Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Webpages load very slowly or not at all.

Started by dzwiss , Feb 21 2013 02:12 PM

  • Please log in to reply

#1
dzwiss
Posted 21 February 2013 - 02:12 PM

dzwiss

    Member

  • Member
  • PipPip
  • 20 posts
I am on a Dell Inspiron E1705 running 32 bit version of Vista, with all the updates. Pages are loading very slowly or dont load at all whether I am on a connection at work or at my home and whether I am using Chrome or IE. This has been going on for a two weeks, and I have tried a few things like CCleaner (but didnt mess with the registry) and virus scans and Malwarebytes. I d/led OTL and ran it and got this output. I appreciate any help.

David

OTL logfile created on: 2/21/2013 2:49:16 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dzwiss\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.24% Memory free
4.23 Gb Paging File | 3.01 Gb Available in Paging File | 71.19% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.74 Gb Total Space | 5.07 Gb Free Space | 4.88% Space Free | Partition Type: NTFS
Drive D: | 12.88 Gb Total Space | 4.42 Gb Free Space | 34.30% Space Free | Partition Type: NTFS

Computer Name: DZWISS-PC | User Name: dzwiss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/21 14:49:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dzwiss\Desktop\OTL (1).exe
PRC - [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/12 09:40:06 | 000,076,288 | ---- | M] (Plantronics) -- C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
PRC - [2012/09/25 14:47:52 | 000,631,296 | ---- | M] (BodyMedia, Inc.) -- C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/01/24 11:48:00 | 002,537,264 | ---- | M] (Suunto Oy) -- C:\Program Files\Suunto\Moveslink for Movestick Mini\Moveslink.exe
PRC - [2011/08/05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2011/08/05 11:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/10/19 14:25:18 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/10/19 14:02:42 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/01/29 00:04:26 | 000,764,784 | ---- | M] (Microsoft Corporation
) -- C:\Windows\vVX6000.exe
PRC - [2009/05/29 14:19:52 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 14:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/02/16 11:58:12 | 000,856,064 | ---- | M] (Christian Diefer) -- C:\Program Files\I8kfanGUI\I8kfanGUI.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 17:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 17:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2004/05/20 14:11:08 | 000,087,888 | ---- | M] () -- C:\Windows\System32\Wnex7DO.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/13 08:24:15 | 012,638,576 | ---- | M] () -- C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013/01/25 21:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/25 21:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/25 21:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/25 21:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/25 21:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/10 03:24:58 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013/01/10 03:21:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013/01/10 03:21:36 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/10 03:20:55 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2cbdbc8bb7fcf0d7eb7a8d616e141d79\System.Core.ni.dll
MOD - [2013/01/10 03:20:21 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/10 03:20:14 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2009/12/08 15:54:50 | 002,011,648 | ---- | M] () -- C:\Program Files\Suunto\Moveslink for Movestick Mini\QtCore4.dll
MOD - [2009/09/29 13:43:02 | 007,462,912 | ---- | M] () -- C:\Program Files\Suunto\Moveslink for Movestick Mini\QtGui4.dll
MOD - [2009/09/29 13:32:20 | 000,877,056 | ---- | M] () -- C:\Program Files\Suunto\Moveslink for Movestick Mini\QtNetwork4.dll
MOD - [2009/09/29 13:31:12 | 000,337,408 | ---- | M] () -- C:\Program Files\Suunto\Moveslink for Movestick Mini\QtXml4.dll
MOD - [2006/11/03 17:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 17:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2004/05/20 14:11:08 | 000,087,888 | ---- | M] () -- C:\Windows\System32\Wnex7DO.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/10/19 14:25:18 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/10/19 14:02:42 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/05/29 14:19:52 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/02/23 06:38:09 | 000,072,704 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2007/01/24 11:21:24 | 000,375,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/01/24 11:21:14 | 000,177,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 07:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\evsbc.sys -- (VSBC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\SE4BLPT.SYS -- (SE4BLPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\samhid.sys -- (samhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302V32.SYS -- (PID_PEPI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05FE8C66-C6C4-495F-AF89-1C280268010C}\MpKsl7b04ff38.sys -- (MpKsl7b04ff38)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\evserial.sys -- (evserial)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ETUSBW11.sys -- (ETUSBW11)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\dzwiss\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/10/12 13:00:54 | 000,027,136 | ---- | M] (CSR/PLT) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\csrbcx86.sys -- (CSRBC)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/15 23:24:36 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/10/31 11:16:04 | 000,058,632 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\evserial7.sys -- (evserial7)
DRV - [2011/10/31 11:15:36 | 000,033,032 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\evsbc7.sys -- (VSBC7)
DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/10/07 05:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010/01/29 00:04:28 | 002,074,480 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/06/12 19:07:44 | 000,020,742 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2009/03/06 17:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2009/03/05 11:09:34 | 000,432,640 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dw130c.sys -- (RTL8192U)
DRV - [2009/01/30 09:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/12/11 10:28:40 | 000,016,256 | ---- | M] (IdeaCom Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\idcphid.sys -- (IdcPHid)
DRV - [2008/10/19 22:00:06 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2008/07/04 23:47:43 | 000,051,200 | ---- | M] (Magellan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MUD.sys -- (MUD)
DRV - [2008/06/12 01:28:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/01 13:39:42 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/04/01 13:39:42 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/10/30 10:41:46 | 000,704,000 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USA19H2k.sys -- (USA19H)
DRV - [2007/09/26 06:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/07/31 18:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/05/29 14:32:58 | 000,024,192 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USA19H2kp.sys -- (USA19H2KP)
DRV - [2007/04/19 10:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/04/19 10:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/04/19 10:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/02/16 04:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\Windows\System32\drivers\fanio.sys -- (fanio)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/21 04:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/20 14:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 14:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 14:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/11 18:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/10/30 12:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/09/28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/05/11 12:51:02 | 000,089,808 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2006/05/11 12:51:02 | 000,055,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus)
DRV - [2006/03/28 15:44:40 | 000,042,240 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2005/09/06 14:30:38 | 000,017,516 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2005/09/06 14:30:22 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2005/04/11 13:26:04 | 000,121,472 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mr97310c.sys -- (mr97310c)
DRV - [2003/04/19 02:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 19:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
DRV - [2002/06/10 13:20:56 | 000,044,544 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvce.sys -- (QCEmerald)
DRV - [2002/05/13 09:42:18 | 000,292,920 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usa19w2k.sys -- (USA19W)
DRV - [2002/04/08 12:46:20 | 000,040,848 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usa19w2kp.sys -- (USA19w2KP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://encrypted.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\dzwiss\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\dzwiss\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\dzwiss\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dzwiss\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dzwiss\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)


