Malware bytes log, please help!

T

T.N.G.A!!

New Member
I scanned with malware bytes and found over 300 infections, removed them, and restarted.

I am still experiencing problems with my computer. Malware bytes is NOT finding any additonal problems.. I do have a hijack this log for now

Please let me know what I can do to improve my computer it is very choppy and slow at regular intervals.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:05:27 PM, on 1/8/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\lyle\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe

--
End of file - 4155 bytes


Also, HJthis tells me It cannot access some host files
 
Can you post the malwarebytes log so I know what it deleted? And are you only experiencing slowness and choppiness? anything else?

Have you ran Ccleaner recently?

Can you also post an uninstall list from hijackthis. Open hijackthis and click on open misc tools section, then click on open uninstall manager, then click on save list and save it, then copy and paste it back here.
 
I did keep a copy of the original MB log with all the infections. There is again no point of posting a fresh one because it shows nothing.

My computer problem is basically just a little lag every few seconds that makes playing games or watching most videos very annoying, jumpy, and choppy. This computer has decent RAM, 150GB harddrive so I think it must be software related.

Here is the mb log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5485

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/8/2011 4:46:31 PM
mbam-log-2011-01-08 (16-46-31).txt

Scan type: Quick scan
Objects scanned: 129590
Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 1
Registry Keys Infected: 141
Registry Values Infected: 12
Registry Data Items Infected: 1
Folders Infected: 42
Files Infected: 129

Memory Processes Infected:
c:\program files\clickpotatolite\bin\10.0.630.0\clickpotatolitesa.exe (Adware.ClickPotato) -> 1564 -> Unloaded process successfully.
c:\program files\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> 844 -> Unloaded process successfully.
c:\program files\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> 1940 -> Unloaded process successfully.

Memory Modules Infected:
c:\program files\clickpotatolite\bin\10.0.630.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mp3Tube Toolbar Updater Service (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mp3Tube Toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HOMEPAGE PROTECTION SERVICE (Adware.Mp3Tube) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClickPotatoLiteSA (Adware.ClickPotato) -> Value: ClickPotatoLiteSA -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790476B1765D5131AA97 (Malware.Trace) -> Value: SRS_IT_E8790476B1765D5131AA97 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790476B376545A3EAF92 (Malware.Trace) -> Value: SRS_IT_E8790476B376545A3EAF92 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Homepage Protection Service\UninstallString (Adware.Mp3Tube) -> Value: UninstallString -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (ShopperReports) -> Value: [email protected] -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.HotBar) -> Value: [email protected] -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.ClickPotato) -> Value: [email protected] -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://go.microsoft.com/fwlink/?Lin...ltb04ie&clid=ce319fa296d64a8bac85f979a7037169) Good: (http://www.Google.com) -> Quarantined and deleted successfully.

Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\lyle\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\lyle\AppData\Roaming\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\Users\lyle\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.630.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.630.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.630.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.630.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.323.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.323.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.323.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.323.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected] (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather (Adware.Mp3Tube) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\clickpotatolite\bin\10.0.630.0\clickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.630.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\shopperreports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.630.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\mp3tubetb.dll (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.323.0\hblitesaax.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.630.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\lyle\downloads\filmfanatic.exe (PUP.FunWebProducts) -> Not selected for removal.
c:\Users\lyle\downloads\xvidsetup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\lyle\downloads\xvidsetup(3).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\lyle\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\resultbar\resultbar113.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.630.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.630.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.630.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.323.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\HBLite\bin\11.0.323.0\firefox\extensions\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\resultbar\resultbar.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\ffmpeg.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\ShowMsg.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\uninstall.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome.manifest (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\install.rdf (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content\constants.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content\convertvideo.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content\convertvideodlg.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content\convertvideodlg.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content\events.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content\savetomp3popup.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content\savetomp3popup.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content\tbcore.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content\toolbar.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content\weather.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content\weatherloc.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\content\weatherloc.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\arrow-grey.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\arrow_partner.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\arrow_small.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\bg.jpg (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\feeditem.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\logo.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\news_refresh.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\popupsearchmp3.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\popupwindow.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\savemp3_bg_hover.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\savemp3_bg_normal.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\savetomp3popup.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\toolbar.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\savemp3_disabled.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\arrow.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\arrow_big.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\btn_close.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\dailyhotdeals.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\divider.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\facebook.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\games.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\icon-RSS.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\news.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\plainbutton.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\savemp3.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\savemp3popup-musicicon.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\savemp3popup.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\saveyoutubevideos.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\screensaver.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\search.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\searchbar-grey-250.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\searchbox.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\separator_line.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\shopping.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\watermark.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\buttons\youtube.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\chance_of_rain.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\chance_of_snow.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\chance_of_storm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\chance_of_tstorm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\cloudy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\flurries.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\hazy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\mist.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\mostly_cloudy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\mostly_sunny.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\rain.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\sleet.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\snow.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\storm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\sunny.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\thunderstorm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\weatherbug.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\[email protected]\chrome\skin\weather\windy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

Yes, I have run crap cleaner to clean up the registry and any old files. I also lowered the graphic settings on the computer so I get the classic windows view. I am running windows 7 on this computer.

Here is the Uninstall info from hjthis :

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
CCleaner
D3DX10
DFOLauncher
DivX Setup
FoxIt PDF Reader 2.2.2129
Junk Mail filter update
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Mozilla Firefox (3.6.13)
MSVCRT
Nexon Game Manager
Pando Media Booster
VC80CRTRedist - 8.0.50727.4053
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 beta 1 (32-bit)

Thanks
 
With all that adware that it found i'm sure there are still remnants of it. Please do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
I thought so BUT I always wait for you guys to tell me before running combo fix. Running it right now and will post log immediatly.
 
