Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search engine hijack and IE problem

Started by Koyote , Aug 21 2011 04:50 PM

  • This topic is locked This topic is locked

#1
Koyote
Posted 21 August 2011 - 04:50 PM

Koyote

    New Member

  • Member
  • Pip
  • 7 posts
I have two problems, though I think they're probably related as they started happening at the same time.

First problem is a general hijacking of all my search engines, from Google to Yahoo to Bing, any requests sends them to a variety of different sites such as http://mmw.us/, and also pulls up search boxes that want to install things. The search engines also run quite slow.

Second problem is that my system will keep opening up two copies of Internet Explorer even though I'm not running them. I'll click them off in the task manager, and a couple minutes later they'll open up again, but just in the task manager, not in the task bar.

I've tried System Restore, as well as running Malwarebytes' program, AVG Anti-Virus, Advanced System Care 4 and just for the heck of it.. McAfee. I've looked at the sites instructions for removal of search engine hijack malware, and also ran GooredFix, OTM and tried to run TDSSKiller, but that program refused to open for me. All opened under safe mode. Nothing works. The final thing I've done is ran OTL, and the log is listed below. Any help I can receive for fixing these problems would be greatly appreciated. Thank you.


OTL logfile created on: 8/21/2011 3:29:17 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Eric\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 51.04% Memory free
5.50 Gb Paging File | 3.88 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 221.40 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 86.94 Gb Free Space | 9.33% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 74.60 Gb Free Space | 16.02% Space Free | Partition Type: NTFS

Computer Name: ANTEC900 | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/21 15:28:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2011/08/21 00:32:42 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/08/20 20:17:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/09 16:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/08/09 16:40:34 | 000,763,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/08/03 20:02:00 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/07/15 21:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/04 04:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/06 13:06:46 | 000,099,840 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2010/06/14 16:10:32 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/04 01:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2009/06/04 01:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 14:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/03/14 14:59:50 | 001,946,624 | ---- | M] () -- C:\Program Files\Adolix\Adolix Wallpaper Changer\AWC.exe
PRC - [2008/01/15 11:28:20 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007/11/20 17:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Lycosa\razerhid.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/08/20 15:10:16 | 000,598,016 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2007/08/20 15:09:52 | 000,147,456 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2007/03/09 12:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/03/05 00:09:02 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTHELPER.EXE
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/06 18:10:16 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2006/11/17 18:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTSched.exe
PRC - [2005/11/18 14:36:06 | 000,278,528 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/20 20:17:41 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/20 11:44:51 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/09 16:43:20 | 000,130,904 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011/08/03 20:03:21 | 014,401,832 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2011/08/03 20:03:16 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/08/03 20:03:16 | 000,190,248 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/08/03 20:03:16 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/08/03 20:03:16 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/07/18 17:42:56 | 000,064,512 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\extensions\[email protected]\platform\WINNT\6\echofon.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/02/06 13:08:54 | 000,175,616 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WebParser.dll
MOD - [2011/02/06 13:08:04 | 000,034,816 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\QuotePlugin.dll
MOD - [2011/02/06 13:07:34 | 000,036,352 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\iTunesPlugin.dll
MOD - [2011/02/06 13:06:46 | 000,099,840 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
MOD - [2011/02/06 13:06:10 | 000,665,600 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/04 01:55:20 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/03/26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009/02/06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL
MOD - [2008/03/14 14:59:50 | 001,946,624 | ---- | M] () -- C:\Program Files\Adolix\Adolix Wallpaper Changer\AWC.exe
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/24 03:02:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/22 22:16:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/02/20 00:10:38 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/17 09:26:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/08/10 14:19:30 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/15 11:28:20 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/08/20 15:10:16 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2007/08/20 15:09:52 | 000,147,456 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/06/15 01:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/04/14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/27 16:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 16:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 16:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 14:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/01/26 19:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/11/20 19:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/07/13 15:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/04 03:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 03:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 03:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 03:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 03:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 03:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 03:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 03:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2007/08/21 01:13:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/07/02 17:37:00 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/03/05 02:57:16 | 000,329,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/03/05 02:57:05 | 000,134,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/03/05 02:56:56 | 000,101,176 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/03/05 02:56:47 | 000,286,520 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/03/05 02:56:33 | 000,174,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/03/05 02:56:23 | 000,566,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/03/05 02:55:59 | 000,552,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/03/05 02:55:46 | 000,098,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2003/06/11 16:00:00 | 000,090,229 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P1130Vid.sys -- (P1130VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3057722
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {12a9db21-42a2-492d-a85c-cdde0c88b608} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.7.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.2.2b
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.303


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/21 10:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/21 10:27:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/20 23:15:24 | 000,000,000 | ---D | M]