[2012/06/02 10:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dzwiss\AppData\Roaming\Mozilla\Firefox\extensions
[2012/06/02 10:49:57 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\dzwiss\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\dzwiss\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\dzwiss\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\dzwiss\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\dzwiss\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Google Drive = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Chrome Tips Beta (by Google) = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmbgfhokojnnaliemjgbahnfeggocpe\1.0.6_0\
CHR - Extension: http://deals.woot.com/ = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpmookdeobmiaigajfgcimgffhnbdjja\2012.9.2.55786_0\
CHR - Extension: Earth for Chrome = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfiocoehplocalbhdpckfoiameeefkna\1.4_0\
CHR - Extension: Google Search = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Netflix = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\
CHR - Extension: PocketSmith - Cashflow Forecasting = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpacaoamfanlmkfcalnbbcdbmfcmclf\2.1.2_0\
CHR - Extension: Google Calendar = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.3.1_0\
CHR - Extension: Google Voice (by Google) = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
CHR - Extension: Google Maps = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Gmail = C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {147D6308-0614-4112-89B1-31402F9B82C4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Plantronics MyHeadset Updater] C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe (Plantronics)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [Watcher-WatchDog] C:\Windows\System32\Wnex7DO.exe ()
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\dzwiss\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\dzwiss\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dlinkrouter ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} file:///E:/Scripts/LTOCX14N.cab (LEAD Main Control (14.0))
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.3.16.0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35DCA6DC-8B6E-45E6-BCAF-D25250B5B90E}: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5DBE6F6-5C34-47A3-807A-11DE362B7C28}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17ccde22-b4d8-11dc-b15d-00188bbe3851}\Shell - "" = AutoRun
O33 - MountPoints2\{17ccde22-b4d8-11dc-b15d-00188bbe3851}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL iexplore http://www.mgae.com/...654268555600941
O33 - MountPoints2\{85b8f2cb-9f06-11de-930b-0016cffa43fd}\Shell - "" = AutoRun
O33 - MountPoints2\{85b8f2cb-9f06-11de-930b-0016cffa43fd}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{e2954c4b-2e80-11de-ae32-0016cffa43fd}\Shell - "" = AutoRun
O33 - MountPoints2\{e2954c4b-2e80-11de-ae32-0016cffa43fd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE /AUTORUN
O33 - MountPoints2\G\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\G\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/21 14:48:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dzwiss\Desktop\OTL (1).exe
[2013/02/20 22:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/02/20 21:46:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/20 20:40:48 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2013/02/20 20:37:22 | 005,034,373 | R--- | C] (Swearware) -- C:\Users\dzwiss\Desktop\Combo-Fix.exe
[2013/02/20 19:27:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dzwiss\Desktop\OTL.exe
[2013/02/20 18:35:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/20 18:35:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/20 18:35:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/20 18:32:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/20 18:32:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/20 18:31:38 | 005,034,373 | R--- | C] (Swearware) -- C:\Users\dzwiss\Desktop\ComboFix.exe
[2013/02/20 18:24:12 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\dzwiss\Desktop\aswMBR.exe
[2013/02/19 16:34:00 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/19 16:34:00 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/19 16:19:40 | 000,701,808 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\dzwiss\Desktop\uninstall_flash_player.exe
[2013/02/17 10:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Plantronics
[2013/02/13 03:04:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/13 03:04:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/13 03:04:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/13 03:04:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/13 03:04:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/13 03:04:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/13 03:04:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/13 03:04:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/12 20:35:23 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/12 20:35:22 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/02/12 20:35:19 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/12 20:35:19 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/10 20:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firstbeat
[2013/02/10 20:26:14 | 000,000,000 | ---D | C] -- C:\Firstbeat Files
[2013/02/10 20:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Firstbeat
[2013/02/08 20:30:51 | 000,072,000 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftser2k.sys
[2013/02/08 20:30:51 | 000,051,528 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftserui2.dll
[2013/02/08 20:30:50 | 000,202,048 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftd2xx.dll
