnny\AppData\Local\{35C4D4A9-4DCF-42F6-8F27-4580DE4C9268}
    2011-10-23 21:56:55 -------- d-----w- C:\Users\Johnny\AppData\Local\{498E1AA6-F64F-49A9-ACD2-D50CD9C771B8}
    2011-10-23 21:56:44 -------- d-----w- C:\Users\Johnny\AppData\Local\{F9082D37-48C8-4FFC-830F-CF01BBE4DCA3}
    2011-10-23 06:10:07 -------- d-----w- C:\Users\Johnny\AppData\Local\{0090E325-9AFD-4FCB-9682-204AF3127A94}
    2011-10-23 06:09:56 -------- d-----w- C:\Users\Johnny\AppData\Local\{726726C0-F889-4876-B897-9980A7A4C64D}
    2011-10-23 06:07:48 -------- d-----w- C:\Windows\en
    2011-10-23 06:03:01 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
    2011-10-23 05:57:03 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\951efb891cc914805\bingbarsetup.exe
    2011-10-23 05:55:54 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\DSETUP.dll
    2011-10-23 05:55:54 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\DXSETUP.exe
    2011-10-23 05:55:54 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6cc346a11cc914804\dsetup32.dll
    2011-10-23 05:55:49 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\699098541cc914803\DSETUP.dll
    2011-10-23 05:55:49 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\699098541cc914803\DXSETUP.exe
    2011-10-23 05:55:49 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\699098541cc914803\dsetup32.dll
    2011-10-23 05:55:19 -------- d-----w- C:\Users\Johnny\AppData\Local\Windows Live
    .
    ==================== Find3M ====================
    .
    2011-10-11 00:15:19 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys
    2011-10-07 05:25:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-10-07 05:25:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-08-31 04:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
    2011-08-31 04:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-08-31 04:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-08-31 04:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-08-31 04:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    .
    ============= FINISH: 21:14:36.14 ===============
     

    Attached Files:

  12. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    Are you able to copy-paste results from that ESET report window?
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1024489