Here :

ComboFix 11-01-08.03 - lyle 01/08/2011 19:10:45.1.1 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.447.127 [GMT -5:00]
Running from: c:\users\lyle\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 00:32 . 2011-01-09 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-09 00:07 . 2011-01-09 00:07 -------- d-----w- C:\32788R22FWJFW
2011-01-08 21:35 . 2011-01-08 21:35 -------- d-----w- c:\users\lyle\AppData\Roaming\Malwarebytes
2011-01-08 21:35 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-08 21:35 . 2011-01-08 21:35 -------- d-----w- c:\programdata\Malwarebytes
2011-01-08 21:35 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-08 21:35 . 2011-01-08 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-08 21:31 . 2011-01-08 21:32 -------- d-----w- c:\program files\CCleaner
2011-01-08 20:18 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B46B5D4-E178-42CB-ACF4-7CBD03F9EC5E}\mpengine.dll
2011-01-08 19:55 . 2011-01-08 20:00 -------- d-----w- c:\users\lyle\AppData\Roaming\NeopleLauncherDFO
2011-01-08 19:48 . 2011-01-08 19:48 -------- d-----w- C:\Nexon
2011-01-08 19:47 . 2011-01-08 19:47 -------- d-----w- c:\programdata\NexonUS
2011-01-08 18:57 . 2011-01-08 20:29 -------- d-----w- c:\users\lyle\AppData\Local\PMB Files
2011-01-08 18:57 . 2011-01-08 18:57 -------- d-----w- c:\programdata\PMB Files
2011-01-08 18:56 . 2011-01-08 18:56 -------- d-----w- c:\program files\Pando Networks
2011-01-08 16:24 . 2011-01-08 16:24 -------- d-----w- c:\users\lyle\AppData\Local\{4B712243-7434-468C-A190-2A210C8061FB}
2011-01-08 05:45 . 2011-01-08 05:45 -------- d-----w- c:\users\lyle\AppData\Local\{E736353A-9760-4A17-8D34-F0566F445FDF}
2011-01-05 23:26 . 2011-01-05 23:26 -------- d-----w- c:\users\lyle\AppData\Local\{05AFB701-5F04-44A1-B8DE-358CBC5190A4}
2011-01-05 22:20 . 2011-01-05 22:20 -------- d-----w- c:\users\lyle\AppData\Local\{FEBED784-594A-4312-83A4-437DA479DDF4}
2011-01-01 04:01 . 2011-01-01 04:01 -------- d-----w- c:\users\lyle\AppData\Local\{2DA7BED2-271E-472A-9A4C-6E0AEB72EC2D}
2010-12-31 21:44 . 2010-12-31 21:44 -------- d-----w- c:\users\lyle\AppData\Local\{B32E889A-944F-4B46-890B-546C8A112006}
2010-12-31 21:06 . 2010-12-31 21:06 -------- d-----w- c:\users\lyle\AppData\Local\{C6693CA9-EAA2-4ED7-B4EE-C03C1A29E16E}
2010-12-31 20:49 . 2010-12-31 20:49 -------- d-----w- c:\users\lyle\AppData\Local\{0DC31A00-8DE0-475C-BD67-74DFF73E149F}
2010-12-31 05:31 . 2010-12-31 05:32 -------- d-----w- c:\users\lyle\AppData\Local\{401052D8-9769-43A3-846A-4631EB5F360E}
2010-12-29 23:44 . 2010-12-30 15:37 -------- d-----w- c:\users\lyle\AppData\Local\{11ECC52C-BF35-46FA-B378-12DB7A837A03}
2010-12-29 22:57 . 2010-12-29 22:57 -------- d-----w- c:\users\lyle\AppData\Local\{9AD0B4DC-A2C9-44EA-8F0A-ADC8FD3248EA}
2010-12-29 22:38 . 2010-12-29 22:38 -------- d-----w- c:\users\lyle\AppData\Local\{C4426205-237B-4966-8B9C-0B8E4DC7AF19}
2010-12-28 21:42 . 2010-12-28 21:42 -------- d-----w- c:\users\lyle\AppData\Local\{F7E8A0D3-2325-4040-A39E-951E9F4E7BFD}
2010-12-26 03:23 . 2010-12-27 17:55 -------- d-----w- c:\users\lyle\AppData\Local\{5962916F-6AAE-41DB-86C6-02316C528C04}
2010-12-25 17:16 . 2010-12-25 17:16 -------- d-----w- C:\Mp3Tube_Downloads
2010-12-25 14:41 . 2010-12-25 14:41 -------- d-----w- c:\users\lyle\AppData\Local\{CD63D36F-276B-4B8E-8072-7E6B0F242B30}
2010-12-24 22:17 . 2010-12-24 22:17 -------- d-----w- c:\users\lyle\AppData\Local\{07BCCC62-E0FA-45D0-8AFB-5DE386CBD3EE}
2010-12-22 22:56 . 2010-12-22 22:57 -------- d-----w- c:\users\lyle\AppData\Local\{0AD27744-C3A4-417D-8B16-4BB99F3A2DE9}
2010-12-22 00:50 . 2010-12-22 00:51 -------- d-----w- c:\users\lyle\AppData\Local\{465DD4B6-DEF5-4795-AA0D-7563AC08188A}
2010-12-20 20:51 . 2010-12-20 20:51 -------- d-----w- c:\users\lyle\AppData\Local\{E71937EE-5133-42AE-8DE0-AEF0AE0E9289}
2010-12-20 07:47 . 2010-12-20 07:47 -------- d-----w- c:\users\lyle\AppData\Local\{F1E2F5BA-A60A-4091-BBCE-EC986BB5023C}
2010-12-19 16:41 . 2010-12-19 16:42 -------- d-----w- c:\users\lyle\AppData\Local\{C963FAAE-9E50-4D83-9E4F-10B19A89A44D}
2010-12-18 17:48 . 2010-12-18 17:48 -------- d-----w- c:\users\lyle\AppData\Local\{D37471D1-1090-4E0C-AA6B-155F47FA36D1}
2010-12-15 08:28 . 2010-12-15 08:28 -------- d-----w- c:\users\lyle\AppData\Local\{32461FD7-B9B7-48C7-AA28-3A8A694C5F23}
2010-12-15 08:28 . 2010-12-15 08:28 -------- d-----w- c:\users\lyle\AppData\Local\{1EEB95C0-7E11-445F-8BAF-345F812FD0A0}