[2013/02/08 20:30:50 | 000,185,664 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\FTLang.dll
[2013/02/08 20:30:50 | 000,120,128 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftbusui.dll
[2013/02/08 20:30:50 | 000,057,536 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftdibus.sys
[2013/02/08 20:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\SuuntoUSBDrivers
[2013/02/08 20:30:33 | 000,089,808 | ---- | C] (MCCI) -- C:\Windows\System32\slabser.sys
[2013/02/08 20:30:33 | 000,089,808 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\slabser.sys
[2013/02/08 20:30:33 | 000,055,312 | ---- | C] (MCCI) -- C:\Windows\System32\slabbus.sys
[2013/02/08 20:30:33 | 000,055,312 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\slabbus.sys
[2013/02/08 20:30:33 | 000,047,616 | ---- | C] (Windows ® 2000 DDK provider) -- C:\Windows\System32\suuunin2k.exe
[2013/02/08 20:30:33 | 000,010,704 | ---- | C] (MCCI) -- C:\Windows\System32\slabcm95.sys
[2013/02/08 20:30:33 | 000,006,672 | ---- | C] (MCCI) -- C:\Windows\System32\slabwh95.sys
[2013/02/08 20:30:33 | 000,006,144 | ---- | C] (MCCI) -- C:\Windows\System32\slabcmnt.sys
[2013/02/08 20:30:33 | 000,006,144 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\slabcmnt.sys
[2013/02/08 20:30:33 | 000,006,144 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\slabcm.sys
[2013/02/08 20:30:33 | 000,005,776 | ---- | C] (MCCI) -- C:\Windows\System32\slabwhnt.sys
[2013/02/08 20:30:33 | 000,005,776 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\slabwhnt.sys
[2013/02/08 20:30:33 | 000,005,776 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\slabwh.sys
[2013/02/08 20:30:33 | 000,004,048 | ---- | C] (MCCI) -- C:\Windows\System32\slabcr.sys
[2013/02/08 20:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Suunto Monitor
[2013/02/08 20:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Suunto Training Manager
[2013/02/08 20:26:03 | 015,550,624 | ---- | C] (Suunto Oy ) -- C:\Users\dzwiss\Desktop\Suunto_Training_Manager_setup_with_Monitor_2.3.0.exe
[2013/02/08 17:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suunto
[2013/02/08 17:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Suunto
[2013/02/08 17:02:11 | 000,000,000 | ---D | C] -- C:\Users\dzwiss\AppData\Roaming\Suunto
[2013/02/02 18:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\CrypKey
[2013/02/02 17:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebRacing
[2013/02/02 17:31:24 | 000,000,000 | ---D | C] -- C:\WebRacing_Products_Authorization_Setup
[2013/02/02 17:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WebRacing
[2013/02/02 17:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\WebRacing
[2013/01/30 18:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2013/01/30 18:41:40 | 000,000,000 | ---D | C] -- C:\Users\dzwiss\AppData\Roaming\Synaptics
[2013/01/30 18:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/01/30 18:32:52 | 000,142,648 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo14.dll
[2013/01/30 00:00:33 | 000,000,000 | ---D | C] -- C:\Users\dzwiss\AppData\Local\Microsoft Corporation
[2013/01/29 23:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2013/01/28 17:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FDF USB Samples
[2013/01/28 17:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\FDF
[2013/01/28 17:07:17 | 000,000,000 | ---D | C] -- C:\Users\dzwiss\AppData\Local\SessionViewer
[2013/01/28 17:07:17 | 000,000,000 | ---D | C] -- C:\Users\dzwiss\FDFSavedSessions
[2013/01/28 17:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\First Degree Fitness
[2013/01/28 17:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FDF Rower Session App Bundle
[2013/01/28 17:04:08 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe
[2013/01/28 17:04:08 | 000,126,976 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
[2013/01/28 17:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FitCentric Products
[2013/01/28 17:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\FitCentric Products
[2013/01/28 17:02:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\crystal
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\dzwiss\*.tmp files -> C:\Users\dzwiss\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/21 14:49:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dzwiss\Desktop\OTL (1).exe
[2013/02/21 14:42:01 | 000,734,468 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/21 14:42:01 | 000,151,994 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/21 14:40:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3000640766-2305895604-476840379-1001UA.job
[2013/02/21 14:38:11 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3000640766-2305895604-476840379-1001UA.job
[2013/02/21 14:35:53 | 000,064,670 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/02/21 14:35:49 | 000,064,670 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/02/21 14:35:41 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/21 14:35:41 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/21 14:35:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/21 14:35:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/21 12:29:24 | 000,004,126 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/02/21 12:04:59 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/20 21:59:22 | 156,855,840 | ---- | M] () -- C:\Users\dzwiss\Desktop\setup_11.0.0.1245.x01_2013_02_21_06_18.exe
[2013/02/20 20:38:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3000640766-2305895604-476840379-1001Core.job
[2013/02/20 20:37:22 | 005,034,373 | R--- | M] (Swearware) -- C:\Users\dzwiss\Desktop\Combo-Fix.exe
[2013/02/20 19:27:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dzwiss\Desktop\OTL.exe
[2013/02/20 18:31:47 | 005,034,373 | R--- | M] (Swearware) -- C:\Users\dzwiss\Desktop\ComboFix.exe
[2013/02/20 18:25:43 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\dzwiss\Desktop\aswMBR.exe
[2013/02/20 18:13:51 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/20 18:13:51 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/20 08:14:56 | 000,000,033 | -H-- | M] () -- C:\ProgramData\LTR2U-83QY4-WJF4W-AEBNS-GWDJB
[2013/02/19 21:40:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3000640766-2305895604-476840379-1001Core.job
[2013/02/19 16:19:49 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\dzwiss\Desktop\uninstall_flash_player.exe
[2013/02/13 08:30:12 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/13 03:29:51 | 000,413,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/10 20:28:03 | 000,000,033 | -H-- | M] () -- C:\ProgramData\461850201589
[2013/02/10 20:26:36 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\Firstbeat ATHLETE.lnk
[2013/02/10 15:47:08 | 007,937,293 | ---- | M] () -- C:\Users\dzwiss\Desktop\Suunto_t6c_Running_Guide_Book.pdf
[2013/02/10 15:46:39 | 001,318,492 | ---- | M] () -- C:\Users\dzwiss\Desktop\Suunto_Training_Guidebook_EN.pdf
[2013/02/10 15:46:10 | 000,560,870 | ---- | M] () -- C:\Users\dzwiss\Desktop\t6_Training_Guidebook_EN.pdf
[2013/02/08 20:30:51 | 000,002,474 | ---- | M] () -- C:\Windows\unins001.dat
[2013/02/08 20:30:49 | 000,673,610 | ---- | M] () -- C:\Windows\unins001.exe
[2013/02/08 20:30:33 | 000,001,804 | ---- | M] () -- C:\Windows\unins000.dat
[2013/02/08 20:30:33 | 000,000,177 | ---- | M] () -- C:\Windows\System32\suuunin.u98
[2013/02/08 20:30:33 | 000,000,097 | ---- | M] () -- C:\Windows\System32\suuunin.u2k
[2013/02/08 20:30:32 | 000,673,610 | ---- | M] () -- C:\Windows\unins000.exe
[2013/02/08 20:30:28 | 000,001,852 | ---- | M] () -- C:\Users\dzwiss\Desktop\Training Manager.lnk
[2013/02/08 20:26:44 | 015,550,624 | ---- | M] (Suunto Oy ) -- C:\Users\dzwiss\Desktop\Suunto_Training_Manager_setup_with_Monitor_2.3.0.exe
[2013/02/08 17:16:12 | 000,001,962 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Moveslink for Movestick Mini.lnk
[2013/02/08 14:02:46 | 000,245,865 | ---- | M] () -- C:\Users\dzwiss\Desktop\Repair_AuthorizationFILLED.pdf
[2013/02/03 17:07:38 | 000,711,244 | ---- | M] () -- C:\Users\dzwiss\Desktop\Suunto_t6d_UG_EN.pdf
[2013/02/02 22:36:56 | 000,006,160 | ---- | M] () -- C:\Windows\System32\esnecil.ind
[2013/02/02 22:36:56 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat
[2013/02/02 17:39:29 | 000,000,113 | ---- | M] () -- C:\Windows\Crypkey.ini
[2013/02/02 17:31:53 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\NetAthlon 2 XF for Rowing.lnk
[2013/01/30 18:39:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/01/30 05:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/29 18:42:11 | 000,001,356 | ---- | M] () -- C:\Users\dzwiss\AppData\Local\d3d9caps.dat
[2013/01/28 19:39:36 | 002,650,733 | ---- | M] () -- C:\Users\dzwiss\Desktop\fdf_console_usb_connect_1_0.pdf
[2013/01/28 19:38:04 | 003,865,175 | ---- | M] () -- C:\Users\dzwiss\Desktop\fdf_erometer_user_guide_1_0.pdf
[2013/01/28 19:18:18 | 000,020,021 | ---- | M] () -- C:\Users\dzwiss\Desktop\WTY VX 2012.pdf
[2013/01/28 17:34:24 | 002,335,263 | ---- | M] () -- C:\Users\dzwiss\Desktop\OwnersManual VX-2 2012.pdf
[2013/01/28 17:15:10 | 000,000,761 | ---- | M] () -- C:\Users\Public\Desktop\OSD Sample.lnk
[2013/01/28 17:15:10 | 000,000,761 | ---- | M] () -- C:\Users\Public\Desktop\Emulator Sample.lnk
[2013/01/28 17:07:02 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\FDF Rower Session Viewer.lnk
[2013/01/28 17:07:02 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\FDF Rower Session Recorder.lnk
[2013/01/28 17:05:03 | 000,002,240 | ---- | M] () -- C:\Windows\System32\esnecil.nlp
[2013/01/28 17:03:01 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\UltraCoach® 3.lnk
[2013/01/28 14:41:46 | 001,089,011 | ---- | M] () -- C:\Users\dzwiss\Desktop\ESC1913_FDF_SpecSheet_VX2.pdf
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\dzwiss\*.tmp files -> C:\Users\dzwiss\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/20 21:55:57 | 156,855,840 | ---- | C] () -- C:\Users\dzwiss\Desktop\setup_11.0.0.1245.x01_2013_02_21_06_18.exe
[2013/02/20 18:35:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/20 18:35:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/20 18:35:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/20 18:35:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/20 18:35:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/11 11:19:27 | 000,000,033 | -H-- | C] () -- C:\ProgramData\LTR2U-83QY4-WJF4W-AEBNS-GWDJB
[2013/02/10 20:28:03 | 000,000,033 | -H-- | C] () -- C:\ProgramData\461850201589
[2013/02/10 20:26:36 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\Firstbeat ATHLETE.lnk
[2013/02/10 15:47:08 | 007,937,293 | ---- | C] () -- C:\Users\dzwiss\Desktop\Suunto_t6c_Running_Guide_Book.pdf
[2013/02/10 15:46:38 | 001,318,492 | ---- | C] () -- C:\Users\dzwiss\Desktop\Suunto_Training_Guidebook_EN.pdf
[2013/02/10 15:46:10 | 000,560,870 | ---- | C] () -- C:\Users\dzwiss\Desktop\t6_Training_Guidebook_EN.pdf
[2013/02/08 20:30:50 | 000,673,610 | ---- | C] () -- C:\Windows\unins001.exe
[2013/02/08 20:30:50 | 000,002,474 | ---- | C] () -- C:\Windows\unins001.dat
[2013/02/08 20:30:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\PreInstaller.exe
[2013/02/08 20:30:33 | 000,030,622 | ---- | C] () -- C:\Windows\System32\slabvcr.vxd
[2013/02/08 20:30:33 | 000,028,672 | ---- | C] () -- C:\Windows\System32\suuunin.exe
[2013/02/08 20:30:33 | 000,023,887 | ---- | C] () -- C:\Windows\System32\slabcomm.vxd
[2013/02/08 20:30:33 | 000,013,216 | ---- | C] () -- C:\Windows\System32\slabvcd.vxd
[2013/02/08 20:30:33 | 000,011,553 | ---- | C] () -- C:\Windows\System32\suuser.cat
[2013/02/08 20:30:33 | 000,010,782 | ---- | C] () -- C:\Windows\System32\slabvxd.inf
[2013/02/08 20:30:33 | 000,009,464 | ---- | C] () -- C:\Windows\System32\suubus.cat
[2013/02/08 20:30:33 | 000,008,088 | ---- | C] () -- C:\Windows\System32\suubus.inf
[2013/02/08 20:30:33 | 000,004,832 | ---- | C] () -- C:\Windows\System32\suuwdm.inf
[2013/02/08 20:30:33 | 000,004,570 | ---- | C] () -- C:\Windows\System32\suuw2k.inf
[2013/02/08 20:30:33 | 000,000,336 | ---- | C] () -- C:\Windows\System32\setup.ini
[2013/02/08 20:30:33 | 000,000,177 | ---- | C] () -- C:\Windows\System32\suuunin.u98
[2013/02/08 20:30:33 | 000,000,097 | ---- | C] () -- C:\Windows\System32\suuunin.u2k
[2013/02/08 20:30:32 | 000,673,610 | ---- | C] () -- C:\Windows\unins000.exe
[2013/02/08 20:30:32 | 000,001,804 | ---- | C] () -- C:\Windows\unins000.dat
[2013/02/08 20:30:32 | 000,000,368 | ---- | C] () -- C:\Windows\System32\DriverLanguageMap.xml
[2013/02/08 20:30:28 | 000,001,852 | ---- | C] () -- C:\Users\dzwiss\Desktop\Training Manager.lnk
[2013/02/08 17:16:12 | 000,001,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Moveslink for Movestick Mini.lnk
[2013/02/08 14:02:46 | 000,245,865 | ---- | C] () -- C:\Users\dzwiss\Desktop\Repair_AuthorizationFILLED.pdf
[2013/02/03 17:07:37 | 000,711,244 | ---- | C] () -- C:\Users\dzwiss\Desktop\Suunto_t6d_UG_EN.pdf
[2013/02/02 19:25:36 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/02/02 17:31:53 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\NetAthlon 2 XF for Rowing.lnk
[2013/01/30 18:39:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/01/30 18:32:51 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2013/01/29 23:59:53 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2013/01/28 19:39:36 | 002,650,733 | ---- | C] () -- C:\Users\dzwiss\Desktop\fdf_console_usb_connect_1_0.pdf
[2013/01/28 19:38:04 | 003,865,175 | ---- | C] () -- C:\Users\dzwiss\Desktop\fdf_erometer_user_guide_1_0.pdf
[2013/01/28 19:18:18 | 000,020,021 | ---- | C] () -- C:\Users\dzwiss\Desktop\WTY VX 2012.pdf
[2013/01/28 17:34:24 | 002,335,263 | ---- | C] () -- C:\Users\dzwiss\Desktop\OwnersManual VX-2 2012.pdf
[2013/01/28 17:15:10 | 000,000,761 | ---- | C] () -- C:\Users\Public\Desktop\OSD Sample.lnk
[2013/01/28 17:15:10 | 000,000,761 | ---- | C] () -- C:\Users\Public\Desktop\Emulator Sample.lnk
[2013/01/28 17:07:02 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\FDF Rower Session Viewer.lnk
[2013/01/28 17:07:02 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\FDF Rower Session Recorder.lnk
[2013/01/28 17:05:01 | 000,006,160 | ---- | C] () -- C:\Windows\System32\esnecil.ind
[2013/01/28 17:05:01 | 000,002,240 | ---- | C] () -- C:\Windows\System32\esnecil.nlp
[2013/01/28 17:04:21 | 000,000,113 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/01/28 17:04:08 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2013/01/28 17:04:08 | 000,020,742 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2013/01/28 17:04:08 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2013/01/28 17:04:08 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/01/28 17:03:01 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\UltraCoach® 3.lnk
[2013/01/28 14:41:45 | 001,089,011 | ---- | C] () -- C:\Users\dzwiss\Desktop\ESC1913_FDF_SpecSheet_VX2.pdf
[2012/08/17 18:03:21 | 000,049,152 | ---- | C] () -- C:\Windows\System32\k19hinst.dll
[2012/08/01 13:01:36 | 000,000,092 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini
[2012/07/03 16:32:10 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Usa19wPropPage.dll
[2012/07/03 16:32:10 | 000,049,152 | ---- | C] () -- C:\Windows\System32\k19winst.dll
[2012/06/23 22:03:07 | 000,000,111 | ---- | C] () -- C:\Users\dzwiss\webct_upload_applet.properties
[2012/02/05 10:22:51 | 000,003,284 | ---- | C] () -- C:\Users\dzwiss\AppData\Roaming\ANIWZCS{AD26CC39-4224-460E-9DE3-1BBF0F0F5280}
[2011/12/12 09:19:36 | 000,000,000 | ---- | C] () -- C:\Users\dzwiss\AppData\Local\{3CA8C0D7-F104-4064-9909-993EB0674E63}
[2011/03/21 18:59:29 | 000,003,284 | ---- | C] () -- C:\Users\dzwiss\AppData\Roaming\ANIWZCS{A49DBCB5-8D34-4FEB-BF94-33D836485939}
[2011/03/21 18:54:33 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2011/01/03 00:54:12 | 000,064,670 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/01/03 00:54:12 | 000,064,670 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/01/31 22:44:31 | 000,000,532 | ---- | C] () -- C:\Users\dzwiss\AppData\Local\CastleLinkProps.dat
[2010/01/14 11:23:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/09 21:03:40 | 000,000,190 | ---- | C] () -- C:\Users\dzwiss\AppData\Roaming\PropCalc Preferences
[2008/12/26 18:14:23 | 000,000,016 | ---- | C] () -- C:\Users\dzwiss\persistent_state
[2008/08/10 10:10:14 | 000,008,699 | ---- | C] () -- C:\Users\dzwiss\vshield.ini
[2008/08/10 10:10:14 | 000,008,417 | ---- | C] () -- C:\Users\dzwiss\live.ini
[2008/08/10 10:10:14 | 000,003,271 | ---- | C] () -- C:\Users\dzwiss\quar.ini
[2008/08/10 10:10:14 | 000,000,518 | ---- | C] () -- C:\Users\dzwiss\status.ini
[2008/08/10 10:10:14 | 000,000,512 | ---- | C] () -- C:\Users\dzwiss\firewall.ini
[2008/05/22 20:45:02 | 000,001,356 | ---- | C] () -- C:\Users\dzwiss\AppData\Local\d3d9caps.dat
[2008/02/22 15:45:07 | 000,000,737 | ---- | C] () -- C:\Users\dzwiss\AppData\Roaming\DriveCalculator Preferences
[2007/11/25 10:39:12 | 000,022,328 | ---- | C] () -- C:\Users\dzwiss\AppData\Roaming\PnkBstrK.sys
[2007/03/20 05:09:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/03/02 22:01:44 | 000,223,232 | ---- | C] () -- C:\Users\dzwiss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/02 21:09:30 | 000,041,052 | ---- | C] () -- C:\Users\dzwiss\AppData\Roaming\nvModes.001
[2007/03/02 21:09:11 | 000,041,052 | ---- | C] () -- C:\Users\dzwiss\AppData\Roaming\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013/01/29 17:50:41 | 000,000,000 | ---D | M](C:\Windows\System32\?i???i?i?i?i?i?i) -- C:\Windows\System32\ĭ䬵眝ĭĭĭĭĭĭ
[2013/01/29 17:50:41 | 000,000,000 | ---D | C](C:\Windows\System32\?i???i?i?i?i?i?i) -- C:\Windows\System32\ĭ䬵眝ĭĭĭĭĭĭ

========== Alternate Data Streams ==========

@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:DDE29E40
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:DC3E2375
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:53829683
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E18B7D31
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:72CCCD14
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:38CC2967
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1FCE3F44

< End of report >
  • 0

Advertisements

#2
Jintan
Posted 23 February 2013 - 05:47 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Welcome to Geeks2Go dzwiss,

The logs show some highly suspicious files running in your System32 folder.


When running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

---------

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

---------

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
  • 0

#3
dzwiss
Posted 23 February 2013 - 06:24 PM

dzwiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you very much for your reply...here is the requested contents of those logfiles:

RKreport

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : dzwiss [Admin rights]
Mode : Scan -- Date : 02/23/2013 19:06:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] 6f03611eb7f5d5b18c8a700bcf04eb7d
[BSP] b5b22a66db1f075b361bd0f91f6c5c59 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 133 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 273105 | Size: 13186 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27278370 | Size: 106234 Mo
3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 244846665 | Size: 2550 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02232013_02d1906.txt >>
RKreport[1]_S_02232013_02d1906.txt




AdwCleaner[R2

# AdwCleaner v2.113 - Logfile created 02/23/2013 at 19:11:46
# Updated 23/02/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : dzwiss - DZWISS-PC
# Boot Mode : Normal
# Running from : C:\Users\dzwiss\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Viewpoint Manager Service

***** [Files / Folders] *****

Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\dzwiss\AppData\Local\Conduit
Folder Found : C:\Users\dzwiss\AppData\LocalLow\Conduit
Folder Found : C:\Users\dzwiss\AppData\LocalLow\SweetIM
Folder Found : C:\Users\dzwiss\AppData\LocalLow\Viewpoint
Folder Found : C:\Users\dzwiss\AppData\Roaming\Babylon

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4129 octets] - [23/02/2013 19:10:00]
AdwCleaner[R2].txt - [4060 octets] - [23/02/2013 19:11:46]