[2010/02/22 21:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/08/21 10:24:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\extensions
[2011/01/10 19:57:23 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/08/21 10:28:03 | 000,000,000 | ---D | M] (SocialRibbons LP2) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}
[2010/04/28 08:25:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/21 10:24:47 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\extensions\[email protected]
[2011/08/21 10:24:47 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\extensions\[email protected]
[2011/08/21 10:24:47 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\extensions\[email protected]
[2011/08/21 10:28:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\extensions\{0dd5ab7a-9db5-0aa4-e914-7148cd6c0afc}\chrome\content\dca\core\extensionManager
[2009/01/27 22:47:54 | 000,001,739 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\searchplugins\aim-search.xml
[2011/08/10 10:04:44 | 000,000,927 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\searchplugins\conduit.xml
[2011/08/03 15:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/15 07:04:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/17 16:02:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/03 17:03:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/21 10:24:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/21 10:24:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KDOG2MB1.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KDOG2MB1.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KDOG2MB1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KDOG2MB1.DEFAULT\EXTENSIONS\[email protected]
[2011/08/20 20:17:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/15 08:53:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/21 15:12:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WD_SRT] C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Desktop Software] File not found
O4 - HKCU..\Run: [EADM] C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe (Electronic Arts)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Wallpaper Manager] C:\Program Files\Adolix\Adolix Wallpaper Changer\AWC.exe ()
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: G:\Wallpaper\fastfood.jpg
O24 - Desktop BackupWallPaper: G:\Wallpaper\fastfood.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 02:52:18 | 000,000,080 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{73915755-7f9a-11df-b456-00044b01902f}\Shell - "" = AutoRun
O33 - MountPoints2\{73915755-7f9a-11df-b456-00044b01902f}\Shell\AutoRun\command - "" = I:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/21 15:28:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/08/21 15:15:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\GooredFix Backups
[2011/08/21 15:12:44 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/21 15:12:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\ERDNT
[2011/08/21 15:09:17 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Eric\Desktop\GooredFix.exe
[2011/08/21 15:08:57 | 001,405,744 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\TDSSKiller.exe
[2011/08/21 15:06:15 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTM.exe
[2011/08/21 13:21:04 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/08/21 12:15:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/21 06:56:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Eric\HijackThis.exe
[2011/08/20 21:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/08/20 21:23:02 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\IObit
[2011/08/20 21:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/08/19 18:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FreeCause
[2011/08/19 18:32:29 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Conduit
[2011/08/09 23:45:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Bizarre Creations
[2011/08/09 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\Geometry Wars
[2011/08/06 16:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/01 20:54:31 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Transformice
[2011/08/01 20:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/06/04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/04 01:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Users\Eric\Documents\*.tmp files -> C:\Users\Eric\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/21 15:32:51 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/21 15:32:51 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/21 15:31:28 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/21 15:31:28 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/21 15:28:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/08/21 15:25:05 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/21 15:24:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/21 15:24:54 | 2213,453,824 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/21 15:19:24 | 000,054,568 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000005-002C1102}.rfx
[2011/08/21 15:19:24 | 000,054,568 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-0000000A-00001102-00000005-002C1102}.rfx
[2011/08/21 15:19:24 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-0000000A-00001102-00000005-002C1102}.rfx
[2011/08/21 15:12:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/21 15:10:48 | 000,513,320 | ---- | M] () -- C:\Users\Eric\erunt.zip
[2011/08/21 15:09:17 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Eric\Desktop\GooredFix.exe
[2011/08/21 15:08:38 | 001,389,603 | ---- | M] () -- C:\Users\Eric\Desktop\tdsskiller.zip
[2011/08/21 15:06:15 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTM.exe
[2011/08/21 11:57:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/21 11:23:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3078766118-400663514-3189373327-1000UA.job
[2011/08/21 08:01:59 | 129,127,907 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/21 06:33:49 | 000,458,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/21 06:31:41 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2011/08/20 21:23:12 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/08/20 21:23:11 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011/08/20 20:31:25 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/20 20:28:23 | 000,000,000 | ---- | M] () -- C:\Users\Eric\Desktop\FEAR2SPDemo.exe
[2011/08/20 20:18:59 | 000,001,845 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/20 16:37:22 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3078766118-400663514-3189373327-1000Core.job
[2011/08/19 19:31:55 | 000,001,847 | ---- | M] () -- C:\Users\Eric\Desktop\Transformice- Baffler.lnk
[2011/08/19 17:49:16 | 001,405,744 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Eric\Desktop\TDSSKiller.exe
[2011/08/13 06:34:04 | 004,915,254 | ---- | M] () -- C:\Users\Eric\Documents\Firehand Ember Image.bmp
[2011/08/12 07:39:24 | 000,532,611 | ---- | M] () -- C:\Users\Eric\P_ORDER_570369.zip
[2011/08/09 16:24:00 | 000,002,392 | ---- | M] () -- C:\Users\Eric\Desktop\Google Chrome.lnk
[2011/08/09 08:03:18 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/07/30 17:16:29 | 000,188,934 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Users\Eric\Documents\*.tmp files -> C:\Users\Eric\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/21 15:11:06 | 000,001,960 | ---- | C] () -- C:\Users\Eric\NTREGOPT.LOC
[2011/08/21 15:11:05 | 000,140,288 | ---- | C] () -- C:\Users\Eric\NTREGOPT.EXE
[2011/08/21 15:11:05 | 000,005,417 | ---- | C] () -- C:\Users\Eric\LOC_GER.ZIP
[2011/08/21 15:11:05 | 000,004,090 | ---- | C] () -- C:\Users\Eric\ERUNT.LOC
[2011/08/21 15:11:04 | 000,163,328 | ---- | C] () -- C:\Users\Eric\ERDNT.E_E
[2011/08/21 15:11:04 | 000,157,696 | ---- | C] () -- C:\Users\Eric\ERUNT.EXE
[2011/08/21 15:11:04 | 000,038,912 | ---- | C] () -- C:\Users\Eric\AUTOBACK.EXE
[2011/08/21 15:11:04 | 000,003,275 | ---- | C] () -- C:\Users\Eric\ERDNTWIN.LOC
[2011/08/21 15:11:04 | 000,002,815 | ---- | C] () -- C:\Users\Eric\ERDNTDOS.LOC
[2011/08/21 15:10:48 | 000,513,320 | ---- | C] () -- C:\Users\Eric\erunt.zip
[2011/08/21 15:08:38 | 001,389,603 | ---- | C] () -- C:\Users\Eric\Desktop\tdsskiller.zip
[2011/08/21 06:31:41 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2011/08/20 21:23:12 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/08/20 21:23:11 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011/08/20 20:28:23 | 000,000,000 | ---- | C] () -- C:\Users\Eric\Desktop\FEAR2SPDemo.exe
[2011/08/19 19:31:55 | 000,001,847 | ---- | C] () -- C:\Users\Eric\Desktop\Transformice- Baffler.lnk
[2011/08/12 08:09:41 | 000,629,776 | ---- | C] () -- C:\Users\Eric\Live_Free_or_Die.mobi
[2011/08/12 08:09:33 | 000,532,292 | ---- | C] () -- C:\Users\Eric\P_live_free_or_die.zip
[2011/08/12 07:39:24 | 000,532,611 | ---- | C] () -- C:\Users\Eric\P_ORDER_570369.zip
[2011/08/06 16:57:16 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/25 23:31:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/05/25 23:30:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/02/28 22:55:34 | 000,042,132 | ---- | C] () -- C:\Windows\XF2000.INI
[2010/10/02 09:55:15 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/06/15 09:06:38 | 000,153,502 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/06/15 09:05:02 | 005,002,416 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/06/15 08:43:58 | 001,641,574 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/05/24 12:39:50 | 000,289,065 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/05/24 12:38:34 | 000,962,008 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/05/24 12:38:22 | 000,631,808 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/19 13:59:20 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2010/05/19 13:59:10 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2010/05/19 13:59:02 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2010/05/19 13:58:52 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2010/05/19 13:58:24 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2010/05/19 13:58:18 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2010/05/19 13:58:08 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2010/05/19 13:57:42 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2010/05/19 13:57:38 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2010/05/19 13:57:26 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010/05/19 13:57:20 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2010/05/19 13:55:40 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2010/05/19 13:55:36 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2010/05/11 14:26:52 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/05/11 14:22:22 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/05/10 15:10:04 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/05/10 15:09:50 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/05/10 15:09:42 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/05/10 15:09:30 | 000,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010/05/10 15:07:24 | 001,556,992 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/05/10 15:05:28 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010/05/10 15:05:06 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/05/10 15:03:56 | 000,163,328 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/04/09 07:23:56 | 000,003,584 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/22 22:14:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/22 21:56:24 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/02/22 21:14:19 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/02/22 21:14:19 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/01/26 19:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/01/10 20:37:52 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/19 20:52:06 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/19 20:51:42 | 000,139,152 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\PnkBstrK.sys
[2009/08/19 20:51:03 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/08/19 20:50:38 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/08/19 20:50:38 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/08/11 14:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,458,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,659,580 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,120,508 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/07 09:24:04 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/06/04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/04 01:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009/06/04 01:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009/06/04 01:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/04 01:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/27 10:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/01/10 15:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/11/06 08:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 07:55:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/09/07 12:06:03 | 000,000,331 | ---- | C] () -- C:\Windows\doom3.ini
[2008/05/03 09:26:29 | 000,185,856 | ---- | C] () -- C:\Windows\System32\Bmp2Jpeg.dll
[2008/05/03 09:26:29 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/11/11 13:24:47 | 000,139,758 | ---- | C] () -- C:\Windows\hpoins15.dat
[2007/11/11 13:24:47 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2007/10/29 20:00:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/23 14:33:41 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/10/20 17:45:41 | 000,313,207 | ---- | C] () -- C:\Windows\System32\CTSTATIC.DAT
[2007/10/20 17:45:41 | 000,274,587 | ---- | C] () -- C:\Windows\System32\CTSBAS2W.DAT
[2007/10/20 17:45:41 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2007/10/20 17:45:41 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2007/10/20 17:45:41 | 000,053,932 | ---- | C] () -- C:\Windows\System32\CTDAUGHT.DAT
[2007/10/20 17:45:41 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2007/10/20 17:45:40 | 000,149,838 | ---- | C] () -- C:\Windows\System32\CTBAS2W.DAT
[2007/10/13 02:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/03/05 00:09:04 | 000,037,888 | ---- | C] () -- C:\Windows\System32\PSCONV.EXE
[2005/10/04 08:28:12 | 000,071,680 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL
[2001/08/23 04:24:04 | 000,036,864 | ---- | C] () -- C:\Windows\hpfsched.exe
[1999/01/22 06:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1999/01/22 00:41:30 | 000,180,224 | ---- | C] () -- C:\Windows\Res2_uninst.exe

