BleepingComputer.com: Google (goingonearth.com) redirection

I have a problem with google redirecting me to various sites (advertisements) when clicking a search result from google.com. First a URL with goingonearth.com and the search keywords appears and then it redirects me. I also noticed that when i type goingonearth.com in a search engine it redirects me to the following page: hxxp://msdn.microsoft.com/en-us/aa570318.aspx. I've been having this problem for a couple of weeks now and I ran Malwarebytes' Anti-Malware some time ago. This seemed to solve the problem temporarily but now it's back!

Any help is appreciated =).

DDS.txt log:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Marius at 2:21:43 on 2011-08-15
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.4095.2696 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://localhost:8080/sabnzbd/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll
mURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.254
TCP: Interfaces\{FACBA18C-7C49-4434-8A9F-1A476DC14E63} : DhcpNameServer = 192.168.2.254
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll
BHO-X64: SearchElf 1.2 - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 178.21.113.74 www.minecraft.net
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/12/20 23:36:35];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-8-28 146928]
R2 Active@ Disk Monitor;Active@ Disk Monitor;C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2011-3-8 1127944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);C:\Windows\system32\drivers\wfeaglxt.sys --> C:\Windows\system32\drivers\wfeaglxt.sys [?]
.
=============== Created Last 30 ================
.
2011-07-19 15:14:15 304128 ----a-w- C:\Windows\IsUninst.exe
2011-07-17 22:08:15 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-17 22:08:14 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-17 22:08:12 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-17 22:08:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-17 21:05:45 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-07-17 21:05:43 -------- d-----w- C:\Users\Marius\AppData\Local\Conduit
2011-07-16 18:15:36 -------- d-----w- C:\Users\Marius\AppData\Local\Electronic Arts
2011-07-16 09:51:38 -------- d-----w- C:\ProgramData\AVAST Software
2011-07-16 09:51:38 -------- d-----w- C:\Program Files\AVAST Software
2011-07-16 08:49:38 65536 --sha-r- C:\Windows\SysWow64\scrrunn.dll
2011-07-16 02:38:53 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{74850DB0-852C-4777-AA6A-8DA0FE89445A}\mpengine.dll
.
==================== Find3M ====================
.
2011-07-18 10:33:36 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-12 17:35:07 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-24 17:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 2:22:35,94 ===============

This post has been edited by Orange Blossom: 14 August 2011 - 08:11 PM
Reason for edit: Deactivated link. ~ OB

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/414438 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

• If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  
• A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
  
  • Please do this even if you have previously posted logs for us.
    
  • If you were unable to produce the logs originally please try once more.
    
  • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    
  • If you are unsure about any of these characteristics just post what you can and we will guide you.
  
  
• Please tell us if you have your original Windows CD/DVD available.
  
• Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

• Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:



As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

I still need help with my problem, and i don't have the original windows cd/dvd available.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Marius at 15:50:55 on 2011-08-20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.4095.2797 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://localhost:8080/sabnzbd/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll
mURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.254
TCP: Interfaces\{FACBA18C-7C49-4434-8A9F-1A476DC14E63} : DhcpNameServer = 192.168.2.254
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll
BHO-X64: SearchElf 1.2 - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 178.21.113.74 www.minecraft.net
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/12/20 23:36:35];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-8-28 146928]
R2 Active@ Disk Monitor;Active@ Disk Monitor;C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2011-3-8 1127944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);C:\Windows\system32\drivers\wfeaglxt.sys --> C:\Windows\system32\drivers\wfeaglxt.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-07-18 10:33:36 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-17 21:05:45 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-07-16 08:49:38 65536 --sha-r- C:\Windows\SysWow64\scrrunn.dll
2011-07-12 17:35:07 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-06 17:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-24 17:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 15:51:14,02 ===============

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

• Do not run any other tool untill instructed to do so!
  
• please Do not Attach logs or put in code boxes.
  
• Tell me about any problems that have occurred during the fix.
  
• Tell me of any other symptoms you may be having as these can help also.
  
• Do not run anything while running a fix.
  
• Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following


• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Thanks a lot for your reply, I think that all of you people are doing an amazing job with this forum. =)

I didn't have any problems running combofix, except for that it opened a window for setting network location at the end
(where you can pick from "home" "work" and "public" network). I guessed that it was due to combofix disconnecting and
reconnecting and I just closed the window. Internet and network are fine as far as i can see. I also noticed that combofix
ran in Dutch (a translation with errors), guess that's ok too (just not what I expected )?
The problems still exist and didn't seem to get any better.

ComboFix 11-08-20.01 - Marius 20-08-2011 23:58:59.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.4095.2994 [GMT 2:00]
Gestart vanuit: c:\users\Marius\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-07-20 to 2011-08-20 ))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-18 10:33 . 2011-03-25 13:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-17 21:05 . 2011-07-17 21:05 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-07-13 08:05 . 2011-07-13 08:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-07-12 17:35 . 2011-07-12 17:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-09 18:18 . 2011-07-09 18:18 882496 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-06 17:52 . 2011-07-17 22:08 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-07-17 22:08 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2011-07-16 09:52 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-07 17:10 . 2011-07-16 02:38 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74850DB0-852C-4777-AA6A-8DA0FE89445A}\mpengine.dll
2011-05-24 17:14 . 2010-08-29 14:20 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f4e6547e-325b-403c-a3bb-ad29ed37a92f}"= "c:\program files (x86)\SearchElf_1.2\prxtbSea0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\SearchElf_1.2\prxtbSea0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{f4e6547e-325b-403c-a3bb-ad29ed37a92f}"= "c:\program files (x86)\SearchElf_1.2\prxtbSea0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/12/20 23:36];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-28 17:36 146928]
S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2009-09-02 1127944]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://localhost:8080/sabnzbd/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath -
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
Wow6432Node-HKLM-Run-NBKeyScan - c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Voltooingstijd: 2011-08-21 00:22:59 - machine werd herstart
ComboFix-quarantined-files.txt 2011-08-20 22:22
.
Pre-Run: 140.526.837.760 bytes free
Post-Run: 140.706.230.272 bytes free
.
- - End Of File - - 5D9EB677C320F6CD0DFCB8A2087D1742

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
  
• Under Output, ensure that Minimal Output is selected.
  
• Under Extra Registry section, select Use SafeList.
  
• Click the Scan All Users checkbox.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
    
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  
  
• Please post the contents of OTListIt.txt in your next reply.

Gringo

here you go:

OTL logfile created on: 21-8-2011 2:11:38 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Marius\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: | Country: | Language: | Date Format:

4,00 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 74,41% Memory free
8,00 Gb Paging File | 6,99 Gb Available in Paging File | 87,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,47 Gb Total Space | 131,10 Gb Free Space | 46,91% Space Free | Partition Type: NTFS

Computer Name: WM-TELRAAM | User Name: Marius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marius\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe (LSoft Technologies Inc)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWow64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWow64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Active@ Disk Monitor) -- C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe (LSoft Technologies Inc)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (WFLR6654) WinFast TV2000 XP Expert (FM1216MK3) -- C:\Windows\SysNative\drivers\wfeaglxt.sys (Leadtek Research Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (AVCSTRM) -- C:\Windows\SysNative\drivers\avcstrm.sys (Microsoft Corporation)
DRV:64bit: - (MSTAPE) -- C:\Windows\SysNative\drivers\mstape.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3157286681-3811045524-2669837648-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://localhost:8080/sabnzbd/
IE - HKU\S-1-5-21-3157286681-3811045524-2669837648-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 9F FE EE 87 AA CB 01 [binary data]
IE - HKU\S-1-5-21-3157286681-3811045524-2669837648-1004\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3157286681-3811045524-2669837648-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3157286681-3811045524-2669837648-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google.com (in English)"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-08-30 22:58:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-06-25 23:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-06-12 23:56:27 | 000,000,000 | ---D | M]

[2011-07-18 12:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-07-18 12:33:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011-06-25 23:53:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010-03-27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011-07-18 12:33:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011-05-06 15:38:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011-08-21 00:18:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SearchElf 1.2 Toolbar) - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SearchElf 1.2 Toolbar) - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3157286681-3811045524-2669837648-1004\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3157286681-3811045524-2669837648-1004\..\Toolbar\WebBrowser: (SearchElf 1.2 Toolbar) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - C:\Program Files (x86)\SearchElf_1.2\prxtbSea0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - Startup: C:\Users\All Users\Adobe [2010-10-11 21:10:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ALM [2010-08-30 23:07:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple [2011-06-12 17:16:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\AVAST Software [2011-07-16 18:37:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Canneverbe Limited [2011-01-29 16:27:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CanonBJ [2010-08-30 21:18:37 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2010-12-21 00:44:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2011-07-20 19:16:27 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\EA Core [2011-04-08 15:07:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Electronic Arts [2011-04-08 15:07:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\LightScribe [2010-12-21 00:45:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2011-07-18 00:08:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\McAfee [2011-03-25 15:07:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2010-11-17 19:06:31 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2011-08-11 03:05:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nero [2011-06-18 20:34:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PACE Anti-Piracy [2010-08-30 23:14:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\regid.1986-12.com.adobe [2010-08-30 23:13:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spotnet [2011-06-18 14:37:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2011-03-25 15:08:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Temp [2011-07-16 17:52:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2011-06-12 17:18:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Anja\AppData [2010-09-11 01:00:15 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Anja\Application Data [2010-09-11 01:00:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Anja\Contacts [2010-09-11 01:00:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Anja\Cookies [2010-09-11 01:00:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Anja\Desktop [2010-12-21 00:39:45 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Anja\My Documents [2010-09-11 01:00:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Anja\Downloads [2010-09-11 01:00:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Anja\Favorites [2010-09-11 01:00:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Anja\Links [2010-09-11 01:00:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Anja\Local Settings [2010-09-11 01:00:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Anja\Music [2010-09-11 01:00:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Anja\My Documents [2010-09-11 01:00:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Anja\NetHood [2010-09-11 01:00:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Anja\ntuser.dat ()
O4 - Startup: C:\Users\Anja\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Anja\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Anja\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Anja\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Anja\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Anja\ntuser.ini ()
O4 - Startup: C:\Users\Anja\Pictures [2010-09-11 01:00:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Anja\PrintHood [2010-09-11 01:00:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Anja\Recent [2010-09-11 01:00:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Anja\Saved Games [2010-11-02 18:25:09 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Anja\Searches [2010-09-11 01:00:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Anja\SendTo [2010-09-11 01:00:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Anja\Start Menu [2010-09-11 01:00:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Anja\Templates [2010-09-11 01:00:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Anja\Videos [2010-09-11 01:00:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2009-07-14 05:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2010-12-21 00:39:45 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2009-07-14 07:08:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009-07-14 04:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009-07-14 07:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009-07-14 04:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Marius\.rnd ()
O4 - Startup: C:\Users\Marius\AppData [2010-09-01 18:16:19 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Marius\Application Data [2010-09-01 18:16:19 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Marius\Contacts [2010-12-30 22:42:07 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Marius\Cookies [2010-09-01 18:16:19 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Marius\defogger_reenable ()
O4 - Startup: C:\Users\Marius\Desktop [2011-08-21 02:10:07 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Marius\My Documents [2010-09-01 18:16:19 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Marius\Downloads [2011-08-15 17:15:16 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Marius\Favorites [2010-12-30 22:42:07 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Marius\Links [2011-01-28 13:23:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Marius\Local Settings [2010-09-01 18:16:19 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Marius\Music [2011-06-12 21:44:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Marius\My Documents [2010-09-01 18:16:19 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Marius\NetHood [2010-09-01 18:16:19 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Marius\ntuser.dat ()
O4 - Startup: C:\Users\Marius\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Marius\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Marius\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Marius\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Marius\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Marius\ntuser.dat{73b76479-17ef-11e0-8f10-0022152d4f24}.TM.blf ()
O4 - Startup: C:\Users\Marius\ntuser.dat{73b76479-17ef-11e0-8f10-0022152d4f24}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Marius\ntuser.dat{73b76479-17ef-11e0-8f10-0022152d4f24}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Marius\ntuser.dat{bac50f20-4a59-11e0-a45e-0022152d4f24}.TM.blf ()
O4 - Startup: C:\Users\Marius\ntuser.dat{bac50f20-4a59-11e0-a45e-0022152d4f24}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Marius\ntuser.dat{bac50f20-4a59-11e0-a45e-0022152d4f24}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Marius\ntuser.ini ()
O4 - Startup: C:\Users\Marius\Pictures [2011-05-25 16:00:07 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Marius\PrintHood [2010-09-01 18:16:19 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Marius\profielfoto (1 of 1).jpg ()
O4 - Startup: C:\Users\Marius\Recent [2010-09-01 18:16:19 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Marius\sabnzbd [2011-01-28 12:36:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Marius\Saved Games [2011-04-08 15:44:53 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Marius\Searches [2010-12-30 22:42:07 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Marius\SendTo [2010-09-01 18:16:19 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Marius\Start Menu [2010-09-01 18:16:19 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Marius\Templates [2010-09-01 18:16:19 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Marius\Thumbs.db ()
O4 - Startup: C:\Users\Marius\Videos [2010-12-30 22:42:07 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\AppData [2011-08-21 00:23:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\CyberLink [2010-12-21 00:44:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\D-2785-7947-8747 [2002-01-01 07:09:57 | 000,000,000 | RHSD | M]
O4 - Startup: C:\Users\Public\Desktop [2011-07-23 23:48:03 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\desktop [2011-07-23 23:48:03 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010-08-30 23:00:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009-07-14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009-07-14 04:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2010-09-21 18:46:37 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009-07-14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2009-07-14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2011-05-18 18:46:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\S-3685-5437-5687 [2002-01-01 07:09:57 | 000,000,000 | RHSD | M]
O4 - Startup: C:\Users\Public\Videos [2009-07-14 06:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wim\Adobe Flash Builder 4 [2010-08-30 23:02:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Wim\AppData [2010-08-29 16:06:48 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Wim\Application Data [2010-08-29 16:06:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wim\Contacts [2010-08-29 16:30:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wim\Cookies [2010-08-29 16:06:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wim\CyberLink [2010-12-21 00:44:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Wim\Desktop [2011-03-08 16:22:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wim\My Documents [2010-08-29 16:06:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wim\Downloads [2011-03-09 17:10:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wim\Favorites [2010-08-29 16:30:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wim\Links [2010-08-29 16:30:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wim\Local Settings [2010-08-29 16:06:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wim\Music [2010-08-29 16:30:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wim\My Documents [2010-08-29 16:06:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wim\NetHood [2010-08-29 16:06:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wim\ntuser.dat ()
O4 - Startup: C:\Users\Wim\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Wim\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Wim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Wim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Wim\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Wim\ntuser.ini ()
O4 - Startup: C:\Users\Wim\Pictures [2010-11-13 17:42:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wim\PP_MOTION.TMP [2010-12-21 00:45:33 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Wim\PP_ROTATE_SLIDE.TMP [2010-12-21 00:44:40 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Wim\PrintHood [2010-08-29 16:06:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wim\Recent [2010-08-29 16:06:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wim\Saved Games [2010-08-29 16:30:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wim\Searches [2010-08-29 16:30:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wim\SendTo [2010-08-29 16:06:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wim\Start Menu [2010-08-29 16:06:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wim\Sti_Trace.log ()
O4 - Startup: C:\Users\Wim\Templates [2010-08-29 16:06:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wim\Videos [2010-08-29 16:30:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wytske\AppData [2010-09-03 15:53:54 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Wytske\Application Data [2010-09-03 15:53:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wytske\Contacts [2010-09-03 15:54:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wytske\Cookies [2010-09-03 15:53:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wytske\Desktop [2010-12-21 00:39:45 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wytske\My Documents [2010-09-03 15:53:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wytske\Downloads [2010-09-03 15:54:14 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wytske\Favorites [2010-09-03 15:54:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wytske\Links [2010-09-03 15:54:14 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wytske\Local Settings [2010-09-03 15:53:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wytske\Music [2010-09-03 15:54:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wytske\My Documents [2010-09-03 15:53:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wytske\NetHood [2010-09-03 15:53:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wytske\ntuser.dat ()
O4 - Startup: C:\Users\Wytske\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Wytske\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Wytske\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Wytske\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Wytske\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Wytske\ntuser.ini ()
O4 - Startup: C:\Users\Wytske\Pictures [2011-03-22 23:35:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wytske\PrintHood [2010-09-03 15:53:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wytske\Recent [2010-09-03 15:53:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wytske\Saved Games [2010-11-01 15:20:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wytske\Searches [2010-09-03 15:54:14 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Wytske\SendTo [2010-09-03 15:53:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wytske\Start Menu [2010-09-03 15:53:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wytske\Templates [2010-09-03 15:53:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Wytske\Videos [2010-09-03 15:54:13 | 000,000,000 | R--D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3157286681-3811045524-2669837648-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3157286681-3811045524-2669837648-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3157286681-3811045524-2669837648-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-08-21 00:23:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011-08-20 23:57:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-08-20 23:57:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-08-20 23:57:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-08-20 23:57:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-08-20 23:57:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-08-20 23:57:27 | 000,000,000 | ---D | C] -- \Qoobox
[2011-07-23 14:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-08-21 00:18:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011-08-21 00:12:58 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-08-21 00:12:58 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-08-21 00:08:42 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-08-21 00:08:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-08-21 00:08:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-08-21 00:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-08-21 00:04:18 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-15 02:20:19 | 000,000,156 | ---- | M] () -- C:\Users\Marius\defogger_reenable
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-08-20 23:57:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011-08-20 23:57:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011-08-20 23:57:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-08-20 23:57:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-08-20 23:57:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-08-15 02:20:19 | 000,000,156 | ---- | C] () -- C:\Users\Marius\defogger_reenable
[2011-07-16 10:49:38 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\scrrunn.dll
[2011-06-18 20:16:23 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2011-03-27 13:10:18 | 000,000,025 | -H-- | C] () -- C:\Windows\UBURN.DAT
[2011-01-29 19:10:04 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-01-29 19:09:54 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-01-29 19:09:50 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010-12-21 00:39:15 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010-10-30 18:01:19 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010-10-30 18:01:07 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010-10-30 18:01:07 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010-10-30 17:59:37 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010-08-30 01:54:21 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2010-08-30 01:54:19 | 000,383,562 | RHS- | C] () -- \bootmgr
[2010-08-29 15:57:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-08-29 15:55:34 | 3220,475,904 | -HS- | C] () -- \hiberfil.sys
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007-12-28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:39413AC3

< End of report >

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

• Double-click OTL.exe to start the program.
  
• Copy and Paste the following code into the textbox. Do not include the word Code
  

  :OTL
  [2011-07-16 10:49:38 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\scrrunn.dll
  :Files
  ipconfig /flushdns /c
  :Commands
  [PURITY] 
  [EMPTYTEMP]
  [EMPTYFLASH]
  [RESETHOSTS] 
  

  
  
• Then click the Run Fix button at the top.
  
• Click .
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

It seems to be fixed now! Thanks a lot. Could you let me know when it's ok for me to remove all the logs etc.?

ll processes killed
========== OTL ==========
C:\Windows\SysWOW64\scrrunn.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Marius\Desktop\cmd.bat deleted successfully.
C:\Users\Marius\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Anja
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: Marius
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

User: Wim
-> No Temporary Internet Files cache folder defined!

User: Wytske
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 590582 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb


[EMPTYFLASH]

User: All Users

User: Anja

User: Default

User: Default User

User: Marius

User: Public

User: Wim

User: Wytske

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.5 log created on 08212011_114042

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.1

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.


If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.

Your Java is out of date.

It can be updated by the Java control panel

• click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  
• An update should begin;
  
• follow the prompts

Clear your Java Cache

• click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
  
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
    
    
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    
  • Click OK to leave the Temporary Files Window
    
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

• Please download TFC to your desktop,
  
• Save any unsaved work. TFC will close all open application windows.
  
• Double-click TFC.exe to run the program.
  
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

I would like you to rerun MBAM


• Double-click mbam icon
  
• go to the update tab at the top
  
• click on check for updates
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

• Go Here to download HijackThis Installer
  
• Save HijackThis Installer to your desktop.
  
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
  
• Click on Install.
  
• It will create a HijackThis icon on the desktop.
  
• Once installed it will launch Hijackthis.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  
• Come back here to this thread and Paste the log in your next reply.
  
• DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

In your next post I need the following


• Log From MBAM
  
• report from Hijackthis
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

I uninstalled adobe reader successfully and already had foxit reader installed. I noticed that there was
also a program named "foxit pdf creator toolbar" installed with publisher ask.com so I uninstalled that.

When I tried to update Java it prompted: "You already have the latest JAVA™ platform on this system"

No problems running TFC, it removed a small amount af data (1 mb if i remember correctly)

MBAM also no problems, didn't find anything, log file:

Quote

When i installed HijackThis it tried to instal by default in "C:\Program Files (x86)\" so I changed it to the correct line "C:\Program Files\Trend Micro\HijackThis". It didn't launch automatically after installing.

I first tried to run it double-clicking the shortcut but that gave problems. It first prompted:

"It looks like you're running HijackThis from a read-only device like a CD
or locked floppy disk.If you want to make backups of items you fix, you
must copy HijackThis.exe to your hard disk first, and run it from there.

If you continue, you might get 'Path/file Acces' errors"

I clicked OK and tried to run it anyway and then it prompted:

"For some reason your system denied write acces to the Hosts file. If
any hijacked domains are in this file, HijackThis may NOT be able to fix
this.

If that happens you need to edit the file yourself. To do this click Start,
Run and type|

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them.
Save the file as 'hosts.' (with quotes), and reboot.

For Vista: simply, exit Hijack this, right click on the HijackThis icon,
choose 'run as administrator'."

I closed the application, went to the HijackThis.exe file and ran it as administrator.
It ran without problems. Logfile:

Quote

Finally the actual problem is still solved.

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

• Run HijackThis
  
• Click on the Scan button
  
• Put a check beside all of the items listed below (if present):
  
  
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  
  
  
  
• Close all open windows and browsers/email, etc...
  
• Click on the "Fix Checked" button
  
• When completed, close the application.
  
  
  NOTE**You can research each of those lines >here< and see if you want to keep them or not
  just copy the name between the brakets and paste into the search space
  O4 - HKLM\..\Run: [IntelliPoint]

If you have any problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  
  • Click Start
• When asked, allow the activex control to install
  
  • Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  
• Click on Advanced Settings, ensure the options
  
  Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
  
• Wait for the scan to finish
  
• Click on copy to clipboard and paste the results here in this topic
  
• you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic

Gringo

found 1 infected file.

C:\_OTL\MovedFiles\08212011_114042\C_Windows\SysWOW64\scrrunn.dll a variant of Win32/Kryptik.RLE trojan

I ticked "uninstall application on close.

Hello

The Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
  
• Click the Re-enable button to re-enable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger will now ask to reboot the machine - click OK

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

• turn off all active protection software
  
• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  
• please copy and past the following into the box ComboFix /Uninstall and click OK.
  
• Note the space between the X and the /Uninstall, it needs to be there.
  
• 

:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it by yourself.
  
• If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialise and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• When all these settings have been made, click on the OK button.
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  Next press the Apply button and then the OK to exit the Internet Properties page.

:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  
  
• Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  
  
• Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Gringo

Thanks a lot for al your help! It's very much appreciated.