Ok, here's the deal. This morning I woke up and I had errors on my screen about bad sectors on my HDD, that it cant be read and such. I closed out of them and then my PC restarted on its on. I magically had a program called Windows Repair or some crap like that. I know I never installed it, I know better. Anyway I cant see my documents, my desktop, files on my C: drive nothing at all. I click start and nothings listed. I did some searching around and saw a post with the same problem and he was getting help from SuperDave. I followed the steps he listed and did everything to the T. He was looking for the txt files in his next post, BUT tazzicus next post said all he had to do was show hidden files. Ok great, that shows everything in my documents, C: drive. What its not doing is my desktop (I cons and folders I had) when I click start, theres nothing there still. So here are the logs generated from the list I followed.
SUPERAntiSpyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 04/29/2011 at 09:17 PM
Application Version : 4.51.1000
Core Rules Database Version : 6959
Trace Rules Database Version: 4771
Scan type : Complete Scan
Total Scan Time : 00:52:32
Memory items scanned : 605
Memory threats detected : 0
Registry items scanned : 12926
Registry threats detected : 2
File items scanned : 140624
File threats detected : 81
Adware.Tracking Cookie
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@chitika[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@statcounter[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@mediabrandsww[2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][4].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][3].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@mediaplex[3].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@adinterax[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@legolas-media[2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@adxpose[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@clickbank[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@casalemedia[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@eyewonder[2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@fastclick[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@doubleclick[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@zedo[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][3].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@interclick[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@revsci[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@invitemedia[2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@hitbox[2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@collective-media[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@media6degrees[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@imrworldwide[2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@yieldmanager[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@questionmarket[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@advertising[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@specificclick[2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@apmebf[3].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@atdmt[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@adbrite[4].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@invitemedia[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
badassteens.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
classic.pornpros.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
crackle.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
media.mtvnservices.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
objects.tremormedia.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
players.biemedia.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
secure-us.imrworldwide.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
sftrack.searchforce.net [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
teenmodels.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
track.webgains.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
www.lettherebeporn.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
www.naiadsystems.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
www.pornhub.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
www.sexypattycake.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
www.teenmodels.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
www.watchgfporn.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][3].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@adbrite[2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@adbrite[3].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@apmebf[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@media6degrees[2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@mediabrandsww[1].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@mediaplex[2].txt
C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@ru4[1].txt
Disabled.TaskManager
(x86) HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
(x86) HKU\S-1-5-21-111940604-2834491754-2609676545-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
Trojan.Agent/Gen-FakeAntiSpy
C:\USERS\GHALEON\APPDATA\LOCAL\TEMP\ADOBE_FLASH_PLAYER.EXE
C:\USERS\GHALEON\APPDATA\LOCAL\TEMP\LDR5B52.TMP
C:\Windows\Prefetch\ADOBE_FLASH_PLAYER.EXE-BCBDAE8B.pf
Malwarebytes
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.orgDatabase version: 6476
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
4/29/2011 9:48:27 PM
mbam-log-2011-04-29 (21-48-27).txt
Scan type: Full scan (C:\|)
Objects scanned: 298440
Time elapsed: 21 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
c:\Users\Ghaleon\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.
Files Infected:
c:\Users\Ghaleon\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Ghaleon\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Ghaleon\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
DDS
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Ghaleon at 21:52:18.64 on Fri 04/29/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2641 [GMT -4:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\wmi64.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
C:\Users\Ghaleon\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
uRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
StartupFolder: C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Ghaleon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ghaleon\AppData\Roaming\Mozilla\Firefox\Profiles\r1twoiy8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\kavlinkfilter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: *Blocked Russian URL* - C:\Program Files (x86)\Mozilla *Blocked Russian URL*
FF - Ext: Kaspersky URL Advisor: *Blocked Russian URL* - C:\Program Files (x86)\Mozilla *Blocked Russian URL*
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-1-19 37456]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-2-10 376400]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-2-15 7421280]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-10-5 365336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-3-30 118352]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2011-2-26 21072]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 WRfiltv;WRfiltv;C:\Windows\System32\drivers\WRfiltv.sys [2011-2-26 25600]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-2-26 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-2-26 79360]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
.
=============== Created Last 30 ================
.