========== LOP Check ==========

[2010/02/22 21:47:32 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\aMule
[2011/02/02 00:29:30 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AVG10
[2010/02/22 21:47:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Bioshock
[2010/04/03 23:28:38 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Camfrog
[2011/08/21 15:25:34 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Dropbox
[2010/02/22 21:47:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\eMule
[2010/02/22 23:09:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GetRightToGo
[2010/02/22 21:47:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GrabIt
[2011/08/21 10:24:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\IObit
[2010/06/20 07:52:07 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Jaran Nilsen
[2010/02/22 21:47:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech
[2010/02/22 23:15:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Pointstone
[2010/06/29 18:18:04 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Publish Providers
[2011/08/21 10:28:03 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Rainmeter
[2010/02/22 21:48:00 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Research In Motion
[2010/06/29 18:29:35 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Sony
[2010/02/22 21:48:01 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SoundSpectrum
[2009/05/30 11:05:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\The Ringtone Maker Plus
[2011/08/01 23:07:34 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Transformice
[2011/04/09 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Unity
[2011/08/21 10:27:44 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\uTorrent
[2010/10/29 07:56:21 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Wizards of the Coast
[2009/04/22 20:24:23 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\xu4
[2009/07/13 21:53:46 | 000,030,886 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Eric\Documents\Winged hees.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Eric\Documents\Pinball Shipping.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Eric\Documents\Mom1.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Eric\Documents\BUNCO BABES.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Eric\Documents\AAFES References for Eric Rodman.doc:Roxio EMC Stream

< End of report >
  • 0

Advertisements

#2
maliprog
Posted 22 August 2011 - 03:37 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Koyote and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

If you fail to run Combofix try to rename it to explorer.exe or svchost.exe then try to run it again.

If you fail to run it in Normal mode then try to run it in Safe mode.

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#3
Koyote
Posted 22 August 2011 - 08:27 PM

Koyote

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
More problems... despite shutting down my antiviral programs, ComboFix would not produce anything of a log file. Additionally, TDSSkiller has refused to run under any condition, including Safe Mode and as Administrator. The best help I can furnish in addition is the OTL Extras file, which I didn't previously submit. And now I've gotten 2 BSOD's in the last half hour. Most frustrating.

OTL Extras logfile created on: 8/21/2011 3:29:17 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Eric\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 51.04% Memory free
5.50 Gb Paging File | 3.88 Gb Available in Paging File | 70.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 221.40 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 86.94 Gb Free Space | 9.33% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 74.60 Gb Free Space | 16.02% Space Free | Partition Type: NTFS

Computer Name: ANTEC900 | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse in Ember] -- C:\Program Files\Firehand Technologies\Ember\Ember.exe %1 (Firehand Technologies Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1AE60380-A2C0-11D5-80F5-00105A4B10E7}" = Williams Pinball Classics
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 26
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3538E004-D991-471A-954A-C474321BCD18}" = Visual Install Pack
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{419EE2A0-0E9B-4312-9689-4FD10738531E}" = Visual Pinball
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{49058C21-E4F6-4A99-B715-D62715E0A2A2}" = Vegas Pro 9.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5052F2A7-5DDE-47F5-BF29-673C10F3DA87}_is1" = Penumbra Black Plague
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{6530EB5E-F2BE-45D3-906B-E4AFFF2D1588}" = Windows Live Device Manager
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F512339-216D-4FBE-8A83-3EDCC3F03F51}" = WD Win98 SE USB Disk Driver, v1.00.09
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{759FC370-E77F-4FB0-A1E4-C0628A44BA44}" = Amnesia - The Dark Descent
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: The First Encounter
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E89BB19-F4C9-45EB-8DB9-5617220C53ED}" = Visual Pinball
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP3
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F73D18C1-F4DA-4B9F-9C46-5185F5D3DB7C}" = F.E.A.R. 2 SP Demo
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.56 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Adolix Wallpaper Changer_is1" = Adolix Wallpaper Changer 2.2
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"ALchemy" = Creative ALchemy
"aMule" = aMule
"Atari800Win PLus" = Atari800Win PLus 4.0
"AudioCS" = Creative Audio Control Panel
"AvantBrowser" = Avant Browser (remove only)
"AVG" = AVG 2011
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"Camfrog 5.5" = Camfrog Video Chat 5.5
"Classic Doom 3" = Classic Doom 3 1.3.1
"Creative PD1130" = Creative WebCam NX Pro Driver (1.03.03.0326)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Digsby" = Digsby
"EADM" = EA Download Manager
"eMule" = eMule
"Firehand Ember" = Firehand Ember
"FLV Player2.0.25" = FLV Player
"G-Force" = G-Force
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"Intelli-studio" = SAMSUNG Intelli-studio
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Pinball Arcade 1.0" = Microsoft Pinball Arcade
"PowerISO" = PowerISO
"PSP Video 9" = PSP Video 9 5.04
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"RESIDENT EVIL2" = RESIDENT EVIL2
"RocketDock_is1" = RocketDock 1.3.5
"Scrabble" = Scrabble (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 22120" = Penumbra: Black Plague
"Steam App 22140" = Penumbra: Requiem
"Steam App 22180" = Penumbra: Overture
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 550" = Left 4 Dead 2
"SysInfo" = Creative System Information
"System Cleaner 5" = System Cleaner 5
"SystemRequirementsLab" = System Requirements Lab
"The Ringtone Maker Plus" = The Ringtone Maker Plus 5.1
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Ultima 4 Quest of the Avatar_is1" = Ultima 4 Quest of the Avatar
"UnityWebPlayer" = Unity Web Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"VPLauncher V3.02" = VPLauncher V3.02
"VPMan_is1" = VP-Man
"WaveStudio 7" = Creative WaveStudio 7
"WhiteCap" = WhiteCap
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.6.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinZip" = WinZip
"xTube Video Downloader_is1" = xTube Video Downloader 3.18
"xu4_is1" = xu4 CVS
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YASA MP4 Video Converter v3.2 (build 0051)" = YASA MP4 Video Converter v3.2 (build 0051)
"YInstHelper" = Yahoo! Install Manager
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"iTunes Agent 1.3.3" = iTunes Agent 1.3.3
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#4
maliprog
Posted 22 August 2011 - 11:59 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Koyote,

OK. Let's try different tools.