2010-12-15 05:07 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-15 05:07 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 05:07 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 05:05 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 05:05 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 05:05 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-15 05:05 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-15 05:05 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 01:22 . 2010-12-15 01:22 -------- d-----w- c:\program files\FilmFanaticEI
2010-12-13 15:05 . 2010-12-13 15:05 -------- d-----w- c:\users\lyle\AppData\Local\{00595C87-EC84-4473-AD21-6FC9955BFD77}
2010-12-12 22:44 . 2010-12-12 22:44 -------- d-----w- c:\users\lyle\AppData\Local\{1BB3AEF5-7791-4960-8987-344A8380C64C}
2010-12-12 22:43 . 2011-01-08 22:42 -------- d-----w- c:\users\lyle\Tracing
2010-12-12 22:16 . 2010-12-12 22:16 -------- d-----w- c:\windows\en
2010-12-12 22:14 . 2010-09-23 05:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-12 22:14 . 2010-12-12 22:14 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-12 22:09 . 2010-12-12 22:09 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-12 21:59 . 2011-01-08 23:20 -------- d-----w- c:\program files\Microsoft
2010-12-12 21:55 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-12 21:55 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-12 21:55 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-12 21:53 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-12 21:40 . 2010-12-18 17:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-12 21:38 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-12-12 21:38 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-12-12 21:33 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-12-12 21:33 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-12-12 21:33 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-12-12 21:33 . 2010-12-12 21:33 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\363bad4e1cb9a4407\InstallManager_WLE_WLE.exe
2010-12-12 21:32 . 2010-12-12 21:32 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\215a7b401cb9a4406\MeshBetaRemover.exe
2010-12-12 21:32 . 2010-12-12 21:32 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\1d8ba5c11cb9a4405\DSETUP.dll
2010-12-12 21:32 . 2010-12-12 21:32 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\1d8ba5c11cb9a4405\DXSETUP.exe
2010-12-12 21:32 . 2010-12-12 21:32 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\1d8ba5c11cb9a4405\dsetup32.dll
2010-12-12 21:32 . 2010-12-12 21:32 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\15bc0f871cb9a4404\DXSETUP.exe
2010-12-12 21:32 . 2010-12-12 21:32 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\15bc0f871cb9a4404\dsetup32.dll
2010-12-12 21:32 . 2010-12-12 21:32 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\15bc0f871cb9a4404\DSETUP.dll
2010-12-12 21:32 . 2010-12-12 21:32 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\7d61c431cb9a4403\Silverlight.4.0.exe
2010-12-10 15:02 . 2010-12-10 15:02 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 00:55 . 2010-12-03 17:53 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-12-30 00:53 . 2010-12-03 17:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-12-30 00:53 . 2010-12-02 07:38 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-23 18:25 . 2010-12-02 07:51 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-12-23 18:23 . 2010-12-02 07:40 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-12-23 18:16 . 2010-12-02 07:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-12-05 13:30 . 2010-12-05 13:30 41680 ----a-w- c:\windows\system32\drivers\ehoidqaf.sys
2010-12-03 17:54 . 2010-12-03 17:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-11-10 07:54 . 2010-11-10 07:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-11-10 07:28 . 2010-11-10 07:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-10-19 15:41 . 2010-08-09 00:31 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.Google.com
FF - ProfilePath - c:\users\lyle\AppData\Roaming\Mozilla\Firefox\Profiles\n0jq47g8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuickFox Notes: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SeeMatrix: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2681544429-3595844605-1813567305-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-2681544429-3595844605-1813567305-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-08 19:36:36
ComboFix-quarantined-files.txt 2011-01-09 00:36

Pre-Run: 61,809,881,088 bytes free
Post-Run: 61,667,602,432 bytes free

- - End Of File - - E193B898F4BAE3962DED8A81D400D399
 
Looks like you've got a mess yet. I'm getting ready to sit down to eat so i'll reply later.
 
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Dirlook::
c:\users\lyle\AppData\Local\{4B712243-7434-468C-A190-2A210C8061FB}
c:\users\lyle\AppData\Local\{E736353A-9760-4A17-8D34-F0566F445FDF}
c:\users\lyle\AppData\Local\{05AFB701-5F04-44A1-B8DE-358CBC5190A4}
c:\users\lyle\AppData\Local\{FEBED784-594A-4312-83A4-437DA479DDF4}
c:\users\lyle\AppData\Local\{2DA7BED2-271E-472A-9A4C-6E0AEB72EC2D}
c:\users\lyle\AppData\Local\{B32E889A-944F-4B46-890B-546C8A112006}
c:\users\lyle\AppData\Local\{C6693CA9-EAA2-4ED7-B4EE-C03C1A29E16E}
c:\users\lyle\AppData\Local\{0DC31A00-8DE0-475C-BD67-74DFF73E149F}
c:\users\lyle\AppData\Local\{401052D8-9769-43A3-846A-4631EB5F360E}
c:\users\lyle\AppData\Local\{11ECC52C-BF35-46FA-B378-12DB7A837A03}
c:\users\lyle\AppData\Local\{9AD0B4DC-A2C9-44EA-8F0A-ADC8FD3248EA}
c:\users\lyle\AppData\Local\{C4426205-237B-4966-8B9C-0B8E4DC7AF19}
c:\users\lyle\AppData\Local\{F7E8A0D3-2325-4040-A39E-951E9F4E7BFD}
c:\users\lyle\AppData\Local\{5962916F-6AAE-41DB-86C6-02316C528C04}
c:\users\lyle\AppData\Local\{CD63D36F-276B-4B8E-8072-7E6B0F242B30}
c:\users\lyle\AppData\Local\{07BCCC62-E0FA-45D0-8AFB-5DE386CBD3EE}
c:\users\lyle\AppData\Local\{0AD27744-C3A4-417D-8B16-4BB99F3A2DE9}
c:\users\lyle\AppData\Local\{465DD4B6-DEF5-4795-AA0D-7563AC08188A}
c:\users\lyle\AppData\Local\{E71937EE-5133-42AE-8DE0-AEF0AE0E9289}
c:\users\lyle\AppData\Local\{F1E2F5BA-A60A-4091-BBCE-EC986BB5023C}
c:\users\lyle\AppData\Local\{C963FAAE-9E50-4D83-9E4F-10B19A89A44D}
c:\users\lyle\AppData\Local\{D37471D1-1090-4E0C-AA6B-155F47FA36D1}
c:\users\lyle\AppData\Local\{32461FD7-B9B7-48C7-AA28-3A8A694C5F23}
c:\users\lyle\AppData\Local\{1EEB95C0-7E11-445F-8BAF-345F812FD0A0}
c:\users\lyle\AppData\Local\{00595C87-EC84-4473-AD21-6FC9955BFD77}
c:\users\lyle\AppData\Local\{1BB3AEF5-7791-4960-8987-344A8380C64C}


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

I also need you to upload each of these files to www.virustotal.com and give me the links to each result.

c:\windows\system32\drivers\ehoidqaf.sys
c:\windows\system32\webio.dll
 
I'll start with Virusportal then give you the combofix log with CFSCRIPT.

http://www.virustotal.com/file-scan...45226882a8ae2da08e251963c819ca3c5c-1294262315

http://www.virustotal.com/file-scan...6c66207c6c819627ed112b2940fec746c8-1293032962

aComboFix 11-01-08.03 - lyle 01/08/2011 22:01:07.2.1 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.447.177 [GMT -5:00]
Running from: c:\users\lyle\Desktop\ComboFix.exe
Command switches used :: c:\users\lyle\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 03:10 . 2011-01-09 03:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-08 21:35 . 2011-01-08 21:35 -------- d-----w- c:\users\lyle\AppData\Roaming\Malwarebytes
2011-01-08 21:35 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-08 21:35 . 2011-01-08 21:35 -------- d-----w- c:\programdata\Malwarebytes
2011-01-08 21:35 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-08 21:35 . 2011-01-08 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-08 21:31 . 2011-01-08 21:32 -------- d-----w- c:\program files\CCleaner
2011-01-08 20:18 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B46B5D4-E178-42CB-ACF4-7CBD03F9EC5E}\mpengine.dll
2011-01-08 19:55 . 2011-01-08 20:00 -------- d-----w- c:\users\lyle\AppData\Roaming\NeopleLauncherDFO
2011-01-08 19:48 . 2011-01-08 19:48 -------- d-----w- C:\Nexon
2011-01-08 19:47 . 2011-01-08 19:47 -------- d-----w- c:\programdata\NexonUS
2011-01-08 18:57 . 2011-01-08 20:29 -------- d-----w- c:\users\lyle\AppData\Local\PMB Files
2011-01-08 18:57 . 2011-01-08 18:57 -------- d-----w- c:\programdata\PMB Files
2011-01-08 18:56 . 2011-01-08 18:56 -------- d-----w- c:\program files\Pando Networks
2011-01-08 16:24 . 2011-01-08 16:24 -------- d-----w- c:\users\lyle\AppData\Local\{4B712243-7434-468C-A190-2A210C8061FB}
2011-01-08 05:45 . 2011-01-08 05:45 -------- d-----w- c:\users\lyle\AppData\Local\{E736353A-9760-4A17-8D34-F0566F445FDF}
2011-01-05 23:26 . 2011-01-05 23:26 -------- d-----w- c:\users\lyle\AppData\Local\{05AFB701-5F04-44A1-B8DE-358CBC5190A4}
2011-01-05 22:20 . 2011-01-05 22:20 -------- d-----w- c:\users\lyle\AppData\Local\{FEBED784-594A-4312-83A4-437DA479DDF4}
2011-01-01 04:01 . 2011-01-01 04:01 -------- d-----w- c:\users\lyle\AppData\Local\{2DA7BED2-271E-472A-9A4C-6E0AEB72EC2D}
2010-12-31 21:44 . 2010-12-31 21:44 -------- d-----w- c:\users\lyle\AppData\Local\{B32E889A-944F-4B46-890B-546C8A112006}
2010-12-31 21:06 . 2010-12-31 21:06 -------- d-----w- c:\users\lyle\AppData\Local\{C6693CA9-EAA2-4ED7-B4EE-C03C1A29E16E}
2010-12-31 20:49 . 2010-12-31 20:49 -------- d-----w- c:\users\lyle\AppData\Local\{0DC31A00-8DE0-475C-BD67-74DFF73E149F}
2010-12-31 05:31 . 2010-12-31 05:32 -------- d-----w- c:\users\lyle\AppData\Local\{401052D8-9769-43A3-846A-4631EB5F360E}
2010-12-29 23:44 . 2010-12-30 15:37 -------- d-----w- c:\users\lyle\AppData\Local\{11ECC52C-BF35-46FA-B378-12DB7A837A03}
2010-12-29 22:57 . 2010-12-29 22:57 -------- d-----w- c:\users\lyle\AppData\Local\{9AD0B4DC-A2C9-44EA-8F0A-ADC8FD3248EA}
2010-12-29 22:38 . 2010-12-29 22:38 -------- d-----w- c:\users\lyle\AppData\Local\{C4426205-237B-4966-8B9C-0B8E4DC7AF19}
2010-12-28 21:42 . 2010-12-28 21:42 -------- d-----w- c:\users\lyle\AppData\Local\{F7E8A0D3-2325-4040-A39E-951E9F4E7BFD}
2010-12-26 03:23 . 2010-12-27 17:55 -------- d-----w- c:\users\lyle\AppData\Local\{5962916F-6AAE-41DB-86C6-02316C528C04}
2010-12-25 17:16 . 2010-12-25 17:16 -------- d-----w- C:\Mp3Tube_Downloads
2010-12-25 14:41 . 2010-12-25 14:41 -------- d-----w- c:\users\lyle\AppData\Local\{CD63D36F-276B-4B8E-8072-7E6B0F242B30}
2010-12-24 22:17 . 2010-12-24 22:17 -------- d-----w- c:\users\lyle\AppData\Local\{07BCCC62-E0FA-45D0-8AFB-5DE386CBD3EE}
2010-12-22 22:56 . 2010-12-22 22:57 -------- d-----w- c:\users\lyle\AppData\Local\{0AD27744-C3A4-417D-8B16-4BB99F3A2DE9}
2010-12-22 00:50 . 2010-12-22 00:51 -------- d-----w- c:\users\lyle\AppData\Local\{465DD4B6-DEF5-4795-AA0D-7563AC08188A}
2010-12-20 20:51 . 2010-12-20 20:51 -------- d-----w- c:\users\lyle\AppData\Local\{E71937EE-5133-42AE-8DE0-AEF0AE0E9289}
2010-12-20 07:47 . 2010-12-20 07:47 -------- d-----w- c:\users\lyle\AppData\Local\{F1E2F5BA-A60A-4091-BBCE-EC986BB5023C}
2010-12-19 16:41 . 2010-12-19 16:42 -------- d-----w- c:\users\lyle\AppData\Local\{C963FAAE-9E50-4D83-9E4F-10B19A89A44D}
2010-12-18 17:48 . 2010-12-18 17:48 -------- d-----w- c:\users\lyle\AppData\Local\{D37471D1-1090-4E0C-AA6B-155F47FA36D1}
2010-12-15 08:28 . 2010-12-15 08:28 -------- d-----w- c:\users\lyle\AppData\Local\{32461FD7-B9B7-48C7-AA28-3A8A694C5F23}
2010-12-15 08:28 . 2010-12-15 08:28 -------- d-----w- c:\users\lyle\AppData\Local\{1EEB95C0-7E11-445F-8BAF-345F812FD0A0}
2010-12-15 05:07 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-15 05:07 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 05:07 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 05:05 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 05:05 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 05:05 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-15 05:05 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-15 05:05 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 01:22 . 2010-12-15 01:22 -------- d-----w- c:\program files\FilmFanaticEI
2010-12-13 15:05 . 2010-12-13 15:05 -------- d-----w- c:\users\lyle\AppData\Local\{00595C87-EC84-4473-AD21-6FC9955BFD77}
2010-12-12 22:44 . 2010-12-12 22:44 -------- d-----w- c:\users\lyle\AppData\Local\{1BB3AEF5-7791-4960-8987-344A8380C64C}
2010-12-12 22:43 . 2011-01-09 00:39 -------- d-----w- c:\users\lyle\Tracing
2010-12-12 22:16 . 2010-12-12 22:16 -------- d-----w- c:\windows\en
2010-12-12 22:14 . 2010-09-23 05:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-12 22:14 . 2010-12-12 22:14 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-12 22:09 . 2010-12-12 22:09 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-12 21:59 . 2011-01-08 23:20 -------- d-----w- c:\program files\Microsoft
2010-12-12 21:55 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-12 21:55 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-12 21:55 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-12 21:53 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-12 21:40 . 2010-12-18 17:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-12 21:38 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-12-12 21:38 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-12-12 21:33 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-12-12 21:33 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-12-12 21:33 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-12-12 21:33 . 2010-12-12 21:33 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\363bad4e1cb9a4407\InstallManager_WLE_WLE.exe
2010-12-12 21:32 . 2010-12-12 21:32 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\215a7b401cb9a4406\MeshBetaRemover.exe
2010-12-12 21:32 . 2010-12-12 21:32 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\1d8ba5c11cb9a4405\DSETUP.dll
2010-12-12 21:32 . 2010-12-12 21:32 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\1d8ba5c11cb9a4405\DXSETUP.exe
2010-12-12 21:32 . 2010-12-12 21:32 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\1d8ba5c11cb9a4405\dsetup32.dll
2010-12-12 21:32 . 2010-12-12 21:32 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\15bc0f871cb9a4404\DXSETUP.exe
2010-12-12 21:32 . 2010-12-12 21:32 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\15bc0f871cb9a4404\dsetup32.dll
2010-12-12 21:32 . 2010-12-12 21:32 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\15bc0f871cb9a4404\DSETUP.dll
2010-12-12 21:32 . 2010-12-12 21:32 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\7d61c431cb9a4403\Silverlight.4.0.exe
2010-12-10 15:02 . 2010-12-10 15:02 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 00:55 . 2010-12-03 17:53 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-12-30 00:53 . 2010-12-03 17:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-12-30 00:53 . 2010-12-02 07:38 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-23 18:25 . 2010-12-02 07:51 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-12-23 18:23 . 2010-12-02 07:40 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-12-23 18:16 . 2010-12-02 07:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-12-05 13:30 . 2010-12-05 13:30 41680 ----a-w- c:\windows\system32\drivers\ehoidqaf.sys
2010-12-03 17:54 . 2010-12-03 17:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-11-10 07:54 . 2010-11-10 07:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-11-10 07:28 . 2010-11-10 07:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-10-19 15:41 . 2010-08-09 00:31 222080 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\lyle\AppData\Local\{00595C87-EC84-4473-AD21-6FC9955BFD77} ----


---- Directory of c:\users\lyle\AppData\Local\{05AFB701-5F04-44A1-B8DE-358CBC5190A4} ----


---- Directory of c:\users\lyle\AppData\Local\{07BCCC62-E0FA-45D0-8AFB-5DE386CBD3EE} ----


---- Directory of c:\users\lyle\AppData\Local\{0AD27744-C3A4-417D-8B16-4BB99F3A2DE9} ----


---- Directory of c:\users\lyle\AppData\Local\{0DC31A00-8DE0-475C-BD67-74DFF73E149F} ----


---- Directory of c:\users\lyle\AppData\Local\{11ECC52C-BF35-46FA-B378-12DB7A837A03} ----


---- Directory of c:\users\lyle\AppData\Local\{1BB3AEF5-7791-4960-8987-344A8380C64C} ----


---- Directory of c:\users\lyle\AppData\Local\{1EEB95C0-7E11-445F-8BAF-345F812FD0A0} ----


---- Directory of c:\users\lyle\AppData\Local\{2DA7BED2-271E-472A-9A4C-6E0AEB72EC2D} ----


---- Directory of c:\users\lyle\AppData\Local\{32461FD7-B9B7-48C7-AA28-3A8A694C5F23} ----

2010-12-15 08:28 . 2010-12-15 08:28 65536 ----atw- c:\users\lyle\AppData\Local\{32461FD7-B9B7-48C7-AA28-3A8A694C5F23}\wls1.tmp

---- Directory of c:\users\lyle\AppData\Local\{401052D8-9769-43A3-846A-4631EB5F360E} ----


---- Directory of c:\users\lyle\AppData\Local\{465DD4B6-DEF5-4795-AA0D-7563AC08188A} ----


---- Directory of c:\users\lyle\AppData\Local\{4B712243-7434-468C-A190-2A210C8061FB} ----


---- Directory of c:\users\lyle\AppData\Local\{5962916F-6AAE-41DB-86C6-02316C528C04} ----


---- Directory of c:\users\lyle\AppData\Local\{9AD0B4DC-A2C9-44EA-8F0A-ADC8FD3248EA} ----


---- Directory of c:\users\lyle\AppData\Local\{B32E889A-944F-4B46-890B-546C8A112006} ----


---- Directory of c:\users\lyle\AppData\Local\{C4426205-237B-4966-8B9C-0B8E4DC7AF19} ----


---- Directory of c:\users\lyle\AppData\Local\{C6693CA9-EAA2-4ED7-B4EE-C03C1A29E16E} ----


---- Directory of c:\users\lyle\AppData\Local\{C963FAAE-9E50-4D83-9E4F-10B19A89A44D} ----


---- Directory of c:\users\lyle\AppData\Local\{CD63D36F-276B-4B8E-8072-7E6B0F242B30} ----


---- Directory of c:\users\lyle\AppData\Local\{D37471D1-1090-4E0C-AA6B-155F47FA36D1} ----


---- Directory of c:\users\lyle\AppData\Local\{E71937EE-5133-42AE-8DE0-AEF0AE0E9289} ----


---- Directory of c:\users\lyle\AppData\Local\{E736353A-9760-4A17-8D34-F0566F445FDF} ----


---- Directory of c:\users\lyle\AppData\Local\{F1E2F5BA-A60A-4091-BBCE-EC986BB5023C} ----


---- Directory of c:\users\lyle\AppData\Local\{F7E8A0D3-2325-4040-A39E-951E9F4E7BFD} ----


---- Directory of c:\users\lyle\AppData\Local\{FEBED784-594A-4312-83A4-437DA479DDF4} ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.Google.com
FF - ProfilePath - c:\users\lyle\AppData\Roaming\Mozilla\Firefox\Profiles\n0jq47g8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuickFox Notes: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SeeMatrix: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2681544429-3595844605-1813567305-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-2681544429-3595844605-1813567305-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-08 22:14:01
ComboFix-quarantined-files.txt 2011-01-09 03:13
ComboFix2.txt 2011-01-09 00:36

Pre-Run: 61,684,531,200 bytes free
Post-Run: 61,638,836,224 bytes free

- - End Of File - - 89CDAFB883D4A92C41DB12FD9EBE51E8
 
Oh by the way I clicked VIEW LAST REPORT on Virustotal and gave you the link.

I now realize there is a "re analyze" option, I will be posting the results of that aswell

edit : I think both give me the same results because this file was submitted in the past or so it says... Im confused with virus total.
 
Last edited:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Folder::

c:\users\lyle\AppData\Local\{4B712243-7434-468C-A190-2A210C8061FB}
c:\users\lyle\AppData\Local\{E736353A-9760-4A17-8D34-F0566F445FDF}
c:\users\lyle\AppData\Local\{05AFB701-5F04-44A1-B8DE-358CBC5190A4}
c:\users\lyle\AppData\Local\{FEBED784-594A-4312-83A4-437DA479DDF4}
c:\users\lyle\AppData\Local\{2DA7BED2-271E-472A-9A4C-6E0AEB72EC2D}
c:\users\lyle\AppData\Local\{B32E889A-944F-4B46-890B-546C8A112006}
c:\users\lyle\AppData\Local\{C6693CA9-EAA2-4ED7-B4EE-C03C1A29E16E}
c:\users\lyle\AppData\Local\{0DC31A00-8DE0-475C-BD67-74DFF73E149F}
c:\users\lyle\AppData\Local\{401052D8-9769-43A3-846A-4631EB5F360E}
c:\users\lyle\AppData\Local\{11ECC52C-BF35-46FA-B378-12DB7A837A03}
c:\users\lyle\AppData\Local\{9AD0B4DC-A2C9-44EA-8F0A-ADC8FD3248EA}
c:\users\lyle\AppData\Local\{C4426205-237B-4966-8B9C-0B8E4DC7AF19}
c:\users\lyle\AppData\Local\{F7E8A0D3-2325-4040-A39E-951E9F4E7BFD}
c:\users\lyle\AppData\Local\{5962916F-6AAE-41DB-86C6-02316C528C04}
c:\users\lyle\AppData\Local\{CD63D36F-276B-4B8E-8072-7E6B0F242B30}
c:\users\lyle\AppData\Local\{07BCCC62-E0FA-45D0-8AFB-5DE386CBD3EE}
c:\users\lyle\AppData\Local\{0AD27744-C3A4-417D-8B16-4BB99F3A2DE9}
c:\users\lyle\AppData\Local\{465DD4B6-DEF5-4795-AA0D-7563AC08188A}
c:\users\lyle\AppData\Local\{E71937EE-5133-42AE-8DE0-AEF0AE0E9289}
c:\users\lyle\AppData\Local\{F1E2F5BA-A60A-4091-BBCE-EC986BB5023C}
c:\users\lyle\AppData\Local\{C963FAAE-9E50-4D83-9E4F-10B19A89A44D}
c:\users\lyle\AppData\Local\{D37471D1-1090-4E0C-AA6B-155F47FA36D1}
c:\users\lyle\AppData\Local\{32461FD7-B9B7-48C7-AA28-3A8A694C5F23}
c:\users\lyle\AppData\Local\{1EEB95C0-7E11-445F-8BAF-345F812FD0A0}
c:\users\lyle\AppData\Local\{00595C87-EC84-4473-AD21-6FC9955BFD77}
c:\users\lyle\AppData\Local\{1BB3AEF5-7791-4960-8987-344A8380C64C}

Reglock::

[HKEY_USERS\S-1-5-21-2681544429-3595844605-1813567305-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-2681544429-3595844605-1813567305-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.vcf\UserChoice]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
Latest combofix log :

ComboFix 11-01-08.03 - lyle 01/08/2011 23:14:52.3.1 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.447.162 [GMT -5:00]
Running from: c:\users\lyle\Desktop\ComboFix.exe
Command switches used :: c:\users\lyle\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\lyle\AppData\Local\{00595C87-EC84-4473-AD21-6FC9955BFD77}
c:\users\lyle\AppData\Local\{05AFB701-5F04-44A1-B8DE-358CBC5190A4}
c:\users\lyle\AppData\Local\{07BCCC62-E0FA-45D0-8AFB-5DE386CBD3EE}
c:\users\lyle\AppData\Local\{0AD27744-C3A4-417D-8B16-4BB99F3A2DE9}
c:\users\lyle\AppData\Local\{0DC31A00-8DE0-475C-BD67-74DFF73E149F}
c:\users\lyle\AppData\Local\{11ECC52C-BF35-46FA-B378-12DB7A837A03}
c:\users\lyle\AppData\Local\{1BB3AEF5-7791-4960-8987-344A8380C64C}
c:\users\lyle\AppData\Local\{1EEB95C0-7E11-445F-8BAF-345F812FD0A0}
c:\users\lyle\AppData\Local\{2DA7BED2-271E-472A-9A4C-6E0AEB72EC2D}
c:\users\lyle\AppData\Local\{32461FD7-B9B7-48C7-AA28-3A8A694C5F23}
c:\users\lyle\AppData\Local\{32461FD7-B9B7-48C7-AA28-3A8A694C5F23}\wls1.tmp
c:\users\lyle\AppData\Local\{401052D8-9769-43A3-846A-4631EB5F360E}
c:\users\lyle\AppData\Local\{465DD4B6-DEF5-4795-AA0D-7563AC08188A}
c:\users\lyle\AppData\Local\{4B712243-7434-468C-A190-2A210C8061FB}
c:\users\lyle\AppData\Local\{5962916F-6AAE-41DB-86C6-02316C528C04}
c:\users\lyle\AppData\Local\{9AD0B4DC-A2C9-44EA-8F0A-ADC8FD3248EA}
c:\users\lyle\AppData\Local\{B32E889A-944F-4B46-890B-546C8A112006}
c:\users\lyle\AppData\Local\{C4426205-237B-4966-8B9C-0B8E4DC7AF19}
c:\users\lyle\AppData\Local\{C6693CA9-EAA2-4ED7-B4EE-C03C1A29E16E}
c:\users\lyle\AppData\Local\{C963FAAE-9E50-4D83-9E4F-10B19A89A44D}
c:\users\lyle\AppData\Local\{CD63D36F-276B-4B8E-8072-7E6B0F242B30}
c:\users\lyle\AppData\Local\{D37471D1-1090-4E0C-AA6B-155F47FA36D1}
c:\users\lyle\AppData\Local\{E71937EE-5133-42AE-8DE0-AEF0AE0E9289}
c:\users\lyle\AppData\Local\{E736353A-9760-4A17-8D34-F0566F445FDF}
c:\users\lyle\AppData\Local\{F1E2F5BA-A60A-4091-BBCE-EC986BB5023C}
c:\users\lyle\AppData\Local\{F7E8A0D3-2325-4040-A39E-951E9F4E7BFD}
c:\users\lyle\AppData\Local\{FEBED784-594A-4312-83A4-437DA479DDF4}

.
((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 04:26 . 2011-01-09 04:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-09 03:45 . 2008-12-03 22:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2011-01-09 03:45 . 2011-01-09 03:46 -------- d-----w- c:\program files\Driver Checker
2011-01-08 21:35 . 2011-01-08 21:35 -------- d-----w- c:\users\lyle\AppData\Roaming\Malwarebytes
2011-01-08 21:35 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-08 21:35 . 2011-01-08 21:35 -------- d-----w- c:\programdata\Malwarebytes
2011-01-08 21:35 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-08 21:35 . 2011-01-08 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-08 21:31 . 2011-01-08 21:32 -------- d-----w- c:\program files\CCleaner
2011-01-08 20:18 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B46B5D4-E178-42CB-ACF4-7CBD03F9EC5E}\mpengine.dll
2011-01-08 19:55 . 2011-01-08 20:00 -------- d-----w- c:\users\lyle\AppData\Roaming\NeopleLauncherDFO
2011-01-08 19:48 . 2011-01-08 19:48 -------- d-----w- C:\Nexon
2011-01-08 19:47 . 2011-01-08 19:47 -------- d-----w- c:\programdata\NexonUS
2011-01-08 18:57 . 2011-01-08 20:29 -------- d-----w- c:\users\lyle\AppData\Local\PMB Files
2011-01-08 18:57 . 2011-01-08 18:57 -------- d-----w- c:\programdata\PMB Files
2011-01-08 18:56 . 2011-01-08 18:56 -------- d-----w- c:\program files\Pando Networks
2010-12-25 17:16 . 2010-12-25 17:16 -------- d-----w- C:\Mp3Tube_Downloads
2010-12-15 05:07 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-15 05:07 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 05:07 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 05:05 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 05:05 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 05:05 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-15 05:05 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-15 05:05 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 01:22 . 2010-12-15 01:22 -------- d-----w- c:\program files\FilmFanaticEI
2010-12-12 22:43 . 2011-01-09 03:24 -------- d-----w- c:\users\lyle\Tracing
2010-12-12 22:16 . 2010-12-12 22:16 -------- d-----w- c:\windows\en
2010-12-12 22:14 . 2010-09-23 05:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-12 22:14 . 2010-12-12 22:14 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-12 22:09 . 2010-12-12 22:09 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-12 21:59 . 2011-01-08 23:20 -------- d-----w- c:\program files\Microsoft
2010-12-12 21:55 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-12 21:55 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-12 21:55 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-12 21:53 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-12 21:40 . 2010-12-18 17:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-12 21:38 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-12-12 21:38 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-12-12 21:33 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-12-12 21:33 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-12-12 21:33 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-12-12 21:33 . 2010-12-12 21:33 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\363bad4e1cb9a4407\InstallManager_WLE_WLE.exe
2010-12-12 21:32 . 2010-12-12 21:32 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\215a7b401cb9a4406\MeshBetaRemover.exe
2010-12-12 21:32 . 2010-12-12 21:32 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\1d8ba5c11cb9a4405\DSETUP.dll
2010-12-12 21:32 . 2010-12-12 21:32 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\1d8ba5c11cb9a4405\DXSETUP.exe
2010-12-12 21:32 . 2010-12-12 21:32 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\1d8ba5c11cb9a4405\dsetup32.dll
2010-12-12 21:32 . 2010-12-12 21:32 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\15bc0f871cb9a4404\DXSETUP.exe
2010-12-12 21:32 . 2010-12-12 21:32 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\15bc0f871cb9a4404\dsetup32.dll
2010-12-12 21:32 . 2010-12-12 21:32 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\15bc0f871cb9a4404\DSETUP.dll
2010-12-12 21:32 . 2010-12-12 21:32 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\7d61c431cb9a4403\Silverlight.4.0.exe
2010-12-10 15:02 . 2010-12-10 15:02 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 00:55 . 2010-12-03 17:53 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-12-30 00:53 . 2010-12-03 17:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-12-30 00:53 . 2010-12-02 07:38 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-23 18:25 . 2010-12-02 07:51 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-12-23 18:23 . 2010-12-02 07:40 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-12-23 18:16 . 2010-12-02 07:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-12-05 13:30 . 2010-12-05 13:30 41680 ----a-w- c:\windows\system32\drivers\ehoidqaf.sys
2010-12-03 17:54 . 2010-12-03 17:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-11-10 07:54 . 2010-11-10 07:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-11-10 07:28 . 2010-11-10 07:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-10-19 15:41 . 2010-08-09 00:31 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.Google.com
FF - ProfilePath - c:\users\lyle\AppData\Roaming\Mozilla\Firefox\Profiles\n0jq47g8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuickFox Notes: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SeeMatrix: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2681544429-3595844605-1813567305-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-2681544429-3595844605-1813567305-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-08 23:36:06
ComboFix-quarantined-files.txt 2011-01-09 04:36
ComboFix2.txt 2011-01-09 03:14
ComboFix3.txt 2011-01-09 00:36

Pre-Run: 61,617,700,864 bytes free
Post-Run: 61,332,578,304 bytes free

- - End Of File - - 30D7906F500A451725DF1A8E48142795
 
just a quick bump, I posted the latest combofix log, computer is running faster for websites and the like.

However I still have some choppiness with video and games. I just wanted to fix spyware issues first so I could eliminate those as the reason for the problem.

The situation is this, basically even 32bit games like SUPER NINTENDO EMULATOR lag every 2-3 seconds, making them unplayable. I wish I knew why. I doubt it has anything to do with hardware, this computer is more than set up to play games from the early 90s.

I hear a lot about "drivers" when I search google for an answer, I know nothing about them, I probably should learn about that and explore it as an angle as well for this computer's performance.

I think combofix got all the viruses, but again you have the log above if there are any further steps to follow.
 
Well, your definately not infected anymore. You may want to try updating your drivers, that may help.
 
You must log in or register to reply here.
Back
Top