2011-04-30 01:25:04 -------- d-----w- C:\Users\Ghaleon\AppData\Roaming\Malwarebytes
2011-04-30 01:24:56 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-30 01:24:56 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-30 01:24:52 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-30 01:24:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-30 00:20:28 -------- d-----w- C:\Users\Ghaleon\AppData\Roaming\SUPERAntiSpyware.com
2011-04-30 00:20:28 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-04-30 00:20:23 -------- d-----w- C:\PROGRA~3\!SASCORE
2011-04-30 00:20:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-04-29 13:54:44 109240 ----a-w- C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\abhelperxpcom.dll
2011-04-29 13:54:42 150200 ----a-w- C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\kavlinkfilter.dll
2011-04-29 12:02:17 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-04-29 12:02:17 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2011-04-29 11:58:13 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2011-04-29 11:40:26 -------- d--h--w- C:\$AVG
2011-04-29 11:34:18 -------- d--h--w- C:\Users\Ghaleon\AppData\Roaming\AVG10
2011-04-29 11:33:27 -------- d--h--w- C:\PROGRA~3\Common Files
2011-04-29 11:33:20 -------- d--h--w- C:\Windows\SysWow64\drivers\AVG
2011-04-29 11:32:56 -------- d--h--w- C:\PROGRA~3\AVG10
2011-04-29 11:32:56 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-04-29 11:21:13 -------- d--h--w- C:\PROGRA~3\MFAData
2011-04-29 11:12:18 7947600 ---ha-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-04-29 11:12:16 8802128 ---ha-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3260B530-FCFD-4BF9-82FE-48317C7DC5F4}\mpengine.dll
2011-04-26 19:50:51 -------- d--h--w- C:\Program Files (x86)\TuneUpMedia
2011-04-22 02:14:57 -------- d--h--w- C:\Users\Ghaleon\AppData\Local\ElevatedDiagnostics
2011-04-20 14:21:45 -------- d--h--w- C:\Users\Ghaleon\AppData\Roaming\LimeWire
2011-04-20 14:19:57 411368 ---ha-w- C:\Windows\SysWow64\deploytk.dll
2011-04-20 14:19:57 411368 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
2011-04-20 14:19:09 -------- d--h--w- C:\Program Files (x86)\LimeWire
2011-04-20 00:29:18 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
2011-04-20 00:29:18 2297552 ---ha-w- C:\Windows\SysWow64\d3dx9_26.dll
2011-04-20 00:29:06 -------- d--h--w- C:\Temp
2011-04-20 00:27:39 -------- d--h--w- C:\Users\Ghaleon\AppData\Roaming\Wizards of the Coast
2011-04-20 00:27:10 -------- d--h--w- C:\Program Files (x86)\Wizards of the Coast
2011-04-19 21:30:28 -------- d--h--w- C:\Program Files\iTunes
2011-04-19 21:30:28 -------- d--h--w- C:\Program Files\iPod
2011-04-19 21:27:45 -------- d--h--w- C:\Program Files\Bonjour
2011-04-19 21:27:45 -------- d--h--w- C:\Program Files (x86)\Bonjour
2011-04-06 20:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 20:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 20:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 20:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 20:20:16 91424 ---ha-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 20:20:16 75040 ---ha-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 20:20:16 197920 ---ha-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 20:20:16 107808 ---ha-w- C:\Windows\SysWow64\dns-sd.exe
2011-04-05 04:15:14 -------- d--h--w- C:\Program Files (x86)\CamStudio
2011-04-04 14:00:10 -------- d--h--w- C:\Users\Ghaleon\AppData\Roaming\TuneUpMedia
2011-04-04 13:59:59 -------- d--h--w- C:\PROGRA~3\TuneUpMedia
2011-03-31 02:40:15 -------- d--h--r- C:\Program Files (x86)\Skype
.
==================== Find3M ====================
.
2011-03-30 21:17:00 118352 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-03-15 04:30:42 86016 ---ha-w- C:\Windows\SysWow64\frapsvid.dll
2011-03-15 04:30:38 84992 ----a-w- C:\Windows\System32\frapsv64.dll
2011-03-01 18:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-02-26 05:51:32 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-02-26 05:51:32 444952 ---ha-w- C:\Windows\SysWow64\wrap_oal.dll
2011-02-26 05:51:32 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-02-26 05:51:32 109080 ---ha-w- C:\Windows\SysWow64\OpenAL32.dll
2011-02-22 12:12:46 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2011-02-18 20:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 20:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-10 11:53:58 376400 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-02-10 11:53:34 29264 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2011-02-02 22:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 21:53:05.86 ===============
So I hope to get a faster response since I did all the steps already lol. Thanks in advance. If you have any questions I will respond within 5min of you posting as well.