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 2

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

Step 3

Please don't forget to include these items in your reply:

  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#5
Koyote
Posted 23 August 2011 - 01:05 AM

Koyote

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
aswMBR log


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-22 23:57:52
-----------------------------
23:57:52.870 OS Version: Windows 6.1.7600
23:57:52.871 Number of processors: 4 586 0xF0B
23:57:52.871 ComputerName: ANTEC900 UserName: Eric
23:58:12.631 Initialize success
23:59:43.651 AVAST engine defs: 11082201
00:00:16.428 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000077
00:00:16.430 Disk 0 Vendor: MAXTOR_S 3.AA Size: 476940MB BusType: 3
00:00:18.467 Disk 0 MBR read successfully
00:00:18.471 Disk 0 MBR scan
00:00:18.484 Disk 0 Windows 7 default MBR code
00:00:18.488 Disk 0 scanning sectors +976771072
00:00:18.545 Disk 0 scanning C:\Windows\system32\drivers
00:00:28.662 Service scanning
00:00:30.667 Modules scanning
00:00:36.246 Disk 0 trace - called modules:
00:00:36.267 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86baeed1]<<
00:00:36.272 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b9b648]
00:00:36.276 3 CLASSPNP.SYS[83bd159e] -> nt!IofCallDriver -> [0x86950678]
00:00:36.618 5 ACPI.sys[838413b2] -> nt!IofCallDriver -> \Device\00000077[0x86342b38]
00:00:36.624 \Driver\nvstor[0x86350960] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86baeed1
00:00:38.204 AVAST engine scan C:\Windows
00:00:41.420 AVAST engine scan C:\Windows\system32
00:02:41.299 AVAST engine scan C:\Windows\system32\drivers
00:02:56.649 AVAST engine scan C:\Users\Eric
00:03:19.310 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
00:03:19.318 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"
  • 0

#6
Koyote
Posted 23 August 2011 - 07:52 PM

Koyote

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: EVGA
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: EVGA
System Product Name: 122-CK-NF68
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 181):
0x83009000 \SystemRoot\system32\ntkrnlpa.exe
0x83419000 \SystemRoot\system32\halmacpi.dll
0x80BD1000 \SystemRoot\system32\kdcom.dll
0x8363E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x836B6000 \SystemRoot\system32\PSHED.dll
0x836C7000 \SystemRoot\system32\BOOTVID.dll
0x836CF000 \SystemRoot\system32\CLFS.SYS
0x83711000 \SystemRoot\system32\CI.dll
0x8381E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8388F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8389D000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x838E5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x838EE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x838F6000 \SystemRoot\system32\DRIVERS\pci.sys
0x83920000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8392B000 \SystemRoot\System32\drivers\partmgr.sys
0x8393C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8394C000 \SystemRoot\System32\drivers\volmgrx.sys
0x83997000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8399E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x839AC000 \SystemRoot\System32\drivers\mountmgr.sys
0x839C2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x839CB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x837BC000 \SystemRoot\system32\drivers\nvstor.sys
0x83A3F000 \SystemRoot\system32\drivers\storport.sys
0x83A86000 \SystemRoot\system32\drivers\amdxata.sys
0x83A8F000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x83AAC000 \SystemRoot\system32\drivers\fltmgr.sys
0x83AE0000 \SystemRoot\system32\drivers\fileinfo.sys
0x83AF1000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8AE1B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AF4A000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AF75000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AF88000 \SystemRoot\System32\Drivers\cng.sys
0x8AFE5000 \SystemRoot\System32\drivers\pcw.sys
0x8AFF3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x83AFA000 \SystemRoot\system32\drivers\ndis.sys
0x83BB1000 \SystemRoot\system32\drivers\NETIO.SYS
0x83A00000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B03E000 \SystemRoot\System32\drivers\tcpip.sys
0x8B187000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B1B8000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B1F7000 \SystemRoot\System32\Drivers\spldr.sys
0x8B000000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B02D000 \SystemRoot\System32\Drivers\mup.sys
0x8AE00000 \SystemRoot\System32\drivers\hwpolicy.sys
0x83600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8AE08000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B235000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B25A000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8B261000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8B2B2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B2D1000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8B2DD000 \SystemRoot\System32\Drivers\Null.SYS
0x8B2E4000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B2EB000 \SystemRoot\System32\drivers\vga.sys
0x8B2F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B318000 \SystemRoot\System32\drivers\watchdog.sys
0x8B325000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B32D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B335000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B33D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B348000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B356000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B36D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B378000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8B3BF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9081A000 \SystemRoot\system32\drivers\afd.sys
0x90874000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9087B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9089A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x908A8000 \SystemRoot\system32\DRIVERS\serial.sys
0x908C2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x908D5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x908E5000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x908F3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90934000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9093E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90948000 \SystemRoot\System32\drivers\discache.sys
0x90954000 \SystemRoot\System32\Drivers\dfsc.sys
0x9096C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x9097A000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x909B6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x909D7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x92009000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x92B03000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x92B05000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92BBC000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92BF5000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8F215000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F260000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F26F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8F275000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8F2A1000 \SystemRoot\system32\drivers\ctaud2k.sys
0x8F320000 \SystemRoot\system32\drivers\portcls.sys
0x8F34F000 \SystemRoot\system32\drivers\drmk.sys
0x8F368000 \SystemRoot\system32\drivers\ks.sys
0x8F39C000 \SystemRoot\system32\drivers\ctoss2k.sys
0x8F3D1000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x8F3D9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9120A000 \SystemRoot\system32\DRIVERS\nvm62x32.sys
0x9125F000 \SystemRoot\system32\DRIVERS\fdc.sys
0x9126A000 \SystemRoot\system32\DRIVERS\serenum.sys
0x91274000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91281000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91293000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x912AB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x912B6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x912D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x912F0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91307000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9131E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9132B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91338000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9133A000 \SystemRoot\system32\drivers\WmBEnum.sys
0x9133E000 \SystemRoot\system32\drivers\WmXlCore.sys
0x9134D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9135B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91A17000 \SystemRoot\system32\drivers\ha20x2k.sys
0x91B3A000 \SystemRoot\system32\drivers\emupia2k.sys
0x91B6A000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x91C3C000 \SystemRoot\system32\drivers\ctac32k.sys
0x91CD8000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x91CED000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x91609000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x91750000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91761000 \SystemRoot\system32\drivers\HdAudio.sys
0x917B1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x917C8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x917CA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x917D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x917E8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x917EF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91D19000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91D26000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x91D30000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x91D55000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x91D66000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x988A0000 \SystemRoot\System32\win32k.sys
0x91D71000 \SystemRoot\System32\drivers\Dxapi.sys
0x91D7B000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x91D92000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x91DA0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x91DAB000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x91DB8000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x91600000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x91DDC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x91DE7000 \SystemRoot\system32\DRIVERS\P1130Vid.sys
0x91C00000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x98B00000 \SystemRoot\System32\TSDDD.dll
0x98B30000 \SystemRoot\System32\cdd.dll
0x98B50000 \SystemRoot\System32\ATMFD.DLL
0x91C0E000 \SystemRoot\system32\drivers\luafv.sys
0x91B93000 \SystemRoot\system32\drivers\WudfPf.sys
0x91C29000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x91BAD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA2014000 \SystemRoot\system32\drivers\HTTP.sys
0xA2099000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA20B2000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA20C4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA20E7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA2122000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2155000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA2159000 \SystemRoot\system32\drivers\npf.sys
0xA2168000 \SystemRoot\system32\drivers\peauth.sys
0xA2000000 \SystemRoot\system32\drivers\WmVirHid.sys
0xA2003000 \SystemRoot\System32\Drivers\secdrv.SYS
0x91BC0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA213D000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA214A000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x9139F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8B200000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xB003B000 \SystemRoot\System32\DRIVERS\srv.sys
0xB008D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xB00AE000 \SystemRoot\system32\drivers\tdtcp.sys
0xB00B8000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xB00C5000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB0160000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77490000 \Windows\System32\ntdll.dll
0x48110000 \Windows\System32\smss.exe
0x776D0000 \Windows\System32\apisetschema.dll