########## EOF - C:\AdwCleaner[R2].txt - [4120 octets] ##########






uninstall_list

Update for Microsoft Office 2007 (KB2508958)
µTorrent
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.6)
Adobe Shockwave Player 12.0
Air Traffic Control Center
Android SDK Tools
AOPA CodingPro 2009 Upgrade
Apple Application Support
Apple Software Update
ARRL Exam Review - Technician
AVG 2011
BodyMedia SYNC
BodyMedia SYNC
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.2 Patch
Call of Duty® 4 - Modern Warfare™ 1.4 Patch
Castle Link
CCleaner
CodingPro 2007
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Creative MediaSource 5
D3DX10
Detect_USB
DHTML Editing Component
Digital Line Detect
DivX Setup
EMET
Facebook Video Calling 1.2.0.287
FDF Rower Session Application Bundle
FDF USB Samples 1.0
Firstbeat ATHLETE
FS Viewer
FTDI USB Serial Converter Drivers
Garmin City Navigator North America NT 2010.20
Garmin Communicator Plugin
Garmin MapSource
Garmin Training Center
Garmin USB Drivers
Garmin WebUpdater
Ghost Recon Advanced Warfighter
Google Chrome
Google Earth
Google Quick Search Box
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GR2Analyst Version 1.11
GRAW Patch 1.35
GRLevel3 version 1.12
GRLevel3 version 2.02
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HPP-21
I8kfanGUI V3.1
Intel® PROSet/Wireless WiFi Software
Java 7 Update 15
Java™ 6 Update 31
Java™ SE Runtime Environment 6
JavaFX 2.1.1
Junk Mail filter update
Keyspan USB Serial Adapter
K-Lite Codec Pack 6.5.0 (Full)
Malwarebytes Anti-Malware version 1.70.0.1100
MapSource
MapSource
MapSource - US Topo 24K National Parks, East v2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Corporation
Microsoft Corporation
Microsoft LifeCam
Microsoft Math
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Sounds
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Visio Viewer 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Media Video 9 VCM
Microsoft Xbox 360 Accessories 1.1
Mobile Broadband Drivers
MotoCalc 8.08
Moveslink for Movestick Mini
MPC-HC 1.6.4.6052
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetAthlon 2 XF for Rowing
NetAthlon 2 XF for Rowing Update
NetAthlon Row Characters
NetWaiting
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Otto Bock C-Soft 2.4
Otto Bock TF Design 8.18
Otto Bock TT Design 5.18
PL-2303 Vista Driver Installer
PowerISO
QuickSet
QuickTime
Real Alternative 2.0.2
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
SigmaTel Audio
Skype™ 5.10
Sonic Activation Module
Sound Blaster Audigy ADVANCED MB
Suunto Monitor
Suunto Training Manager
Suunto USB Drive
Suunto USB Driver
Suunto USB Serial Port
swMSM
Synaptics Pointing Device Driver
TGR2SHP
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Driver Package - FTDI (FTDIBUS) USB (11/11/2009 1.00.2101)
Windows Driver Package - FTDI (FTSER2K) Ports (11/11/2009 1.00.2101)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Parallax Inc CDM Driver Package - Bus & VCP Driver (04/10/2012 2.08.24)
Windows Driver Package - Parallax Inc CDM Driver Package - Bus & VCP Driver (07/12/2010 2.08.02)
Windows Driver Package - Suunto (libusb0) Suunto (10/02/2010 1.2.2.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Messenger
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
WinRAR archiver
WxSolution
Yahoo! Messenger
Zune
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
  • 0

#4
Jintan
Posted 23 February 2013 - 06:49 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Would have thought RogueKiller would have picked up those curious system32 items. Maybe just not active enough to get picked up. AdwCleaner picked up quite a few adware settings, though none show as installed.

I do not recommend having or using torrent software. Due to the high risk involved in using it, I at least do not recommend doing any banking or other secure transactions on the same computer where it is installed.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Run RogueKiller again.

•Please quit all programs
•Run RogueKiller
•Wait until the Prescan finishes
•Press: Scan


•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.

Please post the RKreport (Mode: Delete) created on the Desktop.

---------

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Open AdwCleaner, and click the Uninstall button to have it remove itself.

----------

Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
  • 0

#5
dzwiss
Posted 23 February 2013 - 08:32 PM

dzwiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OK...the first two steps completed successfully and the two log files are included...however Combofix did not seem to complete or function properly. I heeded the warning not to touch the computer while it was running, but after waiting an hour without any visible activity, I ended up having to reboot to use the computer again. I did look for the Combofix.txt file but found none. Please advise and thank you for your help...this is greatly appreciated!


RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : dzwiss [Admin rights]
Mode : Remove -- Date : 02/23/2013 20:14:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] 6f03611eb7f5d5b18c8a700bcf04eb7d
[BSP] b5b22a66db1f075b361bd0f91f6c5c59 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 133 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 273105 | Size: 13186 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27278370 | Size: 106234 Mo
3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 244846665 | Size: 2550 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_02232013_02d2014.txt >>
RKreport[1]_S_02232013_02d1906.txt ; RKreport[2]_S_02232013_02d2014.txt ; RKreport[3]_D_02232013_02d2014.txt






# AdwCleaner v2.113 - Logfile created 02/23/2013 at 20:17:21
# Updated 23/02/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : dzwiss - DZWISS-PC
# Boot Mode : Normal
# Running from : C:\Users\dzwiss\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\dzwiss\AppData\Local\Conduit
Folder Deleted : C:\Users\dzwiss\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\dzwiss\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\dzwiss\AppData\LocalLow\Viewpoint
Folder Deleted : C:\Users\dzwiss\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\dzwiss\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4129 octets] - [23/02/2013 19:10:00]
AdwCleaner[R2].txt - [4189 octets] - [23/02/2013 19:11:46]
AdwCleaner[R3].txt - [4249 octets] - [23/02/2013 20:17:06]
AdwCleaner[S1].txt - [4276 octets] - [23/02/2013 20:17:21]

########## EOF - C:\AdwCleaner[S1].txt - [4336 octets] ##########
  • 0

#6
Jintan
Posted 23 February 2013 - 08:40 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Download and unzip Malwarebytes AntiRootkit from here to your desktop.

In the folder that created, click the mbar folder, then click mbar.exe to start the scan.

Click Next, then click the Update button (you will need to have the Internet connected for this). Once it has updated, click Next, then click scan.

When it finishes, click Exit. Then post the two logs it created, located in the same folder as mbar.exe.

mbar-log-date-(xx-xx-xx).txt
system-log.txt
  • 0

#7
dzwiss
Posted 23 February 2013 - 09:19 PM

dzwiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Just so you know, I rebooted and re-ran Combofix and got the same result, I gave it about 20 minutes this time. I downloaded and ran Malwarebytes AntiRootkit and here are the logs...



Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.24.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
dzwiss :: DZWISS-PC [administrator]

2/23/2013 10:09:52 PM
mbar-log-2013-02-23 (22-09-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27821
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.161000 GHz
Memory total: 2145083392, free: 943071232

------------ Kernel report ------------
02/23/2013 22:01:03
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\DRVMCDB.SYS
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwLv32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_M.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\anodlwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\ckldrv.sys
\??\C:\Windows\system32\drivers\fanio.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\DRIVERS\hidbth.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point32.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResM.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\DLA\DLABMFSM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\enodpl.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\tandpl.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85c0f858
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85a32738
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.02.24.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85c0f858, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85c0f478, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85c0f858, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85a10f08, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85a32738, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffad742900, 0xffffffff85c0f858, 0xffffffff856074b0
Lower DeviceData: 0xffffffffb48139f0, 0xffffffff85a32738, 0xffffffff85230f08
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D3240B36

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 273042

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 273105 Numsec = 27005265

Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 27278370 Numsec = 217568295
Partition file system is NTFS
Partition is bootable

Partition 3 type is Extended with CSH (0x5)
Partition is NOT ACTIVE.
Partition starts at LBA: 244846665 Numsec = 5223015

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-250049680-250069680)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
  • 0

#8
Jintan
Posted 24 February 2013 - 12:35 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Still nothing picking up those two strange system32 files, but nothing else showing so far. When you first ran ComboFix, before you posted here, it still didn't complete? AVG showing as installed, but I see nothing of it's functions loaded.

Go here and download and run the AVG uninstaller. Reboot after.

---------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Close, then open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
  • 0

#9
dzwiss
Posted 24 February 2013 - 02:29 PM

dzwiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I have had the same result each time I tried to run ComboFix, it never completes...it hangs while scanning, even after an hour wait.

I ran Gmer and got the log as requested and its posted. However, when I attempted to run Gmer again following your second instruction, it does not show the option, Only non MS files. The options are: IRP hooks, NTAPI registry scan, IRP files scan, File version info (which is checked), and then 3rd party... Please advise...and again thanks sooooo much!!


GMER 2.1.19081 - http://www.gmer.net
Rootkit scan 2013-02-24 15:13:26
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 M4-CT128M4SSD2 rev.040H 119.24GB
Running: 7tztbs9t.exe; Driver: C:\Users\dzwiss\AppData\Local\Temp\fwdirpod.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D20D340, 0x3EE1D7, 0xE8000020]

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74777817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747BB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7477BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7476F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7476E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747A73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7477DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7476FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7476FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [747FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7479C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7476D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74766853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7476687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74772AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 2.1 ----

Device \Driver\BTHUSB \Device\00000080 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000080 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a5a6084
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a5a6084@00a096254fa2 0xD8 0x80 0x4D 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cffa43fd
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cffa43fd@00a096252a77 0xC5 0x04 0x5E 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cffa43fd@b0ec71551c59 0x13 0x5F 0xFB 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a5a6084 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a5a6084@00a096254fa2 0xD8 0x80 0x4D 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cffa43fd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cffa43fd@00a096252a77 0xC5 0x04 0x5E 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cffa43fd@b0ec71551c59 0x13 0x5F 0xFB 0x47 ...

---- EOF - GMER 2.1 ----
  • 0

#10
Jintan
Posted 24 February 2013 - 02:55 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Nothing in that. Let's see what the other Gmer log shows.
  • 0

Advertisements

#11
dzwiss
Posted 24 February 2013 - 03:56 PM

dzwiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
When I attempted to run Gmer again following your second instruction, it does not show the option, 'Only non MS files'. The options are: IRP hooks, NTAPI registry scan, IRP files scan, File version info (which is checked), and then 3rd party
  • 0

#12
Jintan
Posted 24 February 2013 - 04:28 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I forgot Gmer had updated. Uncheck "File version info", and the click Scan.
  • 0

#13
dzwiss
Posted 24 February 2013 - 04:45 PM

dzwiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Second scan results after unchecking 'File version info":


GMER 2.1.19081 - http://www.gmer.net
Rootkit scan 2013-02-24 17:42:24
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 M4-CT128M4SSD2 rev.040H 119.24GB
Running: 7tztbs9t.exe; Driver: C:\Users\dzwiss\AppData\Local\Temp\fwdirpod.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D20D340, 0x3EE1D7, 0xE8000020]

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74777817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747BB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7477BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7476F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7476E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747A73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7477DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7476FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7476FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [747FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7479C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7476D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74766853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7476687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74772AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll

---- Devices - GMER 2.1 ----

Device \Driver\BTHUSB \Device\00000080 bthport.sys
Device \Driver\BTHUSB \Device\00000080 bthport.sys
Device \Driver\BTHUSB \Device\0000007e bthport.sys
Device \Driver\BTHUSB \Device\0000007e bthport.sys

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a5a6084
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a5a6084@00a096254fa2 0xD8 0x80 0x4D 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cffa43fd
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cffa43fd@00a096252a77 0xC5 0x04 0x5E 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cffa43fd@b0ec71551c59 0x13 0x5F 0xFB 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a5a6084 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a5a6084@00a096254fa2 0xD8 0x80 0x4D 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cffa43fd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cffa43fd@00a096252a77 0xC5 0x04 0x5E 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cffa43fd@b0ec71551c59 0x13 0x5F 0xFB 0x47 ...

---- EOF - GMER 2.1 ----
  • 0

#14
Jintan
Posted 24 February 2013 - 05:25 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
No, that's the same log you posted earlier. You closed and re-opened Gmer to run that scan?
  • 0

#15
dzwiss
Posted 24 February 2013 - 05:36 PM

dzwiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
yes...in fact I had shut down the computer before when I went out. I followed these instructions...

Close, then open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

only difference is, instead of selecting, 'Options - Only non MS files' (which was not available, I unchecked "File version info" like you requested. What I posted was the result.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP