This is our problem:
When we want to browse the internet, Our browser (Google Chrome) sometimes redirects us to api.mybrowserbar.com and it says that we can't connect to the internet. I thought it was normal since sometimes the internet signal is low but i noticed that our PC became very slow even when i just open my documents or my computer. So i searched for api.mybrowserbar.com and found out that it was a malware. We already have the malwarebytes (unpaid) but then i downloaded the superantispyware and scanned our computer, it scanned many cookies and a virus i cant remember. i deleted them all but some cookies were just quarantined. i was not convinced so i did a scan using malwarebytes this time, and found a malware in the photoshop cs5 exe i downloaded lately so i deleted it but still the computer is still slow so i also scanned using the avira free antivirus and it found trojan. the api.mybrowserbar.com still appears but it is very rare now, i still don't know if it will still appear because it appeared last night and i scanned using the superantispyware and deleted the cookies but still some were just quarantined. The free space on our local disk c is 16.2 GB and 34 GB on localdisk D. Please help me how to remove the malware if there is still any that the scanners cannot detect. I wish this can help:
OTL logfile created on: 7/17/2012 12:57:14 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.98 Mb Total Physical Memory | 139.03 Mb Available Physical Memory | 27.21% Memory free
1.30 Gb Paging File | 0.41 Gb Available in Paging File | 31.43% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.48 Gb Total Space | 16.22 Gb Free Space | 51.53% Space Free | Partition Type: NTFS
Drive D: | 43.07 Gb Total Space | 34.17 Gb Free Space | 79.33% Space Free | Partition Type: NTFS
Computer Name: USER-B160FE845F | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/17 12:54:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2012/07/17 07:06:50 | 000,349,696 | ---- | M] (Hyper Technologies Inc.) -- C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
PRC - [2012/07/10 07:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/07/01 12:49:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/01 12:49:57 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/01 12:49:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/07/01 12:49:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/06/27 17:11:10 | 001,090,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/06/27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/02/03 08:04:29 | 001,216,496 | ---- | M] (Google Inc.) -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/08/12 07:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/06/05 13:03:04 | 000,824,224 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2008/04/14 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/08/26 18:15:02 | 000,288,256 | ---- | M] (Hyper Technologies Inc.) -- C:\Program Files\HyperTechnologies\Deep Freeze\DFServEx.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/17 07:44:08 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/07/17 07:44:08 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/07/11 22:35:57 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/07/11 22:35:31 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/07/01 12:49:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/05/23 18:29:10 | 008,743,584 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
MOD - [2012/02/03 08:04:27 | 000,441,328 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\ppgooglenaclpluginchrome.dll
MOD - [2012/02/03 08:04:26 | 003,889,648 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\pdf.dll
MOD - [2012/02/03 08:02:48 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\avutil-51.dll
MOD - [2012/02/03 08:02:46 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\avformat-53.dll
MOD - [2012/02/03 08:02:45 | 001,746,944 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\avcodec-53.dll
MOD - [2002/08/26 18:17:46 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LogonDll.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/01 12:49:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/01 12:49:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/06/27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/03 12:01:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/05 10:03:35 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/12 07:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2002/08/26 18:15:02 | 000,288,256 | ---- | M] (Hyper Technologies Inc.) [Auto | Running] -- C:\Program Files\HyperTechnologies\Deep Freeze\DFServEx.exe -- (DFServEx)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/01 12:49:58 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/01 12:49:58 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/03/27 13:27:02 | 000,543,712 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/08/15 23:47:19 | 000,219,024 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2002/08/26 18:16:12 | 000,012,288 | ---- | M] (HyperTechnologies Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\DepFrzHi.sys -- (DepFrzHi)
DRV - [2002/08/26 18:15:54 | 000,052,709 | ---- | M] (Hyper Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\DepFrzLo.sys -- (DepFrzLo)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://ph.search.yah...type=937811&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_197.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\user\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/10 10:35:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012/02/05 10:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2012/07/10 15:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\cl0mhgs9.default\extensions
[2012/07/07 12:14:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\cl0mhgs9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/02/05 10:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/23 22:14:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/05 10:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/05/26 10:44:57 | 001,184,804 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CL0MHGS9.DEFAULT\EXTENSIONS\[email protected]
[2012/07/10 15:06:41 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012/07/10 15:06:42 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2012/02/02 11:19:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/02 11:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 11:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_197.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2008/04/14 19:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAF688C4-E042-40DA-A24F-E253D635A452}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - C:\WINDOWS\System32\LogonDll.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/05 11:43:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/16 16:52:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Recent
[2012/07/14 14:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/14 14:32:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/14 14:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/11 22:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2012/07/11 22:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/07/11 22:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/07/11 22:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/10 19:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\YouTube Downloader
[2012/07/10 19:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\wtxpcom
[2012/07/10 15:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Search Settings
[2012/07/10 15:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2012/07/10 15:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/07/10 15:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/07/10 15:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2012/07/10 15:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YTD Video Downloader
[2012/07/10 15:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\GreenTree Applications
[2012/07/10 10:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/07/10 10:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/07/10 00:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/08 00:06:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Desktop\GodMode.{ED7BA4708E54-465E-825C-99712043E01C}
[2012/07/07 12:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TuneUpMedia
[2012/07/07 12:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\OpenCandy
[2012/07/07 12:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DVDVideoSoft
[2012/07/07 11:54:01 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/07/07 11:52:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/07/03 17:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/06/29 12:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Avira
[2012/06/29 10:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/06/29 10:59:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/06/29 10:59:36 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/06/29 10:59:35 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/06/29 10:59:35 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/06/29 10:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/06/29 10:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/06/28 20:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2012/06/28 20:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/28 20:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/06/19 20:07:14 | 000,057,344 | ---- | C] (Reflexive) -- C:\WINDOWS\System32\Big Kahuna Reef.scr
[2012/06/19 20:07:14 | 000,057,344 | ---- | C] (Reflexive) -- C:\WINDOWS\System\Big Kahuna Reef.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/17 12:48:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/17 12:40:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/17 07:06:54 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/17 07:06:46 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/16 22:26:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 015a4b92-2761-487b-bd9a-e7c41bb9230a.job
[2012/07/16 17:00:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/07/15 19:28:26 | 000,000,130 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2012/07/15 08:38:16 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/07/15 02:00:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d88fada3-a94b-4f41-90ab-308cb05b03c3.job
[2012/07/14 14:46:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 00:58:42 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/11 09:52:34 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/10 14:58:18 | 000,034,155 | ---- | M] () -- C:\Documents
[2012/07/08 10:22:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/07 11:56:14 | 000,397,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/07 11:56:14 | 000,059,736 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/01 12:49:58 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/07/01 12:49:58 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/07/01 12:32:48 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2012/06/28 20:20:02 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/28 19:55:03 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/06/21 19:46:20 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to BookwormAdventuresVol2.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/14 14:32:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 22:26:29 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 015a4b92-2761-487b-bd9a-e7c41bb9230a.job
[2012/07/11 22:26:26 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d88fada3-a94b-4f41-90ab-308cb05b03c3.job
[2012/07/10 10:15:26 | 000,034,155 | ---- | C] () -- C:\Documents
[2012/07/10 00:14:07 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/07/03 17:37:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/03 17:37:11 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 20:20:02 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/06/28 19:56:53 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/21 19:46:20 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to BookwormAdventuresVol2.lnk
[2012/05/24 12:38:53 | 000,000,805 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2012/03/26 03:05:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/02/21 02:29:05 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/05 11:46:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstet.dat
[2012/02/05 11:39:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/05 10:33:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LogonDll.dll
[2012/02/05 10:14:01 | 000,000,130 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012/02/05 03:34:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/05 03:32:50 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/03/04 17:00:28 | 000,039,060 | ---- | C] () -- C:\Program Files\Buffering2.jpg
[2007/03/04 17:00:28 | 000,039,047 | ---- | C] () -- C:\Program Files\Buffering5.jpg
[2007/03/04 17:00:28 | 000,039,040 | ---- | C] () -- C:\Program Files\Buffering1.jpg
[2007/03/04 17:00:28 | 000,039,038 | ---- | C] () -- C:\Program Files\Buffering6.jpg
[2007/03/04 17:00:28 | 000,039,035 | ---- | C] () -- C:\Program Files\Buffering4.jpg
[2007/03/04 17:00:28 | 000,039,033 | ---- | C] () -- C:\Program Files\Buffering3.jpg
[2007/03/04 17:00:28 | 000,039,020 | ---- | C] () -- C:\Program Files\Buffering7.jpg
[2001/01/11 13:01:31 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\user\dotahotkeys.ini
========== LOP Check ==========
[2012/03/13 01:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2012/02/05 10:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2012/03/19 01:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2012/02/05 10:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/02/27 23:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/02/05 10:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCapv1004
[2012/07/14 14:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/02/05 10:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2012/02/05 10:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2012/03/19 01:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/23 15:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK
[2012/07/10 15:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2001/01/03 03:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2012/04/15 04:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/10 14:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DVDVideoSoft
[2012/02/05 10:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\iWin
[2012/03/19 01:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ludia
[2012/02/05 10:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Magic Match
[2012/07/10 14:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenCandy
[2012/02/05 10:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PlayFirst
[2012/02/27 23:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Rovio
[2012/07/10 15:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Search Settings
[2012/07/07 12:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUpMedia
[2012/06/04 20:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Unity
[2012/07/10 19:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\wtxpcom
[2012/07/10 19:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\YouTube Downloader
[2012/03/27 02:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ZOO Digital Publishing
[2012/07/16 17:00:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/07/16 22:26:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 015a4b92-2761-487b-bd9a-e7c41bb9230a.job
[2012/07/15 02:00:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d88fada3-a94b-4f41-90ab-308cb05b03c3.job
========== Purity Check ==========
< End of report >