Processes (total 93):
0 System Idle Process
4 System
396 C:\Windows\System32\smss.exe
444 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
664 csrss.exe
776 C:\Windows\System32\wininit.exe
784 csrss.exe
832 C:\Windows\System32\services.exe
860 C:\Windows\System32\winlogon.exe
872 C:\Windows\System32\lsass.exe
892 C:\Windows\System32\lsm.exe
996 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\nvvsvc.exe
1108 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\svchost.exe
1456 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1492 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\nvvsvc.exe
1616 C:\Windows\System32\svchost.exe
1792 C:\Windows\System32\spoolsv.exe
1824 C:\Windows\System32\svchost.exe
1924 C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
1956 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1996 C:\Program Files\AVG\AVG10\avgwdsvc.exe
2016 C:\Program Files\Bonjour\mDNSResponder.exe
120 C:\Windows\System32\svchost.exe
604 C:\Windows\System32\svchost.exe
712 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
1092 C:\Windows\System32\taskhost.exe
1544 C:\Windows\System32\PnkBstrA.exe
1016 C:\Windows\System32\taskeng.exe
2056 C:\Windows\System32\dwm.exe
2132 C:\Windows\explorer.exe
2320 C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
2352 C:\Windows\System32\java.exe
2392 C:\Windows\System32\conhost.exe
2828 C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
2856 C:\Program Files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.exe
2872 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
2904 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
2996 C:\Program Files\Razer\Lycosa\razerhid.exe
3024 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3056 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
3064 C:\Windows\System32\CTxfispi.exe
3080 C:\Windows\System32\Ctxfihlp.exe
3108 C:\Windows\System32\CTHELPER.EXE
3188 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
3256 C:\Program Files\AVG\AVG10\avgtray.exe
3348 C:\Program Files\iTunes\iTunesHelper.exe
3356 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3376 C:\Program Files\RocketDock\RocketDock.exe
3388 C:\Program Files\Adolix\Adolix Wallpaper Changer\AWC.exe
3416 C:\Program Files\Windows Sidebar\sidebar.exe
3528 C:\Program Files\Creative\Shared Files\CTSched.exe
3664 C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
3756 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3764 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3784 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3840 C:\Program Files\Rainmeter\Rainmeter.exe
3932 C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
1968 C:\Program Files\AVG\AVG10\avgnsx.exe
4308 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
4344 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
4380 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
4404 C:\Windows\System32\svchost.exe
4452 C:\Program Files\Viewpoint\Common\ViewpointService.exe
4512 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
4568 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
4616 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
5072 C:\Program Files\iPod\bin\iPodService.exe
5196 C:\Windows\System32\SearchIndexer.exe
5572 WUDFHost.exe
276 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2568 C:\Program Files\Windows Media Player\wmpnetwk.exe
2544 WmiPrvSE.exe
1348 C:\Windows\System32\wuauclt.exe
5944 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
2752 C:\Program Files\AVG\AVG10\avgcsrvx.exe
5888 C:\Windows\System32\audiodg.exe
3480 C:\Windows\System32\svchost.exe
3132 C:\Program Files\fuzzball\Trebuchet\tclkit\tclkit.exe
3996 C:\Program Files\Mozilla Firefox\firefox.exe
3316 C:\Program Files\Mozilla Firefox\plugin-container.exe
4448 C:\Windows\System32\svchost.exe
3168 C:\Program Files\Internet Explorer\iexplore.exe
964 C:\Program Files\Internet Explorer\iexplore.exe
5000 C:\Windows\System32\SearchProtocolHost.exe
5752 C:\Windows\System32\SearchFilterHost.exe
5588 C:\Users\Eric\Desktop\MBRCheck.exe
544 C:\Windows\System32\conhost.exe
676 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: MAXTOR STM3500630AS, Rev: 3.AA
PhysicalDrive1 Model Number: SeagateDesktop, Rev: 0130
PhysicalDrive3 Model Number: SeagateFreeAgentDesktop, Rev: 100D

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: A16EF68870D2ED162DDA2E379D2960A80789C94E
465 GB \\.\PhysicalDrive3 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!
  • 0

#7
Koyote
Posted 23 August 2011 - 09:59 PM

Koyote

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 11-08-23.06 - Eric 08/23/2011 19:46:23.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1818 [GMT -7:00]
Running from: c:\users\Eric\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\steam\Steam.exe
c:\programdata\xml4ECD.tmp
c:\programdata\xml7C14.tmp
c:\programdata\xml7F31.tmp
c:\programdata\xml8106.tmp
c:\users\Eric\195.62_desktop_win7_winvista_32bit_english_whql.exe
c:\users\Eric\ARO2011_tbt.exe
c:\users\Eric\AUTOBACK.EXE
c:\users\Eric\camfrog.exe
c:\users\Eric\CrucialScan.exe
c:\users\Eric\digsby_setup78.exe
c:\users\Eric\Documents\~WRL0003.tmp
c:\users\Eric\Documents\~WRL1706.tmp
c:\users\Eric\eMule0.49b-Installer1.exe
c:\users\Eric\ERDNT.E_E
c:\users\Eric\ERUNT.EXE
c:\users\Eric\esetsmartinstaller_enu.exe
c:\users\Eric\EULA.txt
c:\users\Eric\FW_WRT54G2V1_1.0.04.005_US.bin
c:\users\Eric\googleupdatesetup.exe
c:\users\Eric\MTGOIII_Helper.exe
c:\users\Eric\NTREGOPT.EXE
c:\users\Eric\PowerISO48.exe
c:\users\Eric\Rainmeter-2.0.exe
c:\users\Eric\ringmake_v510.exe
c:\users\Eric\TDSSKiller.exe
c:\users\Eric\usb98dr.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\comct332.ocx
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-24 03:26 . 2011-08-24 03:29 -------- d-----w- c:\users\Eric\AppData\Local\temp
2011-08-24 03:26 . 2011-08-24 03:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-24 01:33 . 2011-08-24 01:33 -------- d-----w- c:\users\Eric\AppData\Roaming\Sammsoft
2011-08-24 01:31 . 2011-08-24 01:31 -------- d-----w- c:\program files\ARO 2011
2011-08-23 02:34 . 2011-08-23 02:34 -------- d-----w- c:\program files\ESET
2011-08-22 05:25 . 2011-08-22 05:25 302592 ----a-w- C:\4o4z9udn.exe
2011-08-22 00:06 . 2011-08-22 01:01 -------- d-----w- c:\users\Eric\DoctorWeb
2011-08-21 22:12 . 2011-08-21 22:12 -------- d-----w- C:\_OTM
2011-08-21 22:12 . 2011-08-21 22:12 -------- d-----w- c:\users\Eric\ERDNT
2011-08-21 20:21 . 2011-08-21 20:21 -------- d-----w- C:\$AVG
2011-08-21 13:56 . 2010-05-14 23:08 388608 ----a-w- c:\users\Eric\HijackThis.exe
2011-08-21 07:35 . 2011-08-21 07:35 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-08-21 07:35 . 2011-08-21 07:35 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-08-21 07:35 . 2011-08-21 07:35 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-08-21 07:35 . 2011-08-21 07:35 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-08-21 07:35 . 2011-08-21 07:35 1686016 ----a-w- c:\windows\system32\esent.dll
2011-08-21 07:35 . 2011-08-21 07:35 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-08-21 07:35 . 2011-08-21 07:35 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-08-21 07:35 . 2011-08-21 07:35 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-08-21 07:35 . 2011-08-21 07:35 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-08-21 07:33 . 2011-08-21 07:33 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-08-21 07:33 . 2011-08-21 07:33 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-08-21 07:33 . 2011-08-21 07:33 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-21 07:33 . 2011-08-21 07:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-08-21 07:32 . 2011-08-21 07:32 2614784 ----a-w- c:\windows\explorer.exe
2011-08-21 07:32 . 2011-08-21 07:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-21 07:30 . 2011-08-21 07:30 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-08-21 07:30 . 2011-08-21 07:30 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-08-21 07:30 . 2011-08-21 07:30 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-08-21 07:30 . 2011-08-21 07:30 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-08-21 07:30 . 2011-08-21 07:30 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-08-21 07:30 . 2011-08-21 07:30 204288 ----a-w- c:\windows\system32\upnp.dll
2011-08-21 07:30 . 2011-08-21 07:30 14336 ----a-w- c:\windows\system32\slwga.dll
2011-08-21 07:30 . 2011-08-21 07:30 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-08-21 07:30 . 2011-08-21 07:30 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-08-21 07:30 . 2011-08-21 07:30 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-08-21 07:29 . 2011-08-21 07:29 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-08-21 07:29 . 2011-08-21 07:29 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-21 07:29 . 2011-08-21 07:29 417792 ----a-w- c:\windows\system32\msdri.dll
2011-08-21 07:29 . 2011-08-21 07:29 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-08-21 07:29 . 2011-08-21 07:29 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-08-21 07:28 . 2011-08-21 07:28 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-08-21 07:28 . 2011-08-21 07:28 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-08-21 07:28 . 2011-08-21 07:28 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-08-21 07:28 . 2011-08-21 07:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-08-21 07:28 . 2011-08-21 07:28 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-08-21 07:28 . 2011-08-21 07:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-08-21 07:28 . 2011-08-21 07:28 369152 ----a-w- c:\windows\system32\secproc.dll
2011-08-21 07:28 . 2011-08-21 07:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2011-08-21 07:28 . 2011-08-21 07:28 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2011-08-21 07:28 . 2011-08-21 07:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-08-21 04:23 . 2011-08-21 17:24 -------- d-----w- c:\users\Eric\AppData\Roaming\IObit
2011-08-21 04:23 . 2011-08-21 17:24 -------- d-----w- c:\program files\IObit
2011-08-20 01:32 . 2011-08-21 03:27 -------- d-----w- c:\program files\Common Files\FreeCause
2011-08-20 01:32 . 2011-08-20 01:35 -------- d-----w- c:\users\Eric\AppData\Local\Conduit
2011-08-10 06:45 . 2011-08-10 06:45 -------- d-----w- c:\users\Eric\AppData\Local\Bizarre Creations
2011-08-10 05:34 . 2011-08-21 22:22 -------- d-----w- c:\users\Eric\Geometry Wars
2011-08-10 03:23 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 03:23 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 03:23 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-06 23:57 . 2011-08-21 17:24 -------- d-----w- c:\program files\Apple Software Update
2011-08-03 22:54 . 2011-05-04 11:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-02 03:54 . 2011-08-02 06:07 -------- d-----w- c:\users\Eric\AppData\Roaming\Transformice
2011-08-02 03:44 . 2011-08-02 03:44 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 18:44 . 2011-05-26 13:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 02:52 . 2009-05-22 14:17 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-15 08:23 . 2011-06-15 08:23 60156 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-06-11 02:37 . 2011-07-13 00:39 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-05-26 06:29 . 2011-05-26 06:28 20177232 ----a-w- c:\users\Eric\K-Lite_Codec_Pack_710_Mega.exe
2011-08-21 03:17 . 2011-05-15 15:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Wallpaper Manager"="c:\program files\Adolix\Adolix Wallpaper Changer\AWC.exe" [2008-03-14 1946624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-18 53341]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"EADM"="c:\program files\Electronic Arts\EADM\EADMUI\EADMUI.exe" [2011-02-03 11509760]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-01-25 2312048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD_SRT"="c:\program files\Western Digital Technologies\WD Win98 SE USB Disk Driver" [X]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-07 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-21 147456]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"CTHelper"="CTHELPER.EXE" [2007-03-05 19456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-19 2334560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
R0 lvuiy;lvuiy;c:\windows\System32\drivers\wvse.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 136176]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-01-17 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-23 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-24 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-19 7398752]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-21 240232]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-15 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\DRIVERS\P1130Vid.sys [2003-06-11 90229]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 23:26]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 23:26]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3078766118-400663514-3189373327-1000Core.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-25 06:57]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3078766118-400663514-3189373327-1000UA.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-25 06:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3057722
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3057722&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{12a9db21-42a2-492d-a85c-cdde0c88b608} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Steam - c:\program files\steam\steam.exe
HKCU-Run-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exe
AddRemove-Steam App 22120 - c:\program files\Steam\steam.exe
AddRemove-Steam App 22140 - c:\program files\Steam\steam.exe
AddRemove-Steam App 22180 - c:\program files\Steam\steam.exe
AddRemove-Steam App 400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 40800 - c:\program files\Steam\steam.exe
AddRemove-Steam App 41000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 41010 - c:\program files\Steam\steam.exe
AddRemove-Steam App 550 - c:\program files\Steam\steam.exe
AddRemove-VPMan_is1 - f:\pinball\VP-Man\UnInst\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3078766118-400663514-3189373327-1000\Software\SecuROM\License information*]
"datasecu"=hex:03,32,9b,17,01,21,9a,39,2b,5b,19,91,6e,0b,a7,ef,e9,41,6c,2b,48,
cf,cf,bf,7c,27,6f,18,c2,9b,fd,46,96,7d,35,4f,9e,ef,f5,7e,d5,e7,ab,61,aa,20,\
"rkeysecu"=hex:ea,0c,84,b1,df,e6,0e,0c,23,56,48,02,91,5f,76,dc
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-23 20:48:59
ComboFix-quarantined-files.txt 2011-08-24 03:48
.
Pre-Run: 236,010,201,088 bytes free
Post-Run: 236,064,825,344 bytes free
.
- - End Of File - - 7D8BD735999227D95FDD26CC3190BA13
  • 0

#8
maliprog
Posted 23 August 2011 - 11:02 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Koyote,

I see you manage to run Combofix and other tools :). How is your system now? Any changes?

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\System32\drivers\wvse.sys

Driver::
lvuiy


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Please try to run TDSSKiller now and post log.

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#9
Koyote
Posted 25 August 2011 - 09:48 PM

Koyote

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
TDSSKiller still refuses to open for me under any circumstances, no matter what I do. But I did get the ComboFix to run again.

Also, now I seem to have something want to open up iTunes on a random basis. :/



ComboFix 11-08-25.01 - Eric 08/25/2011 16:11:45.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1859 [GMT -7:00]
Running from: c:\users\Eric\Desktop\ComboFix.exe
Command switches used :: c:\users\Eric\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\drivers\wvse.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_lvuiy
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 23:46 . 2011-08-25 23:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-24 03:49 . 2011-08-25 23:50 -------- d-----w- c:\users\Eric\AppData\Local\temp
2011-08-24 01:33 . 2011-08-24 01:33 -------- d-----w- c:\users\Eric\AppData\Roaming\Sammsoft
2011-08-24 01:31 . 2011-08-24 01:31 -------- d-----w- c:\program files\ARO 2011
2011-08-23 22:08 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 02:34 . 2011-08-23 02:34 -------- d-----w- c:\program files\ESET
2011-08-22 05:25 . 2011-08-22 05:25 302592 ----a-w- C:\4o4z9udn.exe
2011-08-22 00:06 . 2011-08-22 01:01 -------- d-----w- c:\users\Eric\DoctorWeb
2011-08-21 22:12 . 2011-08-21 22:12 -------- d-----w- C:\_OTM
2011-08-21 22:12 . 2011-08-21 22:12 -------- d-----w- c:\users\Eric\ERDNT
2011-08-21 20:21 . 2011-08-21 20:21 -------- d-----w- C:\$AVG
2011-08-21 13:56 . 2010-05-14 23:08 388608 ----a-w- c:\users\Eric\HijackThis.exe
2011-08-21 07:35 . 2011-08-21 07:35 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-08-21 07:35 . 2011-08-21 07:35 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-08-21 07:35 . 2011-08-21 07:35 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-08-21 07:35 . 2011-08-21 07:35 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-08-21 07:35 . 2011-08-21 07:35 1686016 ----a-w- c:\windows\system32\esent.dll
2011-08-21 07:35 . 2011-08-21 07:35 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-08-21 07:35 . 2011-08-21 07:35 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-08-21 07:35 . 2011-08-21 07:35 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-08-21 07:35 . 2011-08-21 07:35 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-08-21 07:33 . 2011-08-21 07:33 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-08-21 07:33 . 2011-08-21 07:33 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-08-21 07:33 . 2011-08-21 07:33 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-21 07:33 . 2011-08-21 07:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-08-21 07:32 . 2011-08-21 07:32 2614784 ----a-w- c:\windows\explorer.exe
2011-08-21 07:32 . 2011-08-21 07:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-21 07:30 . 2011-08-21 07:30 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-08-21 07:30 . 2011-08-21 07:30 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-08-21 07:30 . 2011-08-21 07:30 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-08-21 07:30 . 2011-08-21 07:30 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-08-21 07:30 . 2011-08-21 07:30 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-08-21 07:30 . 2011-08-21 07:30 204288 ----a-w- c:\windows\system32\upnp.dll
2011-08-21 07:30 . 2011-08-21 07:30 14336 ----a-w- c:\windows\system32\slwga.dll
2011-08-21 07:30 . 2011-08-21 07:30 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-08-21 07:30 . 2011-08-21 07:30 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-08-21 07:30 . 2011-08-21 07:30 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-08-21 07:29 . 2011-08-21 07:29 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-08-21 07:29 . 2011-08-21 07:29 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-21 07:29 . 2011-08-21 07:29 417792 ----a-w- c:\windows\system32\msdri.dll
2011-08-21 07:29 . 2011-08-21 07:29 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-08-21 07:29 . 2011-08-21 07:29 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-08-21 07:28 . 2011-08-21 07:28 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-08-21 07:28 . 2011-08-21 07:28 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-08-21 07:28 . 2011-08-21 07:28 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-08-21 07:28 . 2011-08-21 07:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-08-21 07:28 . 2011-08-21 07:28 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-08-21 07:28 . 2011-08-21 07:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-08-21 07:28 . 2011-08-21 07:28 369152 ----a-w- c:\windows\system32\secproc.dll
2011-08-21 07:28 . 2011-08-21 07:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2011-08-21 07:28 . 2011-08-21 07:28 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2011-08-21 07:28 . 2011-08-21 07:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-08-21 04:23 . 2011-08-21 17:24 -------- d-----w- c:\users\Eric\AppData\Roaming\IObit
2011-08-21 04:23 . 2011-08-21 17:24 -------- d-----w- c:\program files\IObit
2011-08-20 01:32 . 2011-08-21 03:27 -------- d-----w- c:\program files\Common Files\FreeCause
2011-08-20 01:32 . 2011-08-20 01:35 -------- d-----w- c:\users\Eric\AppData\Local\Conduit
2011-08-10 06:45 . 2011-08-10 06:45 -------- d-----w- c:\users\Eric\AppData\Local\Bizarre Creations
2011-08-10 05:34 . 2011-08-21 22:22 -------- d-----w- c:\users\Eric\Geometry Wars
2011-08-10 03:23 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 03:23 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 03:23 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-06 23:57 . 2011-08-21 17:24 -------- d-----w- c:\program files\Apple Software Update
2011-08-03 22:54 . 2011-05-04 11:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-02 03:54 . 2011-08-02 06:07 -------- d-----w- c:\users\Eric\AppData\Roaming\Transformice
2011-08-02 03:44 . 2011-08-02 03:44 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 18:44 . 2011-05-26 13:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 02:52 . 2009-05-22 14:17 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-15 08:23 . 2011-06-15 08:23 60156 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-06-11 02:37 . 2011-07-13 00:39 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-08-21 03:17 . 2011-05-15 15:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-24_03.31.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-23 22:08 . 2011-07-09 05:50 40448 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.21767_none_17a5505481179e99\tzupd.exe
+ 2011-08-23 22:08 . 2011-07-09 04:32 40448 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.17647_none_1731536167e9c6ed\tzupd.exe
+ 2011-08-23 22:08 . 2011-07-09 04:24 40448 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7600.21005_none_15fdaa6483c28b9b\tzupd.exe
+ 2011-08-23 22:08 . 2011-07-09 04:33 40448 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7600.16847_none_154af65b6ac35b01\tzupd.exe
+ 2010-02-23 06:05 . 2011-08-25 22:56 47682 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-08-25 23:51 36608 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-23 05:48 . 2011-08-25 23:51 11310 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3078766118-400663514-3189373327-1000_UserData.bin
- 2010-02-23 04:16 . 2011-08-22 01:50 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-23 04:16 . 2011-08-24 07:17 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-23 04:16 . 2011-08-24 07:17 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-23 04:16 . 2011-08-22 01:50 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-08-24 07:17 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-08-22 01:50 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-24 00:44 . 2010-02-02 07:47 40448 c:\windows\servicing\GC32\tzupd.exe
+ 2011-08-23 22:08 . 2011-07-09 04:33 40448 c:\windows\servicing\GC32\tzupd.exe
- 2010-02-23 06:04 . 2011-08-24 02:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-23 06:04 . 2011-08-25 23:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:34 . 2011-08-21 22:06 78448 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:34 . 2011-08-25 23:02 78448 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-08-20 18:43 . 2011-08-25 23:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-20 18:43 . 2011-08-24 02:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-20 18:43 . 2011-08-25 23:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-08-20 18:43 . 2011-08-24 02:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-08-20 18:43 . 2011-08-25 23:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-08-20 18:43 . 2011-08-24 02:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2010-02-23 06:04 . 2011-08-25 23:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-23 06:04 . 2011-08-24 02:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-23 06:04 . 2011-08-24 02:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-23 06:04 . 2011-08-25 23:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-23 06:04 . 2011-08-24 03:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-23 06:04 . 2011-08-25 23:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-23 06:04 . 2011-08-24 03:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-23 06:04 . 2011-08-25 23:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-23 22:08 . 2011-07-09 05:46 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.21767_none_17a5505481179e99\tzres.dll
+ 2011-08-23 22:08 . 2011-07-09 04:29 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.17647_none_1731536167e9c6ed\tzres.dll
+ 2011-08-23 22:08 . 2011-07-09 04:22 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7600.21005_none_15fdaa6483c28b9b\tzres.dll
+ 2011-08-23 22:08 . 2011-07-09 04:30 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7600.16847_none_154af65b6ac35b01\tzres.dll
+ 2011-08-25 22:54 . 2011-08-25 23:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-24 02:21 . 2011-08-24 02:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-25 22:54 . 2011-08-25 23:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-24 02:21 . 2011-08-24 02:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2011-08-25 22:59 659580 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-08-24 02:28 659580 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-08-25 22:59 120508 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2011-08-24 02:28 120508 c:\windows\System32\perfc009.dat
+ 2009-07-14 04:47 . 2011-08-25 06:54 408512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-08-24 02:08 408512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-05-16 06:49 . 2011-08-24 02:08 409280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3078766118-400663514-3189373327-1000-12288.dat
+ 2010-05-16 06:49 . 2011-08-25 06:54 409280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3078766118-400663514-3189373327-1000-12288.dat
+ 2009-07-14 02:03 . 2011-08-25 23:08 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2011-08-23 22:13 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 04:34 . 2011-08-25 04:18 3837332 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:34 . 2011-08-21 17:33 3837332 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Wallpaper Manager"="c:\program files\Adolix\Adolix Wallpaper Changer\AWC.exe" [2008-03-14 1946624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-18 53341]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"EADM"="c:\program files\Electronic Arts\EADM\EADMUI\EADMUI.exe" [2011-02-03 11509760]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-01-25 2312048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD_SRT"="c:\program files\Western Digital Technologies\WD Win98 SE USB Disk Driver" [X]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-07 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-21 147456]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"CTHelper"="CTHELPER.EXE" [2007-03-05 19456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-19 2334560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-19 7398752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-01-17 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-23 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-24 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-21 240232]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-15 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\DRIVERS\P1130Vid.sys [2003-06-11 90229]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 23:26]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 23:26]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3078766118-400663514-3189373327-1000Core.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-25 06:57]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3078766118-400663514-3189373327-1000UA.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-25 06:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3057722
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\kdog2mb1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3057722&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3078766118-400663514-3189373327-1000\Software\SecuROM\License information*]
"datasecu"=hex:03,32,9b,17,01,21,9a,39,2b,5b,19,91,6e,0b,a7,ef,e9,41,6c,2b,48,
cf,cf,bf,7c,27,6f,18,c2,9b,fd,46,96,7d,35,4f,9e,ef,f5,7e,d5,e7,ab,61,aa,20,\
"rkeysecu"=hex:ea,0c,84,b1,df,e6,0e,0c,23,56,48,02,91,5f,76,dc
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(924)
c:\program files\RocketDock\RocketDock.dll
c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\java.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Western Digital Technologies\WD Win98 SE USB Disk Driver, v1.00.09\WD_SRT.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgchsvx.exe
c:\program files\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-08-25 17:08:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-26 00:08
ComboFix2.txt 2011-08-24 03:49
.
Pre-Run: 236,411,629,568 bytes free
Post-Run: 236,256,612,352 bytes free
.
- - End Of File - - DED5648FDEEE6D5863D10D153736F74F
  • 0

#10
maliprog
Posted 26 August 2011 - 03:24 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Beside iTunes, do you have any other problems? Redirection?

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#11
Koyote
Posted 27 August 2011 - 05:08 PM

Koyote

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I was considering entering the last thing from Kaspersky when I did a couple checks and realized... malware is gone! No more search engine redirects, no more pulling open hidden IE programs. Both have been cleared up. It would appear that Kaspersky did the trick! Thank you for your time and commitment. Hats off to Kaspersky, I think that program was the one that really killed them.

Eric
  • 0

#12
maliprog
Posted 28 August 2011 - 02:16 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Koyote,

If you are happy so am I :). Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#13
maliprog
Posted 28 August 2011 - 11:22 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP