View Full Version : Not Sure whats wrong
rtphippsjr
2010-06-29, 05:40
Not really sure what is wrong with my pc. For the last few weeks my pc when running any application starts to slow down massively for a minute every few minutes. It does not matter what it is I am running. Not sure if this is something you can help me with or not, but I am hoping it is. Thank you for your time and support.
DDS (Ver_10-03-17.01) - NTFSx86
Run by t at 22:26:47.19 on Mon 06/28/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1081 [GMT -4:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\PeerGuardian2\pg2.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.ask.com/?o=15438&l=dis
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Google Update] "c:\documents and settings\t\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\yan3xiwg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\t\application data\mozilla\firefox\profiles\yan3xiwg.default\extensions\gametapplayer@gametap.com\plugins\npGameTapWebPlayer.dll
FF - plugin: c:\documents and settings\t\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\t\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-26 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-5-14 816672]
=============== Created Last 30 ================
2010-06-27 04:24:39 0 d-----w- c:\docume~1\t\applic~1\uTorrent
2010-06-26 20:41:19 0 d-----w- c:\program files\Trend Micro
2010-06-25 07:54:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Tages
2010-06-25 07:53:48 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-25 07:53:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-25 04:48:29 0 d-----w- c:\program files\The Learning Company
2010-06-24 11:25:13 0 d-----w- c:\program files\Free Window Registry Repair
2010-06-24 11:20:41 0 d-----w- c:\program files\SmartPCTools
2010-06-24 00:20:28 0 d-----w- c:\documents and settings\t\DesktoapII
2010-06-23 23:50:25 0 d-----w- c:\windows\system32\Adobe
2010-06-22 09:44:16 0 d-----w- c:\program files\Freelancer Companion
2010-06-21 10:13:06 0 d-----w- c:\program files\Freelancer Mod Manager
2010-06-21 09:20:45 0 d-----w- c:\program files\Microsoft Games
2010-06-18 07:13:23 0 d-----w- c:\docume~1\t\applic~1\fltk.org
2010-06-16 20:09:41 0 d-----w- c:\docume~1\t\applic~1\SPORE
2010-06-11 07:03:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-06-10 16:07:22 0 d-----w- c:\program files\VUGames
2010-06-10 12:07:31 98816 ----a-w- c:\windows\sed.exe
2010-06-10 12:07:31 77312 ----a-w- c:\windows\MBR.exe
2010-06-10 12:07:31 256512 ----a-w- c:\windows\PEV.exe
2010-06-10 12:07:31 161792 ----a-w- c:\windows\SWREG.exe
2010-06-03 16:31:11 0 d--h--w- c:\windows\system32\GroupPolicy
2010-05-31 08:23:44 0 d-----w- c:\program files\SIW
==================== Find3M ====================
2010-05-16 21:18:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-03 23:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55:31 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55:31 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55:31 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55:31 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55:31 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55:31 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55:31 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55:31 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 22:55:31 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-02 20:54:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-31 04:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
============= FINISH: 22:27:06.02 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2010 5:18:13 AM
System Uptime: 6/22/2010 5:41:30 PM (149 hours ago)
Motherboard: ASUSTeK Computer INC. | | M2N-VM DVI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | CPU 1 | 2500/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 233 GiB total, 39.013 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP7: 2/20/2010 10:28:47 PM - System Checkpoint
RP8: 2/21/2010 11:15:16 PM - System Checkpoint
RP9: 2/22/2010 4:38:18 PM - Installed Windows KB954550-v5.
RP10: 2/22/2010 4:38:25 PM - Printer Driver Microsoft XPS Document Writer Installed
RP11: 2/22/2010 4:38:33 PM - Printer Driver Microsoft XPS Document Writer Installed
RP12: 2/24/2010 7:35:34 AM - System Checkpoint
RP13: 2/25/2010 9:24:41 AM - System Checkpoint
RP14: 2/26/2010 9:50:40 AM - System Checkpoint
RP15: 2/27/2010 10:56:14 AM - System Checkpoint
RP16: 2/28/2010 11:50:40 AM - System Checkpoint
RP17: 3/1/2010 3:38:21 PM - System Checkpoint
RP18: 3/2/2010 5:11:11 PM - System Checkpoint
RP19: 3/3/2010 7:28:31 PM - System Checkpoint
RP20: 3/4/2010 7:50:37 PM - System Checkpoint
RP21: 3/5/2010 7:51:40 PM - System Checkpoint
RP22: 3/6/2010 4:40:35 AM - Installed Demon Stone
RP23: 3/7/2010 3:48:43 AM - Removed Temple of Elemental Evil
RP24: 3/7/2010 3:49:17 AM - Removed Demon Stone
RP25: 3/8/2010 3:50:36 AM - System Checkpoint
RP26: 3/9/2010 4:50:35 AM - System Checkpoint
RP27: 3/10/2010 7:27:22 AM - Restore Operation
RP28: 3/10/2010 8:44:13 AM - Software Distribution Service 3.0
RP29: 3/11/2010 10:48:54 AM - System Checkpoint
RP30: 3/12/2010 11:27:38 AM - System Checkpoint
RP31: 3/12/2010 1:11:32 PM - Avg8 Update
RP32: 3/12/2010 1:12:57 PM - Avg Update
RP33: 3/13/2010 1:16:16 PM - System Checkpoint
RP34: 3/14/2010 3:17:22 PM - System Checkpoint
RP35: 3/15/2010 3:41:34 PM - System Checkpoint
RP36: 3/16/2010 3:44:15 PM - System Checkpoint
RP37: 3/17/2010 8:47:37 AM - Avg Update
RP38: 3/18/2010 9:44:15 AM - System Checkpoint
RP39: 3/19/2010 12:38:16 PM - System Checkpoint
RP40: 3/20/2010 12:44:17 PM - System Checkpoint
RP41: 3/21/2010 7:08:40 PM - System Checkpoint
RP42: 3/22/2010 5:50:41 AM - Installed Steam
RP43: 3/22/2010 6:10:30 AM - Installed DirectX
RP44: 3/23/2010 10:43:02 AM - System Checkpoint
RP45: 3/23/2010 9:09:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP46: 3/23/2010 9:32:39 PM - Software Distribution Service 3.0
RP47: 3/23/2010 9:52:39 PM - Installed Dual-Core Optimizer.
RP48: 3/24/2010 9:11:27 AM - Installed DirectX
RP49: 3/24/2010 9:12:19 AM - Installed Windows XP Wdf01007.
RP50: 3/25/2010 12:48:58 PM - System Checkpoint
RP51: 3/25/2010 3:02:45 PM - Installed Windows XP WgaNotify.
RP52: 3/26/2010 4:32:44 AM - Restore Operation
RP53: 3/27/2010 4:38:06 AM - System Checkpoint
RP54: 3/28/2010 4:39:44 AM - System Checkpoint
RP55: 3/28/2010 1:53:20 PM - Installed Nero 8 Essentials
RP56: 3/29/2010 2:04:46 PM - System Checkpoint
RP57: 3/30/2010 3:03:30 PM - System Checkpoint
RP58: 3/31/2010 3:04:35 PM - System Checkpoint
RP59: 4/1/2010 6:55:48 PM - System Checkpoint
RP60: 4/2/2010 7:04:35 PM - System Checkpoint
RP61: 4/3/2010 8:03:31 PM - System Checkpoint
RP62: 4/4/2010 9:03:30 PM - System Checkpoint
RP63: 4/5/2010 10:03:30 PM - System Checkpoint
RP64: 4/7/2010 10:16:38 PM - System Checkpoint
RP65: 4/8/2010 11:03:17 PM - System Checkpoint
RP66: 4/10/2010 12:03:16 AM - System Checkpoint
RP67: 4/11/2010 1:03:16 AM - System Checkpoint
RP68: 4/12/2010 2:03:17 AM - System Checkpoint
RP69: 4/13/2010 3:03:17 AM - System Checkpoint
RP70: 4/14/2010 4:03:17 AM - System Checkpoint
RP71: 4/15/2010 4:36:09 AM - System Checkpoint
RP72: 4/16/2010 6:54:14 AM - System Checkpoint
RP73: 4/17/2010 7:03:17 AM - System Checkpoint
RP74: 4/18/2010 8:03:17 AM - System Checkpoint
RP75: 4/19/2010 8:40:46 AM - System Checkpoint
RP76: 4/20/2010 9:40:46 AM - System Checkpoint
RP77: 4/21/2010 12:22:24 PM - System Checkpoint
RP78: 4/22/2010 12:40:46 PM - System Checkpoint
RP79: 4/23/2010 3:05:03 PM - System Checkpoint
RP80: 4/24/2010 3:43:38 PM - System Checkpoint
RP81: 4/25/2010 4:42:32 PM - System Checkpoint
RP82: 4/26/2010 4:43:37 PM - System Checkpoint
RP83: 4/27/2010 5:43:37 PM - System Checkpoint
RP84: 4/28/2010 6:42:32 PM - System Checkpoint
RP85: 4/29/2010 6:54:53 PM - System Checkpoint
RP86: 4/30/2010 7:49:57 PM - System Checkpoint
RP87: 5/1/2010 7:51:02 PM - System Checkpoint
RP88: 5/13/2010 1:11:51 PM - System Checkpoint
RP89: 5/15/2010 12:23:10 AM - System Checkpoint
RP90: 5/15/2010 12:52:35 PM - Avg Update
RP91: 5/15/2010 1:01:25 PM - Avg Update
RP92: 5/16/2010 1:02:46 PM - System Checkpoint
RP93: 5/16/2010 5:18:09 PM - SPTD setup V1.62
RP94: 5/16/2010 6:01:17 PM - Installed DirectX
RP95: 5/17/2010 6:42:03 PM - System Checkpoint
RP96: 5/18/2010 11:48:18 PM - System Checkpoint
RP97: 5/19/2010 3:00:16 AM - Software Distribution Service 3.0
RP98: 5/20/2010 3:02:43 AM - System Checkpoint
RP99: 5/21/2010 4:02:43 AM - System Checkpoint
RP100: 5/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP101: 5/25/2010 11:43:52 AM - FiOS Installation
RP102: 5/25/2010 6:12:40 PM - Removed Ask Toolbar.
RP103: 5/26/2010 3:00:19 AM - Software Distribution Service 3.0
RP104: 5/26/2010 1:34:23 PM - avast! Free Antivirus Setup
RP105: 5/29/2010 7:46:38 PM - Removed AVG Free 9.0
RP106: 6/10/2010 8:07:40 AM - ComboFix created restore point
RP107: 6/11/2010 3:00:21 AM - Software Distribution Service 3.0
RP108: 6/16/2010 3:32:18 PM - Installed SPORE™
RP109: 6/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP110: 6/24/2010 7:15:52 AM - Free Registry Fix restore point
RP111: 6/25/2010 3:52:37 AM - Installed DirectX
RP112: 6/26/2010 4:41:17 PM - Installed HiJackThis
==== Installed Programs ======================
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11.5
avast! Free Antivirus
AviSynth 2.5
CCleaner
Dragon Age: Origins
Dual-Core Optimizer
EAX(tm) Unified (SHELL)
EclindneLoc
ERUNT 1.1j
Free Window Registry Repair
Freelancer
Freelancer Companion 2.01
Google Chrome
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Java(TM) 6 Update 16
Killing Floor
Left 4 Dead
LEISURE SUIT LARRY: MAGNA CUM LAUDE-UNCUT AND UNCENSORED
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2
Microsoft XML Parser
Mount&Blade
Mount&Blade Warband
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.1
Oregon Trail 5th Edition
PeerGuardian 2.0
Realtek High Definition Audio Driver
Risen
Security Update for Windows XP (KB923789)
SIW version 2010.04.28
SPORE™
Spybot - Search & Destroy
Steam
System Requirements Lab
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebFldrs XP
Windows Essentials Media Codec Pack 2.3d
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
==== End Of File ===========================
Hi,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply. Post also contents of fresh dds.txt log.
rtphippsjr
2010-07-06, 22:42
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-06 15:38:18
Windows 5.1.2600 Service Pack 3
Running: e31vkbl5.exe; Driver: C:\DOCUME~1\t\LOCALS~1\Temp\pgldipoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB4025C7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB4025B36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB40260EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB4026014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB402570C]
SSDT spyh.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spyh.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB4025C10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB402564C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB40256B0]
SSDT spyh.sys ZwQueryKey [0xB7ECE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB4025D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB40261B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB4025CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB4025E70]
INT 0x73 ? 89BDBBF8
INT 0x83 ? 89D5EBF8
INT 0x83 ? 89D5EBF8
INT 0x83 ? 89D5EBF8
INT 0xB4 ? 89BDBBF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB4032AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB40328EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB4032A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54B40260
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B4032A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP B40328EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP B402E536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP B402FEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP B4032ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? spyh.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B74938AC 5 Bytes JMP 89BDB1D8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB698B380, 0x566445, 0xE8000020]
.text a47td9h8.SYS B693E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a47td9h8.SYS B693E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a47td9h8.SYS B693E3C4 3 Bytes [00, 80, 02]
.text a47td9h8.SYS B693E3C9 1 Byte [30]
.text a47td9h8.SYS B693E3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB35C1300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8420300, 0x1BEE, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spyh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spyh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spyh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spyh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spyh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spyh.sys
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 89D5D1F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\sptd \Device\696636856 spyh.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBPDO-0 89B261F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DCD1F8
Device \Driver\usbehci \Device\USBPDO-1 89B221F8
Device \Driver\usbohci \Device\USBPDO-2 89B261F8
Device \Driver\usbehci \Device\USBPDO-3 89B221F8
Device \Driver\PCI_PNP8106 \Device\00000048 spyh.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{1DED8335-6622-4E04-A74E-371442743A10} 889BE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89D5F1F8
Device \Driver\Cdrom \Device\CdRom0 89B0E1F8
Device \Driver\Cdrom \Device\CdRom1 89B0E1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 889BE1F8
Device \Driver\NetBT \Device\NetbiosSmb 889BE1F8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBFDO-0 89B261F8
Device \Driver\usbehci \Device\USBFDO-1 89B221F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 889BC1F8
Device \Driver\usbohci \Device\USBFDO-2 89B261F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 889BC1F8
Device \Driver\usbehci \Device\USBFDO-3 89B221F8
Device \Driver\Ftdisk \Device\FtControl 89D5F1F8
Device \Driver\a47td9h8 \Device\Scsi\a47td9h81Port2Path0Target0Lun0 899D5500
Device \Driver\a47td9h8 \Device\Scsi\a47td9h81 899D5500
Device \FileSystem\Cdfs \Cdfs 889611F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x2D 0x47 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8D 0xC0 0x53 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0xCE 0x33 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x28 0x4B 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x2D 0x47 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8D 0xC0 0x53 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0xCE 0x33 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x28 0x4B 0x21 ...
---- EOF - GMER 1.0.15 ----
rtphippsjr
2010-07-06, 22:45
DDS (Ver_10-03-17.01) - NTFSx86
Run by t at 15:44:11.75 on Tue 07/06/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1375 [GMT -4:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.ask.com/?o=15438&l=dis
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Google Update] "c:\documents and settings\t\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\yan3xiwg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\t\application data\mozilla\firefox\profiles\yan3xiwg.default\extensions\gametapplayer@gametap.com\plugins\npGameTapWebPlayer.dll
FF - plugin: c:\documents and settings\t\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\t\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-26 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-5-14 816672]
=============== Created Last 30 ================
2010-07-06 18:51:35 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM
2010-07-06 18:16:10 0 d-----w- c:\windows\system32\xlive
2010-07-06 18:16:09 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-06 17:31:26 77832 ----a-w- c:\windows\system32\GameuxInstallHelper.dll
2010-07-06 17:31:26 44552 ----a-w- c:\windows\system32\FirewallInstallHelper.dll
2010-07-01 12:05:29 0 d-----w- c:\program files\Rockstar Games
2010-07-01 09:45:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-01 08:25:35 0 d-----w- c:\program files\Flagship Studios
2010-07-01 01:08:49 0 d-----w- c:\program files\Comical
2010-06-30 00:59:50 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2010-06-27 04:24:39 0 d-----w- c:\docume~1\t\applic~1\uTorrent
2010-06-26 20:41:19 0 d-----w- c:\program files\Trend Micro
2010-06-25 07:54:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Tages
2010-06-25 07:53:48 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-25 07:53:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-24 00:20:28 0 d-----w- c:\documents and settings\t\DesktoapII
2010-06-23 23:50:25 0 d-----w- c:\windows\system32\Adobe
2010-06-22 09:44:16 0 d-----w- c:\program files\Freelancer Companion
2010-06-21 10:13:06 0 d-----w- c:\program files\Freelancer Mod Manager
2010-06-21 09:20:45 0 d-----w- c:\program files\Microsoft Games
2010-06-18 07:13:23 0 d-----w- c:\docume~1\t\applic~1\fltk.org
2010-06-11 07:03:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-06-10 16:07:22 0 d-----w- c:\program files\VUGames
2010-06-10 12:07:31 98816 ----a-w- c:\windows\sed.exe
2010-06-10 12:07:31 77312 ----a-w- c:\windows\MBR.exe
2010-06-10 12:07:31 256512 ----a-w- c:\windows\PEV.exe
2010-06-10 12:07:31 161792 ----a-w- c:\windows\SWREG.exe
==================== Find3M ====================
2010-05-16 21:18:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll
============= FINISH: 15:44:28.84 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2010 5:18:13 AM
System Uptime: 7/6/2010 3:39:08 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | M2N-VM DVI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | CPU 1 | 2500/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 233 GiB total, 64.553 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP7: 2/20/2010 10:28:47 PM - System Checkpoint
RP8: 2/21/2010 11:15:16 PM - System Checkpoint
RP9: 2/22/2010 4:38:18 PM - Installed Windows KB954550-v5.
RP10: 2/22/2010 4:38:25 PM - Printer Driver Microsoft XPS Document Writer Installed
RP11: 2/22/2010 4:38:33 PM - Printer Driver Microsoft XPS Document Writer Installed
RP12: 2/24/2010 7:35:34 AM - System Checkpoint
RP13: 2/25/2010 9:24:41 AM - System Checkpoint
RP14: 2/26/2010 9:50:40 AM - System Checkpoint
RP15: 2/27/2010 10:56:14 AM - System Checkpoint
RP16: 2/28/2010 11:50:40 AM - System Checkpoint
RP17: 3/1/2010 3:38:21 PM - System Checkpoint
RP18: 3/2/2010 5:11:11 PM - System Checkpoint
RP19: 3/3/2010 7:28:31 PM - System Checkpoint
RP20: 3/4/2010 7:50:37 PM - System Checkpoint
RP21: 3/5/2010 7:51:40 PM - System Checkpoint
RP22: 3/6/2010 4:40:35 AM - Installed Demon Stone
RP23: 3/7/2010 3:48:43 AM - Removed Temple of Elemental Evil
RP24: 3/7/2010 3:49:17 AM - Removed Demon Stone
RP25: 3/8/2010 3:50:36 AM - System Checkpoint
RP26: 3/9/2010 4:50:35 AM - System Checkpoint
RP27: 3/10/2010 7:27:22 AM - Restore Operation
RP28: 3/10/2010 8:44:13 AM - Software Distribution Service 3.0
RP29: 3/11/2010 10:48:54 AM - System Checkpoint
RP30: 3/12/2010 11:27:38 AM - System Checkpoint
RP31: 3/12/2010 1:11:32 PM - Avg8 Update
RP32: 3/12/2010 1:12:57 PM - Avg Update
RP33: 3/13/2010 1:16:16 PM - System Checkpoint
RP34: 3/14/2010 3:17:22 PM - System Checkpoint
RP35: 3/15/2010 3:41:34 PM - System Checkpoint
RP36: 3/16/2010 3:44:15 PM - System Checkpoint
RP37: 3/17/2010 8:47:37 AM - Avg Update
RP38: 3/18/2010 9:44:15 AM - System Checkpoint
RP39: 3/19/2010 12:38:16 PM - System Checkpoint
RP40: 3/20/2010 12:44:17 PM - System Checkpoint
RP41: 3/21/2010 7:08:40 PM - System Checkpoint
RP42: 3/22/2010 5:50:41 AM - Installed Steam
RP43: 3/22/2010 6:10:30 AM - Installed DirectX
RP44: 3/23/2010 10:43:02 AM - System Checkpoint
RP45: 3/23/2010 9:09:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP46: 3/23/2010 9:32:39 PM - Software Distribution Service 3.0
RP47: 3/23/2010 9:52:39 PM - Installed Dual-Core Optimizer.
RP48: 3/24/2010 9:11:27 AM - Installed DirectX
RP49: 3/24/2010 9:12:19 AM - Installed Windows XP Wdf01007.
RP50: 3/25/2010 12:48:58 PM - System Checkpoint
RP51: 3/25/2010 3:02:45 PM - Installed Windows XP WgaNotify.
RP52: 3/26/2010 4:32:44 AM - Restore Operation
RP53: 3/27/2010 4:38:06 AM - System Checkpoint
RP54: 3/28/2010 4:39:44 AM - System Checkpoint
RP55: 3/28/2010 1:53:20 PM - Installed Nero 8 Essentials
RP56: 3/29/2010 2:04:46 PM - System Checkpoint
RP57: 3/30/2010 3:03:30 PM - System Checkpoint
RP58: 3/31/2010 3:04:35 PM - System Checkpoint
RP59: 4/1/2010 6:55:48 PM - System Checkpoint
RP60: 4/2/2010 7:04:35 PM - System Checkpoint
RP61: 4/3/2010 8:03:31 PM - System Checkpoint
RP62: 4/4/2010 9:03:30 PM - System Checkpoint
RP63: 4/5/2010 10:03:30 PM - System Checkpoint
RP64: 4/7/2010 10:16:38 PM - System Checkpoint
RP65: 4/8/2010 11:03:17 PM - System Checkpoint
RP66: 4/10/2010 12:03:16 AM - System Checkpoint
RP67: 4/11/2010 1:03:16 AM - System Checkpoint
RP68: 4/12/2010 2:03:17 AM - System Checkpoint
RP69: 4/13/2010 3:03:17 AM - System Checkpoint
RP70: 4/14/2010 4:03:17 AM - System Checkpoint
RP71: 4/15/2010 4:36:09 AM - System Checkpoint
RP72: 4/16/2010 6:54:14 AM - System Checkpoint
RP73: 4/17/2010 7:03:17 AM - System Checkpoint
RP74: 4/18/2010 8:03:17 AM - System Checkpoint
RP75: 4/19/2010 8:40:46 AM - System Checkpoint
RP76: 4/20/2010 9:40:46 AM - System Checkpoint
RP77: 4/21/2010 12:22:24 PM - System Checkpoint
RP78: 4/22/2010 12:40:46 PM - System Checkpoint
RP79: 4/23/2010 3:05:03 PM - System Checkpoint
RP80: 4/24/2010 3:43:38 PM - System Checkpoint
RP81: 4/25/2010 4:42:32 PM - System Checkpoint
RP82: 4/26/2010 4:43:37 PM - System Checkpoint
RP83: 4/27/2010 5:43:37 PM - System Checkpoint
RP84: 4/28/2010 6:42:32 PM - System Checkpoint
RP85: 4/29/2010 6:54:53 PM - System Checkpoint
RP86: 4/30/2010 7:49:57 PM - System Checkpoint
RP87: 5/1/2010 7:51:02 PM - System Checkpoint
RP88: 5/13/2010 1:11:51 PM - System Checkpoint
RP89: 5/15/2010 12:23:10 AM - System Checkpoint
RP90: 5/15/2010 12:52:35 PM - Avg Update
RP91: 5/15/2010 1:01:25 PM - Avg Update
RP92: 5/16/2010 1:02:46 PM - System Checkpoint
RP93: 5/16/2010 5:18:09 PM - SPTD setup V1.62
RP94: 5/16/2010 6:01:17 PM - Installed DirectX
RP95: 5/17/2010 6:42:03 PM - System Checkpoint
RP96: 5/18/2010 11:48:18 PM - System Checkpoint
RP97: 5/19/2010 3:00:16 AM - Software Distribution Service 3.0
RP98: 5/20/2010 3:02:43 AM - System Checkpoint
RP99: 5/21/2010 4:02:43 AM - System Checkpoint
RP100: 5/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP101: 5/25/2010 11:43:52 AM - FiOS Installation
RP102: 5/25/2010 6:12:40 PM - Removed Ask Toolbar.
RP103: 5/26/2010 3:00:19 AM - Software Distribution Service 3.0
RP104: 5/26/2010 1:34:23 PM - avast! Free Antivirus Setup
RP105: 5/29/2010 7:46:38 PM - Removed AVG Free 9.0
RP106: 6/10/2010 8:07:40 AM - ComboFix created restore point
RP107: 6/11/2010 3:00:21 AM - Software Distribution Service 3.0
RP108: 6/16/2010 3:32:18 PM - Installed SPORE™
RP109: 6/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP110: 6/24/2010 7:15:52 AM - Free Registry Fix restore point
RP111: 6/25/2010 3:52:37 AM - Installed DirectX
RP112: 6/26/2010 4:41:17 PM - Installed HiJackThis
RP113: 6/29/2010 8:51:51 PM - Installed Gothic III
RP114: 6/29/2010 8:59:47 PM - Installed Gothic III Release Update
RP115: 6/29/2010 9:00:55 PM - Installed Gothic III Update 1.08
RP116: 6/29/2010 9:01:53 PM - Installed Gothic III Update 1.09
RP117: 6/29/2010 9:02:09 PM - Installed Gothic III Update 1.12
RP118: 6/30/2010 10:22:26 AM - Removed Gothic III
RP119: 6/30/2010 10:25:54 AM - Removed SPORE™
RP120: 7/1/2010 4:25:28 AM - Installed Hellgate: London
RP121: 7/1/2010 8:03:57 AM - Installed Bully Scholarship Edition
RP122: 7/6/2010 1:32:47 PM - Installed DirectX
RP123: 7/6/2010 2:14:53 PM - Installed DirectX
RP124: 7/6/2010 2:16:08 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP125: 7/6/2010 2:16:37 PM - Installed Rockstar Games Social Club
RP126: 7/6/2010 2:36:52 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP127: 7/6/2010 2:37:25 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP128: 7/6/2010 2:42:41 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP129: 7/6/2010 2:42:59 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP130: 7/6/2010 2:49:21 PM - Installed Grand Theft Auto IV
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11.5
avast! Free Antivirus
AviSynth 2.5
Bully Scholarship Edition
CCleaner
Comical 0.8
Dragon Age: Origins
Dual-Core Optimizer
EAX(tm) Unified (SHELL)
EclindneLoc
Freelancer
Freelancer Companion 2.01
Google Chrome
Gothic III Release Update
Grand Theft Auto IV
Hellgate: London
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Java(TM) 6 Update 16
Killing Floor
Left 4 Dead
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2
Microsoft XML Parser
Mount&Blade Warband
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.1
PeerGuardian 2.0
Realtek High Definition Audio Driver
Risen
Security Update for Windows XP (KB923789)
SIW version 2010.04.28
Spybot - Search & Destroy
Steam
System Requirements Lab
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebFldrs XP
Windows Essentials Media Codec Pack 2.3d
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
7/6/2010 3:40:37 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 899e4978, parameter3 899e4aec, parameter4 805d2954.
7/6/2010 3:35:22 PM, error: System Error [1003] - Error code 10000050, parameter1 e4cc8000, parameter2 00000000, parameter3 b0e01c3e, parameter4 00000001.
6/29/2010 10:13:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Dragon Age: Origins - Content Updater service to connect.
==== End Of File ===========================
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
rtphippsjr
2010-07-08, 18:38
ComboFix 10-07-07.02 - t 07/08/2010 11:29:38.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1594 [GMT -4:00]
Running from: c:\documents and settings\t\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://download.xbox.com:80
.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.
2010-07-06 18:51 . 2010-07-06 18:51 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-07-06 18:19 . 2010-07-06 18:51 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Rockstar Games
2010-07-06 18:16 . 2010-07-06 18:16 -------- d-----w- c:\windows\system32\xlive
2010-07-06 18:16 . 2010-07-06 18:16 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-06 17:40 . 2010-07-06 17:40 -------- d--h--r- c:\documents and settings\t\Application Data\SecuROM
2010-07-06 17:31 . 2007-10-22 07:38 77832 ----a-w- c:\windows\system32\GameuxInstallHelper.dll
2010-07-06 17:31 . 2007-10-22 07:37 44552 ----a-w- c:\windows\system32\FirewallInstallHelper.dll
2010-07-01 12:05 . 2010-07-06 18:50 -------- d-----w- c:\program files\Rockstar Games
2010-07-01 09:45 . 2010-07-01 09:45 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-01 08:25 . 2010-07-01 08:25 -------- d-----w- c:\program files\Flagship Studios
2010-07-01 01:08 . 2010-07-01 01:08 -------- d-----w- c:\program files\Comical
2010-06-30 00:59 . 2010-06-30 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-06-29 14:32 . 2010-06-29 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-27 04:24 . 2010-07-05 15:21 -------- d-----w- c:\documents and settings\t\Application Data\uTorrent
2010-06-26 20:41 . 2010-06-26 20:41 388096 ----a-r- c:\documents and settings\t\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-26 20:41 . 2010-06-26 20:41 -------- d-----w- c:\program files\Trend Micro
2010-06-25 07:56 . 2010-06-25 07:56 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Risen
2010-06-25 07:54 . 2010-06-25 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2010-06-25 07:53 . 2010-06-25 07:54 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-25 07:53 . 2010-06-25 07:53 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-24 11:13 . 2010-06-24 11:21 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Promosoft Corporation
2010-06-24 11:13 . 2010-06-24 11:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-24 00:20 . 2010-06-24 00:20 -------- d-----w- c:\documents and settings\t\DesktoapII
2010-06-23 23:50 . 2010-06-23 23:50 -------- d-----w- c:\windows\system32\Adobe
2010-06-22 09:44 . 2010-06-22 09:44 -------- d-----w- c:\program files\Freelancer Companion
2010-06-21 10:24 . 2010-06-21 10:24 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Freelancer
2010-06-21 10:13 . 2010-06-21 10:13 -------- d-----w- c:\program files\Freelancer Mod Manager
2010-06-21 09:20 . 2010-06-21 09:20 -------- d-----w- c:\program files\Microsoft Games
2010-06-18 07:13 . 2010-06-18 07:13 -------- d-----w- c:\documents and settings\t\Application Data\fltk.org
2010-06-11 07:03 . 2010-06-11 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-06-10 16:07 . 2010-06-10 16:07 -------- d-----w- c:\program files\VUGames
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 18:50 . 2010-02-02 15:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 17:05 . 2010-02-05 22:36 -------- d-----w- c:\program files\Mount&Blade
2010-07-06 05:50 . 2010-01-26 02:27 17744 ----a-w- c:\documents and settings\t\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 02:13 . 2010-03-22 09:50 -------- d-----w- c:\program files\Steam
2010-06-30 00:59 . 2010-02-02 15:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-29 14:32 . 2010-03-17 01:28 -------- d-----w- c:\program files\Yahoo!
2010-06-28 05:23 . 2010-02-02 15:53 1 ----a-w- c:\documents and settings\t\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-25 10:30 . 2010-01-25 16:43 -------- d-----w- c:\documents and settings\t\Application Data\BitTorrent
2010-06-25 04:58 . 2010-02-02 09:57 -------- d-----w- c:\documents and settings\t\Application Data\AdobeUM
2010-06-21 06:41 . 2010-05-26 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-21 06:41 . 2010-01-30 11:58 -------- d-----w- c:\documents and settings\t\Application Data\Media Player Classic
2010-06-10 11:59 . 2010-05-25 22:08 -------- d-----w- c:\program files\CCleaner
2010-06-06 09:11 . 2010-03-17 03:55 -------- d-----w- c:\documents and settings\t\Application Data\Yahoo!
2010-05-31 08:23 . 2010-05-31 08:23 -------- d-----w- c:\program files\SIW
2010-05-29 19:09 . 2010-01-25 16:58 0 ----a-w- c:\documents and settings\t\Local Settings\Application Data\prvlcl.dat
2010-05-27 01:45 . 2010-05-27 01:45 -------- d-----w- c:\documents and settings\t\Application Data\NVIDIA
2010-05-26 23:27 . 2010-01-31 19:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-26 23:26 . 2010-01-31 19:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-14 04:39 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2008-04-14 04:42 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2008-04-14 04:41 81920 ----a-w- c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1382400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^t^Start Menu^Programs^Startup^Demonstone Registration.lnk]
backup=c:\windows\pss\Demonstone Registration.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^t^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^t^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-03 07:10 136176 ----atw- c:\documents and settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 10:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 19:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-04-04 09:22 1822720 ------r- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-15 17:26 1238352 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-09-30 21:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"Schedule"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RasMan"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Take Two\\borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\risen\\bin\\Risen.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Documents and Settings\\t\\My Documents\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/26/2010 1:34 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/26/2010 1:34 PM 19024]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/26/2010 11:18 PM 691696]
.
Contents of the 'Scheduled Tasks' folder
2010-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1425521274-1801674531-1003Core.job
- c:\documents and settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-03 07:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=15438&l=dis
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\t\Application Data\Mozilla\Firefox\Profiles\yan3xiwg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\t\Application Data\Mozilla\Firefox\Profiles\yan3xiwg.default\extensions\GameTapPlayer@gametap.com\plugins\npGameTapWebPlayer.dll
FF - plugin: c:\documents and settings\t\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\t\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
AddRemove-EAX(tm) Unified (SHELL) - c:\program files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1425521274-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:d3,d6,50,3f,a7,7f,09,08,4a,c5,bb,6a,3b,c1,1c,20,de,72,9d,9f,7e,
70,58,0d,df,a7,d5,4d,fc,31,ee,95,9b,48,60,bd,82,45,c1,5c,da,aa,89,4c,9d,8b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-07-08 11:35:18
ComboFix-quarantined-files.txt 2010-07-08 15:35
ComboFix2.txt 2010-06-10 12:15
Pre-Run: 71,591,587,840 bytes free
Post-Run: 71,672,664,064 bytes free
- - End Of File - - CA6404C315082EF52CD5716B1C6ABC84
rtphippsjr
2010-07-08, 18:45
DDS will not run now. I try to open it and all i get is the black screen which closes immediately.
Please try again after a reboot.
rtphippsjr
2010-07-08, 22:41
DDS (Ver_10-03-17.01) - NTFSx86
Run by t at 15:40:13.56 on Thu 07/08/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1643 [GMT -4:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\PeerGuardian2\pg2.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\t\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.ask.com/?o=15438&l=dis
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\yan3xiwg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-26 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-5-14 816672]
=============== Created Last 30 ================
2010-07-08 15:36:28 38848 ----a-w- c:\windows\avastSS.scr
2010-07-08 15:28:09 0 d-----w- C:\ComboFix
2010-07-06 18:51:35 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM
2010-07-06 18:16:10 0 d-----w- c:\windows\system32\xlive
2010-07-06 18:16:09 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-06 17:31:26 77832 ----a-w- c:\windows\system32\GameuxInstallHelper.dll
2010-07-06 17:31:26 44552 ----a-w- c:\windows\system32\FirewallInstallHelper.dll
2010-07-01 12:05:29 0 d-----w- c:\program files\Rockstar Games
2010-07-01 09:45:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-01 08:25:35 0 d-----w- c:\program files\Flagship Studios
2010-07-01 01:08:49 0 d-----w- c:\program files\Comical
2010-06-30 00:59:50 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2010-06-27 04:24:39 0 d-----w- c:\docume~1\t\applic~1\uTorrent
2010-06-26 20:41:19 0 d-----w- c:\program files\Trend Micro
2010-06-25 07:54:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Tages
2010-06-25 07:53:48 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-25 07:53:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-24 00:20:28 0 d-----w- c:\documents and settings\t\DesktoapII
2010-06-23 23:50:25 0 d-----w- c:\windows\system32\Adobe
2010-06-22 09:44:16 0 d-----w- c:\program files\Freelancer Companion
2010-06-21 10:13:06 0 d-----w- c:\program files\Freelancer Mod Manager
2010-06-21 09:20:45 0 d-----w- c:\program files\Microsoft Games
2010-06-18 07:13:23 0 d-----w- c:\docume~1\t\applic~1\fltk.org
2010-06-11 07:03:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-06-10 16:07:22 0 d-----w- c:\program files\VUGames
2010-06-10 12:07:31 98816 ----a-w- c:\windows\sed.exe
2010-06-10 12:07:31 77312 ----a-w- c:\windows\MBR.exe
2010-06-10 12:07:31 256512 ----a-w- c:\windows\PEV.exe
2010-06-10 12:07:31 161792 ----a-w- c:\windows\SWREG.exe
==================== Find3M ====================
2010-05-16 21:18:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll
============= FINISH: 15:40:33.50 ===============
rtphippsjr
2010-07-08, 22:42
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2010 5:18:13 AM
System Uptime: 7/8/2010 3:38:18 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | M2N-VM DVI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | CPU 1 | 2499/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 233 GiB total, 66.792 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP7: 2/20/2010 10:28:47 PM - System Checkpoint
RP8: 2/21/2010 11:15:16 PM - System Checkpoint
RP9: 2/22/2010 4:38:18 PM - Installed Windows KB954550-v5.
RP10: 2/22/2010 4:38:25 PM - Printer Driver Microsoft XPS Document Writer Installed
RP11: 2/22/2010 4:38:33 PM - Printer Driver Microsoft XPS Document Writer Installed
RP12: 2/24/2010 7:35:34 AM - System Checkpoint
RP13: 2/25/2010 9:24:41 AM - System Checkpoint
RP14: 2/26/2010 9:50:40 AM - System Checkpoint
RP15: 2/27/2010 10:56:14 AM - System Checkpoint
RP16: 2/28/2010 11:50:40 AM - System Checkpoint
RP17: 3/1/2010 3:38:21 PM - System Checkpoint
RP18: 3/2/2010 5:11:11 PM - System Checkpoint
RP19: 3/3/2010 7:28:31 PM - System Checkpoint
RP20: 3/4/2010 7:50:37 PM - System Checkpoint
RP21: 3/5/2010 7:51:40 PM - System Checkpoint
RP22: 3/6/2010 4:40:35 AM - Installed Demon Stone
RP23: 3/7/2010 3:48:43 AM - Removed Temple of Elemental Evil
RP24: 3/7/2010 3:49:17 AM - Removed Demon Stone
RP25: 3/8/2010 3:50:36 AM - System Checkpoint
RP26: 3/9/2010 4:50:35 AM - System Checkpoint
RP27: 3/10/2010 7:27:22 AM - Restore Operation
RP28: 3/10/2010 8:44:13 AM - Software Distribution Service 3.0
RP29: 3/11/2010 10:48:54 AM - System Checkpoint
RP30: 3/12/2010 11:27:38 AM - System Checkpoint
RP31: 3/12/2010 1:11:32 PM - Avg8 Update
RP32: 3/12/2010 1:12:57 PM - Avg Update
RP33: 3/13/2010 1:16:16 PM - System Checkpoint
RP34: 3/14/2010 3:17:22 PM - System Checkpoint
RP35: 3/15/2010 3:41:34 PM - System Checkpoint
RP36: 3/16/2010 3:44:15 PM - System Checkpoint
RP37: 3/17/2010 8:47:37 AM - Avg Update
RP38: 3/18/2010 9:44:15 AM - System Checkpoint
RP39: 3/19/2010 12:38:16 PM - System Checkpoint
RP40: 3/20/2010 12:44:17 PM - System Checkpoint
RP41: 3/21/2010 7:08:40 PM - System Checkpoint
RP42: 3/22/2010 5:50:41 AM - Installed Steam
RP43: 3/22/2010 6:10:30 AM - Installed DirectX
RP44: 3/23/2010 10:43:02 AM - System Checkpoint
RP45: 3/23/2010 9:09:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP46: 3/23/2010 9:32:39 PM - Software Distribution Service 3.0
RP47: 3/23/2010 9:52:39 PM - Installed Dual-Core Optimizer.
RP48: 3/24/2010 9:11:27 AM - Installed DirectX
RP49: 3/24/2010 9:12:19 AM - Installed Windows XP Wdf01007.
RP50: 3/25/2010 12:48:58 PM - System Checkpoint
RP51: 3/25/2010 3:02:45 PM - Installed Windows XP WgaNotify.
RP52: 3/26/2010 4:32:44 AM - Restore Operation
RP53: 3/27/2010 4:38:06 AM - System Checkpoint
RP54: 3/28/2010 4:39:44 AM - System Checkpoint
RP55: 3/28/2010 1:53:20 PM - Installed Nero 8 Essentials
RP56: 3/29/2010 2:04:46 PM - System Checkpoint
RP57: 3/30/2010 3:03:30 PM - System Checkpoint
RP58: 3/31/2010 3:04:35 PM - System Checkpoint
RP59: 4/1/2010 6:55:48 PM - System Checkpoint
RP60: 4/2/2010 7:04:35 PM - System Checkpoint
RP61: 4/3/2010 8:03:31 PM - System Checkpoint
RP62: 4/4/2010 9:03:30 PM - System Checkpoint
RP63: 4/5/2010 10:03:30 PM - System Checkpoint
RP64: 4/7/2010 10:16:38 PM - System Checkpoint
RP65: 4/8/2010 11:03:17 PM - System Checkpoint
RP66: 4/10/2010 12:03:16 AM - System Checkpoint
RP67: 4/11/2010 1:03:16 AM - System Checkpoint
RP68: 4/12/2010 2:03:17 AM - System Checkpoint
RP69: 4/13/2010 3:03:17 AM - System Checkpoint
RP70: 4/14/2010 4:03:17 AM - System Checkpoint
RP71: 4/15/2010 4:36:09 AM - System Checkpoint
RP72: 4/16/2010 6:54:14 AM - System Checkpoint
RP73: 4/17/2010 7:03:17 AM - System Checkpoint
RP74: 4/18/2010 8:03:17 AM - System Checkpoint
RP75: 4/19/2010 8:40:46 AM - System Checkpoint
RP76: 4/20/2010 9:40:46 AM - System Checkpoint
RP77: 4/21/2010 12:22:24 PM - System Checkpoint
RP78: 4/22/2010 12:40:46 PM - System Checkpoint
RP79: 4/23/2010 3:05:03 PM - System Checkpoint
RP80: 4/24/2010 3:43:38 PM - System Checkpoint
RP81: 4/25/2010 4:42:32 PM - System Checkpoint
RP82: 4/26/2010 4:43:37 PM - System Checkpoint
RP83: 4/27/2010 5:43:37 PM - System Checkpoint
RP84: 4/28/2010 6:42:32 PM - System Checkpoint
RP85: 4/29/2010 6:54:53 PM - System Checkpoint
RP86: 4/30/2010 7:49:57 PM - System Checkpoint
RP87: 5/1/2010 7:51:02 PM - System Checkpoint
RP88: 5/13/2010 1:11:51 PM - System Checkpoint
RP89: 5/15/2010 12:23:10 AM - System Checkpoint
RP90: 5/15/2010 12:52:35 PM - Avg Update
RP91: 5/15/2010 1:01:25 PM - Avg Update
RP92: 5/16/2010 1:02:46 PM - System Checkpoint
RP93: 5/16/2010 5:18:09 PM - SPTD setup V1.62
RP94: 5/16/2010 6:01:17 PM - Installed DirectX
RP95: 5/17/2010 6:42:03 PM - System Checkpoint
RP96: 5/18/2010 11:48:18 PM - System Checkpoint
RP97: 5/19/2010 3:00:16 AM - Software Distribution Service 3.0
RP98: 5/20/2010 3:02:43 AM - System Checkpoint
RP99: 5/21/2010 4:02:43 AM - System Checkpoint
RP100: 5/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP101: 5/25/2010 11:43:52 AM - FiOS Installation
RP102: 5/25/2010 6:12:40 PM - Removed Ask Toolbar.
RP103: 5/26/2010 3:00:19 AM - Software Distribution Service 3.0
RP104: 5/26/2010 1:34:23 PM - avast! Free Antivirus Setup
RP105: 5/29/2010 7:46:38 PM - Removed AVG Free 9.0
RP106: 6/10/2010 8:07:40 AM - ComboFix created restore point
RP107: 6/11/2010 3:00:21 AM - Software Distribution Service 3.0
RP108: 6/16/2010 3:32:18 PM - Installed SPORE™
RP109: 6/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP110: 6/24/2010 7:15:52 AM - Free Registry Fix restore point
RP111: 6/25/2010 3:52:37 AM - Installed DirectX
RP112: 6/26/2010 4:41:17 PM - Installed HiJackThis
RP113: 6/29/2010 8:51:51 PM - Installed Gothic III
RP114: 6/29/2010 8:59:47 PM - Installed Gothic III Release Update
RP115: 6/29/2010 9:00:55 PM - Installed Gothic III Update 1.08
RP116: 6/29/2010 9:01:53 PM - Installed Gothic III Update 1.09
RP117: 6/29/2010 9:02:09 PM - Installed Gothic III Update 1.12
RP118: 6/30/2010 10:22:26 AM - Removed Gothic III
RP119: 6/30/2010 10:25:54 AM - Removed SPORE™
RP120: 7/1/2010 4:25:28 AM - Installed Hellgate: London
RP121: 7/1/2010 8:03:57 AM - Installed Bully Scholarship Edition
RP122: 7/6/2010 1:32:47 PM - Installed DirectX
RP123: 7/6/2010 2:14:53 PM - Installed DirectX
RP124: 7/6/2010 2:16:08 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP125: 7/6/2010 2:16:37 PM - Installed Rockstar Games Social Club
RP126: 7/6/2010 2:36:52 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP127: 7/6/2010 2:37:25 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP128: 7/6/2010 2:42:41 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP129: 7/6/2010 2:42:59 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP130: 7/6/2010 2:49:21 PM - Installed Grand Theft Auto IV
RP131: 7/8/2010 11:28:21 AM - ComboFix created restore point
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11.5
avast! Free Antivirus
AviSynth 2.5
Bully Scholarship Edition
CCleaner
Comical 0.8
Dragon Age: Origins
Dual-Core Optimizer
EclindneLoc
Freelancer
Freelancer Companion 2.01
Google Chrome
Gothic III Release Update
Grand Theft Auto IV
Hellgate: London
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Java(TM) 6 Update 16
Killing Floor
Left 4 Dead
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2
Microsoft XML Parser
Mount&Blade Warband
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.1
PeerGuardian 2.0
Realtek High Definition Audio Driver
Risen
Security Update for Windows XP (KB923789)
SIW version 2010.04.28
Steam
System Requirements Lab
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebFldrs XP
Windows Essentials Media Codec Pack 2.3d
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
7/8/2010 11:36:30 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
7/8/2010 11:29:12 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/6/2010 3:40:37 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 899e4978, parameter3 899e4aec, parameter4 805d2954.
7/6/2010 3:35:22 PM, error: System Error [1003] - Error code 10000050, parameter1 e4cc8000, parameter2 00000000, parameter3 b0e01c3e, parameter4 00000001.
==== End Of File ===========================
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\documents and settings\t\Application Data\BitTorrent
c:\docume~1\t\applic~1\uTorrent
File::
c:\Documents and Settings\t\My Documents\Downloads\utorrent.exe
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\t\\My Documents\\Downloads\\utorrent.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one with updates (9.3 and updates 9.3.2 & 9.3.3) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 20 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
rtphippsjr
2010-07-08, 23:29
ComboFix 10-07-07.02 - t 07/08/2010 16:19:54.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1695 [GMT -4:00]
Running from: c:\documents and settings\t\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\t\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\documents and settings\t\My Documents\Downloads\utorrent.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\t\applic~1\uTorrent
c:\docume~1\t\applic~1\uTorrent\20 Hellgate London HD Wallpapers 1920 X 1080 (www.allwallpapersfree.blogspot.com).torrent
c:\docume~1\t\applic~1\uTorrent\Anita Blake Books 1-12.torrent
c:\docume~1\t\applic~1\uTorrent\Anita Blake Vampire Hunter Guilty Pleasures Full Comic Book With Preview and Handbook.torrent
c:\docume~1\t\applic~1\uTorrent\Bully_Scholarship_Edition-PROCYON.torrent
c:\docume~1\t\applic~1\uTorrent\dht.dat
c:\docume~1\t\applic~1\uTorrent\dht.dat.old
c:\docume~1\t\applic~1\uTorrent\Gothic 3 With all updates to Enhanced Edition.torrent
c:\docume~1\t\applic~1\uTorrent\Grown Ups CAM XViD - IMAGiNE.torrent
c:\docume~1\t\applic~1\uTorrent\Hellgate-London Comics.torrent
c:\docume~1\t\applic~1\uTorrent\Hellgate London Prima Game Guide(scan).pdf.torrent
c:\docume~1\t\applic~1\uTorrent\resume.dat
c:\docume~1\t\applic~1\uTorrent\resume.dat.old
c:\docume~1\t\applic~1\uTorrent\rss.dat
c:\docume~1\t\applic~1\uTorrent\rss.dat.old
c:\docume~1\t\applic~1\uTorrent\settings.dat
c:\docume~1\t\applic~1\uTorrent\settings.dat.old
c:\docume~1\t\applic~1\uTorrent\The Last Airbender (2010) R5-DvDrip-LW.torrent
c:\docume~1\t\applic~1\uTorrent\True Blood Season 1.torrent
c:\docume~1\t\applic~1\uTorrent\True Blood Season 2.torrent
c:\docume~1\t\applic~1\uTorrent\Twilight - New Moon(2009) [ch4cal].torrent
c:\docume~1\t\applic~1\uTorrent\Twilight [2008] dvd rip nlx.torrent
c:\documents and settings\t\Application Data\BitTorrent
c:\documents and settings\t\Application Data\BitTorrent\????.???.2009.?????????.torrent
c:\documents and settings\t\Application Data\BitTorrent\????.2007.???.?????????.torrent
c:\documents and settings\t\Application Data\BitTorrent\[??40?][????????????? ????][DVD.????].torrent
c:\documents and settings\t\Application Data\BitTorrent\[BitTorment.net]_Baten_Kaitos_Origins_NGC_FULL_NTSC_USA.torrent
c:\documents and settings\t\Application Data\BitTorrent\[PSX] Tactics Ogre_US_NTSC.torrent
c:\documents and settings\t\Application Data\BitTorrent\[Wii]Muramasa_The_Demon_Blade[NTSC][WiiSOS.com].torrent
c:\documents and settings\t\Application Data\BitTorrent\144gbg.avi.torrent
c:\documents and settings\t\Application Data\BitTorrent\4U.AVI.MPEG.Converter.v5.3.6.WinAll.KeyGen.Only-NeoX.torrent
c:\documents and settings\t\Application Data\BitTorrent\Age.of.Pirates.Caribbean.Tales-RELOADED.torrent
c:\documents and settings\t\Application Data\BitTorrent\Bards.Tale-HOODLUM.torrent
c:\documents and settings\t\Application Data\BitTorrent\Baten_Kaitos_NGC_FULL_NTSC_USA.torrent
c:\documents and settings\t\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\t\Application Data\BitTorrent\Black.Teen.Pussy.Party.5.XviD-SWE6RUS.torrent
c:\documents and settings\t\Application Data\BitTorrent\bleach hentai anime wallpapers.torrent
c:\documents and settings\t\Application Data\BitTorrent\Boondock Saints.torrent
c:\documents and settings\t\Application Data\BitTorrent\Borderlands 1.3.0.torrent
c:\documents and settings\t\Application Data\BitTorrent\Cascada - Evacuate The Dancefloor [2156].mp3.torrent
c:\documents and settings\t\Application Data\BitTorrent\Clerks.2[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\t\Application Data\BitTorrent\Clerks.torrent
c:\documents and settings\t\Application Data\BitTorrent\Constantine[2005]DvDRip[Eng]-BoBo.torrent
c:\documents and settings\t\Application Data\BitTorrent\Cosplay Fetish Academy.torrent
c:\documents and settings\t\Application Data\BitTorrent\Dear John [2010]TS-Scr XviD [English] MAX.torrent
c:\documents and settings\t\Application Data\BitTorrent\dht.dat
c:\documents and settings\t\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\t\Application Data\BitTorrent\DISNEY PIXARS TOY STORY TWO[DVDRIP][ENG]-KIDZCORNER&J.T.R.torrent
c:\documents and settings\t\Application Data\BitTorrent\Dragon Age Origins DLC Pack.torrent
c:\documents and settings\t\Application Data\BitTorrent\Dragonball + Z + GT.torrent
c:\documents and settings\t\Application Data\BitTorrent\Drunk.Sex.Orgy.Apres.Ski.Breit.und.Rollig.XXX.DVDRiP.XviD-WDE.torrent
c:\documents and settings\t\Application Data\BitTorrent\Empire.Records[1995].DVDRip.DivX-massiVuniT.avi.torrent
c:\documents and settings\t\Application Data\BitTorrent\ePSXe 1.7.0 Ultimate RPG Collection BIOS+Games.torrent
c:\documents and settings\t\Application Data\BitTorrent\ePSXe.rar.torrent
c:\documents and settings\t\Application Data\BitTorrent\epsxe.torrent
c:\documents and settings\t\Application Data\BitTorrent\EURO TRIP[DVDrip][ENG][MP3][KonzillaRG].torrent
c:\documents and settings\t\Application Data\BitTorrent\Family Project ~Kazoku Keikaku~.torrent
c:\documents and settings\t\Application Data\BitTorrent\Final.Fantasy.Tactics.PSX.NTSC-U.rar.torrent
c:\documents and settings\t\Application Data\BitTorrent\Final.Fantasy.VIII.8.official.guide.torrent
c:\documents and settings\t\Application Data\BitTorrent\FINAL_F_VIII.ISO.torrent
c:\documents and settings\t\Application Data\BitTorrent\Fire_Emblem_Path_of_Radiance_PAL_Multi5_NGC-STINKYCUBE.torrent
c:\documents and settings\t\Application Data\BitTorrent\Forgotten.Realms.Demon.Stone.DVD-VENGEANCE.torrent
c:\documents and settings\t\Application Data\BitTorrent\Freelancer.torrent
c:\documents and settings\t\Application Data\BitTorrent\From Paris with Love (2010) -CAM XViD ENG -IMAGINE.torrent
c:\documents and settings\t\Application Data\BitTorrent\From.Paris.With.Love.CAM.XviD-MOViERUSH - [ www.torrentday.com ].torrent
c:\documents and settings\t\Application Data\BitTorrent\Full Metal Jacket [HD].torrent
c:\documents and settings\t\Application Data\BitTorrent\Gangbang.Auditions.24.XXX.DVDRip.XviD-NYMPHO.torrent
c:\documents and settings\t\Application Data\BitTorrent\GangbangParty.avi.torrent
c:\documents and settings\t\Application Data\BitTorrent\Grandmas.Boy[2006]DVDRip.AC3[Eng].avi.torrent
c:\documents and settings\t\Application Data\BitTorrent\Guyver.torrent
c:\documents and settings\t\Application Data\BitTorrent\Halo Legend.torrent
c:\documents and settings\t\Application Data\BitTorrent\Heart De Roommate.torrent
c:\documents and settings\t\Application Data\BitTorrent\Hentai megapack1 uncen.english-dual-audio 4gb.torrent
c:\documents and settings\t\Application Data\BitTorrent\Iron Man 2 CamRip Xvid LKRG.torrent
c:\documents and settings\t\Application Data\BitTorrent\Jeff Dunham - Spark of Insanity.torrent
c:\documents and settings\t\Application Data\BitTorrent\Jeff.Dunham's.Very.Special.Christmas.Special[2008]DvDrip-aXXo.torrent
c:\documents and settings\t\Application Data\BitTorrent\Karate.Kids.2010.CAM. XVID-WBZ.torrent
c:\documents and settings\t\Application Data\BitTorrent\lets_fuck_nina.torrent
c:\documents and settings\t\Application Data\BitTorrent\Lightning Warrior Raidy.torrent
c:\documents and settings\t\Application Data\BitTorrent\Little My Maid.torrent
c:\documents and settings\t\Application Data\BitTorrent\lula - the sexy empire.rar.torrent
c:\documents and settings\t\Application Data\BitTorrent\MONSTERS INC @KIDZCORNER DVDRIP[ENG].torrent
c:\documents and settings\t\Application Data\BitTorrent\Mount.and.Blade-SKIDROW.1.torrent
c:\documents and settings\t\Application Data\BitTorrent\Mount.and.Blade-SKIDROW.2.torrent
c:\documents and settings\t\Application Data\BitTorrent\Mount.and.Blade-SKIDROW.3.torrent
c:\documents and settings\t\Application Data\BitTorrent\Mount.and.Blade-SKIDROW.torrent
c:\documents and settings\t\Application Data\BitTorrent\Mount.and.Blade.Warband-SKIDROW.torrent
c:\documents and settings\t\Application Data\BitTorrent\Naruto Shippuden.torrent
c:\documents and settings\t\Application Data\BitTorrent\Never.Back.Down[2008]DvDrip-aXXo.torrent
c:\documents and settings\t\Application Data\BitTorrent\Ninja Assassin (2009) DVDRip XviD-MAXSPEED.torrent
c:\documents and settings\t\Application Data\BitTorrent\Office.Space[1999]DVDRip.AC3[Eng].avi.torrent
c:\documents and settings\t\Application Data\BitTorrent\OT5.iso.torrent
c:\documents and settings\t\Application Data\BitTorrent\Partuza Argenta.torrent
c:\documents and settings\t\Application Data\BitTorrent\pc games anime hentai.PRE-URE Young Girls.torrent
c:\documents and settings\t\Application Data\BitTorrent\Percy Jackson and the Olympians The Lightning Thief 2010 TS XviD-Rx.torrent
c:\documents and settings\t\Application Data\BitTorrent\Percy Jackson and the Olympians.torrent
c:\documents and settings\t\Application Data\BitTorrent\Percy.Jackson.And.the.Olympians.The.Lightning.Thief.2010.Eng.LU_4.torrent
c:\documents and settings\t\Application Data\BitTorrent\Piece Of Wonder.torrent
c:\documents and settings\t\Application Data\BitTorrent\Pirates Of The Caribbean Trilogy-DVD Rip.torrent
c:\documents and settings\t\Application Data\BitTorrent\Pirates.Of.The.Caribbean-At.World's.End[2007]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\t\Application Data\BitTorrent\PLEASE HELP SHARE - EXTREMELY RARE - Wing Commander II Deluxe Edition.torrent
c:\documents and settings\t\Application Data\BitTorrent\Pretty Rave Girl.mp3.torrent
c:\documents and settings\t\Application Data\BitTorrent\Private Nurse.torrent
c:\documents and settings\t\Application Data\BitTorrent\Psych S01 Season 1 Complete English.torrent
c:\documents and settings\t\Application Data\BitTorrent\Psych S02 Season 2 Complete English DVD.torrent
c:\documents and settings\t\Application Data\BitTorrent\Psych Season 3 complete - NXOR.torrent
c:\documents and settings\t\Application Data\BitTorrent\Pulp.Fiction.[1994].DvDrip[ENG]-P4DGE_[www.superfundo.org].torrent
c:\documents and settings\t\Application Data\BitTorrent\resume.dat
c:\documents and settings\t\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\t\Application Data\BitTorrent\Rick Riordan.torrent
c:\documents and settings\t\Application Data\BitTorrent\Road Trip Beer Pong 2009 DVDRip XviD-BeStDivX.torrent
c:\documents and settings\t\Application Data\BitTorrent\Road.Trip[2000]DvDrip.AC3[Eng][Multi-Sub]-Vex.torrent
c:\documents and settings\t\Application Data\BitTorrent\rss.dat
c:\documents and settings\t\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\t\Application Data\BitTorrent\Schoolgirl Ninja Harlem.rar.torrent
c:\documents and settings\t\Application Data\BitTorrent\Sea Dogs.iso.torrent
c:\documents and settings\t\Application Data\BitTorrent\Sea Dogs[PC][ENG].torrent
c:\documents and settings\t\Application Data\BitTorrent\settings.dat
c:\documents and settings\t\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\t\Application Data\BitTorrent\Sexfest.XXX.DVDRip.XviD-XCiTE.torrent
c:\documents and settings\t\Application Data\BitTorrent\Shaun.of.the.Dead.2004.DVDRIP-ZEKTORM.torrent
c:\documents and settings\t\Application Data\BitTorrent\Sherlock Holmes (2009) DVDSCR XviD-MAXSPEED.torrent
c:\documents and settings\t\Application Data\BitTorrent\SLC.Punk!.1998.WS.XVID.DVDRIP.torrent
c:\documents and settings\t\Application Data\BitTorrent\Slut Bus Ultimate Sex Party Public Orgy.torrent
c:\documents and settings\t\Application Data\BitTorrent\Spore.torrent
c:\documents and settings\t\Application Data\BitTorrent\Step.Up.2.The.Streets.(2008)DVDRip.XviD.torrent
c:\documents and settings\t\Application Data\BitTorrent\Step.Up[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\t\Application Data\BitTorrent\Superbad[2007][Unrated Editon]DvDrip[Eng]-FXG.torrent
c:\documents and settings\t\Application Data\BitTorrent\Team America.avi.torrent
c:\documents and settings\t\Application Data\BitTorrent\Teenage Mutant Ninja Turtles Original Animated Season 4.torrent
c:\documents and settings\t\Application Data\BitTorrent\Teenage Mutant Ninja Turtles Original Animated Season Five (A_P).torrent
c:\documents and settings\t\Application Data\BitTorrent\Teenage Mutant Ninja Turtles Original Animated Season One[1987]DVDrip[FS]Eng.torrent
c:\documents and settings\t\Application Data\BitTorrent\Teenage Mutant Ninja Turtles Original Animated Season Three.torrent
c:\documents and settings\t\Application Data\BitTorrent\Teenage Mutant Ninja Turtles Original Animated Season Two.torrent
c:\documents and settings\t\Application Data\BitTorrent\Teenage Mutant Ninja Turtles.torrent
c:\documents and settings\t\Application Data\BitTorrent\Teenage.Mutant.Ninja.Turtles.III.1993.720p.BluRay.x264-HDCLASSiCS.torrent
c:\documents and settings\t\Application Data\BitTorrent\The A-Team 2010 TS V2 READNFO XViD - IMAGiNE [NO-RAR] - [ www.torrentday.com ].torrent
c:\documents and settings\t\Application Data\BitTorrent\The A-Team 2010 TS XViD - IMAGiNE.avi.torrent
c:\documents and settings\t\Application Data\BitTorrent\The A Team 2010 TS XViD - IMAGiNE.torrent
c:\documents and settings\t\Application Data\BitTorrent\The Bard's Tale.torrent
c:\documents and settings\t\Application Data\BitTorrent\The Book of Eli TS XVID V2 - IMAGiNE.torrent
c:\documents and settings\t\Application Data\BitTorrent\The Boondock Saints II All Saints Day (2009) DVDRip XviD-MAXSPEED.torrent
c:\documents and settings\t\Application Data\BitTorrent\The Crazies KLAXXON.torrent
c:\documents and settings\t\Application Data\BitTorrent\The New Guy.1.torrent
c:\documents and settings\t\Application Data\BitTorrent\The New Guy.torrent
c:\documents and settings\t\Application Data\BitTorrent\The Oregon Trail 5th.iso.torrent
c:\documents and settings\t\Application Data\BitTorrent\The Temple Of Elemental Evil.torrent
c:\documents and settings\t\Application Data\BitTorrent\The Witcher.iso.torrent
c:\documents and settings\t\Application Data\BitTorrent\The Wolfman 2010.TS.XVID-PrisM.torrent
c:\documents and settings\t\Application Data\BitTorrent\The.40.Year.Old.Virgin[2005]DVDrip.h264.[Eng]-phrax.torrent
c:\documents and settings\t\Application Data\BitTorrent\The.Big.Lebowski.DVDRip.AC3.XviD-Bayfilms.torrent
c:\documents and settings\t\Application Data\BitTorrent\The.Blind.Side.DVDSCR.XviD.AC3-DEViSE.torrent
c:\documents and settings\t\Application Data\BitTorrent\The.Crazies.2010.TS.XviD-Rx.torrent
c:\documents and settings\t\Application Data\BitTorrent\The.Karate.Kid.2010.CAM.XviD-PrisM.torrent
c:\documents and settings\t\Application Data\BitTorrent\The.Number.23[2007][Unrated.Edition][DvDrip[Eng]-aXXo.torrent
c:\documents and settings\t\Application Data\BitTorrent\The.Weatherman[2005]DvDrip.AC3[Eng]-aXXo.torrent
c:\documents and settings\t\Application Data\BitTorrent\The.Wolfman.2010.Horror.TS.XVID-nEHAL.torrent
c:\documents and settings\t\Application Data\BitTorrent\Tokimeki - Check In.torrent
c:\documents and settings\t\Application Data\BitTorrent\Tooth.Fairy.R5.LINE.XviD-MENTiON.torrent
c:\documents and settings\t\Application Data\BitTorrent\Underground Rave - 500 tracks!!!.torrent
c:\documents and settings\t\Application Data\BitTorrent\Valkyrie[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\t\Application Data\BitTorrent\Viper Paradice.torrent
c:\documents and settings\t\Application Data\BitTorrent\Wall-E.torrent
c:\documents and settings\t\Application Data\BitTorrent\Wing Commander III.torrent
c:\documents and settings\t\Application Data\BitTorrent\Wing.Commander.Prophecy.Gold.Eng.Complete.torrent
c:\documents and settings\t\Application Data\BitTorrent\Wolverine.And.The.X-Men.Complete Season1.torrent
c:\documents and settings\t\Application Data\BitTorrent\X-men Evolution.torrent
c:\documents and settings\t\Application Data\BitTorrent\XCOM.torrent
c:\documents and settings\t\Application Data\BitTorrent\Zach and Miri Make a Porno.torrent
c:\documents and settings\t\Application Data\BitTorrent\Zombieland (2009) DVDRip XviD-MAX.torrent
c:\documents and settings\t\My Documents\Downloads\utorrent.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.
2010-07-08 15:36 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-06 18:51 . 2010-07-06 18:51 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-07-06 18:19 . 2010-07-06 18:51 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Rockstar Games
2010-07-06 18:16 . 2010-07-06 18:16 -------- d-----w- c:\windows\system32\xlive
2010-07-06 18:16 . 2010-07-06 18:16 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-06 17:40 . 2010-07-06 17:40 -------- d--h--r- c:\documents and settings\t\Application Data\SecuROM
2010-07-06 17:31 . 2007-10-22 07:38 77832 ----a-w- c:\windows\system32\GameuxInstallHelper.dll
2010-07-06 17:31 . 2007-10-22 07:37 44552 ----a-w- c:\windows\system32\FirewallInstallHelper.dll
2010-07-01 12:05 . 2010-07-06 18:50 -------- d-----w- c:\program files\Rockstar Games
2010-07-01 09:45 . 2010-07-01 09:45 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-01 08:25 . 2010-07-01 08:25 -------- d-----w- c:\program files\Flagship Studios
2010-07-01 01:08 . 2010-07-01 01:08 -------- d-----w- c:\program files\Comical
2010-06-30 00:59 . 2010-06-30 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-06-29 14:32 . 2010-06-29 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-26 20:41 . 2010-06-26 20:41 388096 ----a-r- c:\documents and settings\t\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-26 20:41 . 2010-06-26 20:41 -------- d-----w- c:\program files\Trend Micro
2010-06-25 07:56 . 2010-06-25 07:56 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Risen
2010-06-25 07:54 . 2010-06-25 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2010-06-25 07:53 . 2010-06-25 07:54 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-25 07:53 . 2010-06-25 07:53 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-24 11:13 . 2010-06-24 11:21 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Promosoft Corporation
2010-06-24 11:13 . 2010-06-24 11:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-24 00:20 . 2010-06-24 00:20 -------- d-----w- c:\documents and settings\t\DesktoapII
2010-06-23 23:50 . 2010-06-23 23:50 -------- d-----w- c:\windows\system32\Adobe
2010-06-22 09:44 . 2010-06-22 09:44 -------- d-----w- c:\program files\Freelancer Companion
2010-06-21 10:24 . 2010-06-21 10:24 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Freelancer
2010-06-21 10:13 . 2010-06-21 10:13 -------- d-----w- c:\program files\Freelancer Mod Manager
2010-06-21 09:20 . 2010-06-21 09:20 -------- d-----w- c:\program files\Microsoft Games
2010-06-18 07:13 . 2010-06-18 07:13 -------- d-----w- c:\documents and settings\t\Application Data\fltk.org
2010-06-11 07:03 . 2010-06-11 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-06-10 16:07 . 2010-06-10 16:07 -------- d-----w- c:\program files\VUGames
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 18:50 . 2010-02-02 15:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 17:05 . 2010-02-05 22:36 -------- d-----w- c:\program files\Mount&Blade
2010-07-06 05:50 . 2010-01-26 02:27 17744 ----a-w- c:\documents and settings\t\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 02:13 . 2010-03-22 09:50 -------- d-----w- c:\program files\Steam
2010-06-30 00:59 . 2010-02-02 15:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-29 14:32 . 2010-03-17 01:28 -------- d-----w- c:\program files\Yahoo!
2010-06-28 20:57 . 2010-05-26 17:34 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-05-26 17:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-05-26 17:34 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-05-26 17:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-05-26 17:34 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-05-26 17:34 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-05-26 17:34 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-05-26 17:34 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-28 05:23 . 2010-02-02 15:53 1 ----a-w- c:\documents and settings\t\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-25 04:58 . 2010-02-02 09:57 -------- d-----w- c:\documents and settings\t\Application Data\AdobeUM
2010-06-21 06:41 . 2010-05-26 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-21 06:41 . 2010-01-30 11:58 -------- d-----w- c:\documents and settings\t\Application Data\Media Player Classic
2010-06-10 11:59 . 2010-05-25 22:08 -------- d-----w- c:\program files\CCleaner
2010-06-06 09:11 . 2010-03-17 03:55 -------- d-----w- c:\documents and settings\t\Application Data\Yahoo!
2010-05-31 08:23 . 2010-05-31 08:23 -------- d-----w- c:\program files\SIW
2010-05-29 19:09 . 2010-01-25 16:58 0 ----a-w- c:\documents and settings\t\Local Settings\Application Data\prvlcl.dat
2010-05-27 01:45 . 2010-05-27 01:45 -------- d-----w- c:\documents and settings\t\Application Data\NVIDIA
2010-05-26 23:27 . 2010-01-31 19:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-26 23:26 . 2010-01-31 19:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-26 17:34 . 2010-05-26 17:34 -------- d-----w- c:\program files\Alwil Software
2010-05-26 17:34 . 2010-05-26 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-25 15:47 . 2010-05-25 15:43 -------- d-----w- c:\documents and settings\t\Application Data\TechWizard
2010-05-21 19:41 . 2010-04-19 09:39 -------- d-----w- c:\program files\Dragon Age
2010-05-19 07:00 . 2010-05-19 07:00 -------- d-----w- c:\program files\MSXML 4.0
2010-05-16 22:06 . 2010-05-16 22:05 -------- d-----w- c:\documents and settings\t\Application Data\Mount&Blade Warband
2010-05-16 22:06 . 2010-05-16 22:01 -------- d-----w- c:\program files\Mount&Blade Warband
2010-05-16 21:18 . 2010-05-16 21:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-16 21:18 . 2010-01-27 03:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-14 04:39 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2008-04-14 04:42 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2008-04-14 04:41 81920 ----a-w- c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-07-08_15.34.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 11:00 . 2010-07-08 15:27 67312 c:\windows\system32\perfc009.dat
+ 2001-08-23 11:00 . 2010-07-08 20:22 67312 c:\windows\system32\perfc009.dat
+ 2001-08-23 11:00 . 2010-07-08 20:22 432356 c:\windows\system32\perfh009.dat
- 2001-08-23 11:00 . 2010-07-08 15:27 432356 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1382400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^t^Start Menu^Programs^Startup^Demonstone Registration.lnk]
backup=c:\windows\pss\Demonstone Registration.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^t^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^t^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-03 07:10 136176 ----atw- c:\documents and settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 10:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 19:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-04-04 09:22 1822720 ------r- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-15 17:26 1238352 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-09-30 21:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"Schedule"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RasMan"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Take Two\\borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\risen\\bin\\Risen.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/26/2010 1:34 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/26/2010 1:34 PM 17744]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/26/2010 11:18 PM 691696]
.
Contents of the 'Scheduled Tasks' folder
2010-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1425521274-1801674531-1003Core.job
- c:\documents and settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-03 07:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=15438&l=dis
FF - ProfilePath - c:\documents and settings\t\Application Data\Mozilla\Firefox\Profiles\yan3xiwg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1425521274-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:d3,d6,50,3f,a7,7f,09,08,4a,c5,bb,6a,3b,c1,1c,20,de,72,9d,9f,7e,
70,58,0d,df,a7,d5,4d,fc,31,ee,95,9b,48,60,bd,82,45,c1,5c,da,aa,89,4c,9d,8b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-07-08 16:27:22
ComboFix-quarantined-files.txt 2010-07-08 20:27
ComboFix2.txt 2010-07-08 15:35
ComboFix3.txt 2010-06-10 12:15
Pre-Run: 71,697,825,792 bytes free
Post-Run: 71,688,097,792 bytes free
- - End Of File - - 9D835C272CA8224231751C6157A0D297
rtphippsjr
2010-07-08, 23:59
DDS (Ver_10-03-17.01) - NTFSx86
Run by t at 16:58:01.93 on Thu 07/08/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1488 [GMT -4:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.ask.com/?o=15438&l=dis
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-26 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-5-14 816672]
=============== Created Last 30 ================
2010-07-08 20:49:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-07-08 20:49:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 20:17:28 0 d-----w- C:\ComboFix
2010-07-08 15:36:28 38848 ----a-w- c:\windows\avastSS.scr
2010-07-06 18:51:35 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM
2010-07-06 18:16:10 0 d-----w- c:\windows\system32\xlive
2010-07-06 18:16:09 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-06 17:31:26 77832 ----a-w- c:\windows\system32\GameuxInstallHelper.dll
2010-07-06 17:31:26 44552 ----a-w- c:\windows\system32\FirewallInstallHelper.dll
2010-07-01 12:05:29 0 d-----w- c:\program files\Rockstar Games
2010-07-01 09:45:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-01 08:25:35 0 d-----w- c:\program files\Flagship Studios
2010-07-01 01:08:49 0 d-----w- c:\program files\Comical
2010-06-30 00:59:50 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2010-06-26 20:41:19 0 d-----w- c:\program files\Trend Micro
2010-06-25 07:54:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Tages
2010-06-25 07:53:48 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-25 07:53:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-24 00:20:28 0 d-----w- c:\documents and settings\t\DesktoapII
2010-06-23 23:50:25 0 d-----w- c:\windows\system32\Adobe
2010-06-22 09:44:16 0 d-----w- c:\program files\Freelancer Companion
2010-06-21 10:13:06 0 d-----w- c:\program files\Freelancer Mod Manager
2010-06-21 09:20:45 0 d-----w- c:\program files\Microsoft Games
2010-06-18 07:13:23 0 d-----w- c:\docume~1\t\applic~1\fltk.org
2010-06-11 07:03:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-06-10 16:07:22 0 d-----w- c:\program files\VUGames
2010-06-10 12:07:31 98816 ----a-w- c:\windows\sed.exe
2010-06-10 12:07:31 77312 ----a-w- c:\windows\MBR.exe
2010-06-10 12:07:31 256512 ----a-w- c:\windows\PEV.exe
2010-06-10 12:07:31 161792 ----a-w- c:\windows\SWREG.exe
==================== Find3M ====================
2010-05-16 21:18:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll
============= FINISH: 16:58:25.73 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2010 5:18:13 AM
System Uptime: 7/8/2010 4:52:53 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | M2N-VM DVI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | CPU 1 | 2500/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 233 GiB total, 71.216 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP7: 2/20/2010 10:28:47 PM - System Checkpoint
RP8: 2/21/2010 11:15:16 PM - System Checkpoint
RP9: 2/22/2010 4:38:18 PM - Installed Windows KB954550-v5.
RP10: 2/22/2010 4:38:25 PM - Printer Driver Microsoft XPS Document Writer Installed
RP11: 2/22/2010 4:38:33 PM - Printer Driver Microsoft XPS Document Writer Installed
RP12: 2/24/2010 7:35:34 AM - System Checkpoint
RP13: 2/25/2010 9:24:41 AM - System Checkpoint
RP14: 2/26/2010 9:50:40 AM - System Checkpoint
RP15: 2/27/2010 10:56:14 AM - System Checkpoint
RP16: 2/28/2010 11:50:40 AM - System Checkpoint
RP17: 3/1/2010 3:38:21 PM - System Checkpoint
RP18: 3/2/2010 5:11:11 PM - System Checkpoint
RP19: 3/3/2010 7:28:31 PM - System Checkpoint
RP20: 3/4/2010 7:50:37 PM - System Checkpoint
RP21: 3/5/2010 7:51:40 PM - System Checkpoint
RP22: 3/6/2010 4:40:35 AM - Installed Demon Stone
RP23: 3/7/2010 3:48:43 AM - Removed Temple of Elemental Evil
RP24: 3/7/2010 3:49:17 AM - Removed Demon Stone
RP25: 3/8/2010 3:50:36 AM - System Checkpoint
RP26: 3/9/2010 4:50:35 AM - System Checkpoint
RP27: 3/10/2010 7:27:22 AM - Restore Operation
RP28: 3/10/2010 8:44:13 AM - Software Distribution Service 3.0
RP29: 3/11/2010 10:48:54 AM - System Checkpoint
RP30: 3/12/2010 11:27:38 AM - System Checkpoint
RP31: 3/12/2010 1:11:32 PM - Avg8 Update
RP32: 3/12/2010 1:12:57 PM - Avg Update
RP33: 3/13/2010 1:16:16 PM - System Checkpoint
RP34: 3/14/2010 3:17:22 PM - System Checkpoint
RP35: 3/15/2010 3:41:34 PM - System Checkpoint
RP36: 3/16/2010 3:44:15 PM - System Checkpoint
RP37: 3/17/2010 8:47:37 AM - Avg Update
RP38: 3/18/2010 9:44:15 AM - System Checkpoint
RP39: 3/19/2010 12:38:16 PM - System Checkpoint
RP40: 3/20/2010 12:44:17 PM - System Checkpoint
RP41: 3/21/2010 7:08:40 PM - System Checkpoint
RP42: 3/22/2010 5:50:41 AM - Installed Steam
RP43: 3/22/2010 6:10:30 AM - Installed DirectX
RP44: 3/23/2010 10:43:02 AM - System Checkpoint
RP45: 3/23/2010 9:09:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP46: 3/23/2010 9:32:39 PM - Software Distribution Service 3.0
RP47: 3/23/2010 9:52:39 PM - Installed Dual-Core Optimizer.
RP48: 3/24/2010 9:11:27 AM - Installed DirectX
RP49: 3/24/2010 9:12:19 AM - Installed Windows XP Wdf01007.
RP50: 3/25/2010 12:48:58 PM - System Checkpoint
RP51: 3/25/2010 3:02:45 PM - Installed Windows XP WgaNotify.
RP52: 3/26/2010 4:32:44 AM - Restore Operation
RP53: 3/27/2010 4:38:06 AM - System Checkpoint
RP54: 3/28/2010 4:39:44 AM - System Checkpoint
RP55: 3/28/2010 1:53:20 PM - Installed Nero 8 Essentials
RP56: 3/29/2010 2:04:46 PM - System Checkpoint
RP57: 3/30/2010 3:03:30 PM - System Checkpoint
RP58: 3/31/2010 3:04:35 PM - System Checkpoint
RP59: 4/1/2010 6:55:48 PM - System Checkpoint
RP60: 4/2/2010 7:04:35 PM - System Checkpoint
RP61: 4/3/2010 8:03:31 PM - System Checkpoint
RP62: 4/4/2010 9:03:30 PM - System Checkpoint
RP63: 4/5/2010 10:03:30 PM - System Checkpoint
RP64: 4/7/2010 10:16:38 PM - System Checkpoint
RP65: 4/8/2010 11:03:17 PM - System Checkpoint
RP66: 4/10/2010 12:03:16 AM - System Checkpoint
RP67: 4/11/2010 1:03:16 AM - System Checkpoint
RP68: 4/12/2010 2:03:17 AM - System Checkpoint
RP69: 4/13/2010 3:03:17 AM - System Checkpoint
RP70: 4/14/2010 4:03:17 AM - System Checkpoint
RP71: 4/15/2010 4:36:09 AM - System Checkpoint
RP72: 4/16/2010 6:54:14 AM - System Checkpoint
RP73: 4/17/2010 7:03:17 AM - System Checkpoint
RP74: 4/18/2010 8:03:17 AM - System Checkpoint
RP75: 4/19/2010 8:40:46 AM - System Checkpoint
RP76: 4/20/2010 9:40:46 AM - System Checkpoint
RP77: 4/21/2010 12:22:24 PM - System Checkpoint
RP78: 4/22/2010 12:40:46 PM - System Checkpoint
RP79: 4/23/2010 3:05:03 PM - System Checkpoint
RP80: 4/24/2010 3:43:38 PM - System Checkpoint
RP81: 4/25/2010 4:42:32 PM - System Checkpoint
RP82: 4/26/2010 4:43:37 PM - System Checkpoint
RP83: 4/27/2010 5:43:37 PM - System Checkpoint
RP84: 4/28/2010 6:42:32 PM - System Checkpoint
RP85: 4/29/2010 6:54:53 PM - System Checkpoint
RP86: 4/30/2010 7:49:57 PM - System Checkpoint
RP87: 5/1/2010 7:51:02 PM - System Checkpoint
RP88: 5/13/2010 1:11:51 PM - System Checkpoint
RP89: 5/15/2010 12:23:10 AM - System Checkpoint
RP90: 5/15/2010 12:52:35 PM - Avg Update
RP91: 5/15/2010 1:01:25 PM - Avg Update
RP92: 5/16/2010 1:02:46 PM - System Checkpoint
RP93: 5/16/2010 5:18:09 PM - SPTD setup V1.62
RP94: 5/16/2010 6:01:17 PM - Installed DirectX
RP95: 5/17/2010 6:42:03 PM - System Checkpoint
RP96: 5/18/2010 11:48:18 PM - System Checkpoint
RP97: 5/19/2010 3:00:16 AM - Software Distribution Service 3.0
RP98: 5/20/2010 3:02:43 AM - System Checkpoint
RP99: 5/21/2010 4:02:43 AM - System Checkpoint
RP100: 5/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP101: 5/25/2010 11:43:52 AM - FiOS Installation
RP102: 5/25/2010 6:12:40 PM - Removed Ask Toolbar.
RP103: 5/26/2010 3:00:19 AM - Software Distribution Service 3.0
RP104: 5/26/2010 1:34:23 PM - avast! Free Antivirus Setup
RP105: 5/29/2010 7:46:38 PM - Removed AVG Free 9.0
RP106: 6/10/2010 8:07:40 AM - ComboFix created restore point
RP107: 6/11/2010 3:00:21 AM - Software Distribution Service 3.0
RP108: 6/16/2010 3:32:18 PM - Installed SPORE™
RP109: 6/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP110: 6/24/2010 7:15:52 AM - Free Registry Fix restore point
RP111: 6/25/2010 3:52:37 AM - Installed DirectX
RP112: 6/26/2010 4:41:17 PM - Installed HiJackThis
RP113: 6/29/2010 8:51:51 PM - Installed Gothic III
RP114: 6/29/2010 8:59:47 PM - Installed Gothic III Release Update
RP115: 6/29/2010 9:00:55 PM - Installed Gothic III Update 1.08
RP116: 6/29/2010 9:01:53 PM - Installed Gothic III Update 1.09
RP117: 6/29/2010 9:02:09 PM - Installed Gothic III Update 1.12
RP118: 6/30/2010 10:22:26 AM - Removed Gothic III
RP119: 6/30/2010 10:25:54 AM - Removed SPORE™
RP120: 7/1/2010 4:25:28 AM - Installed Hellgate: London
RP121: 7/1/2010 8:03:57 AM - Installed Bully Scholarship Edition
RP122: 7/6/2010 1:32:47 PM - Installed DirectX
RP123: 7/6/2010 2:14:53 PM - Installed DirectX
RP124: 7/6/2010 2:16:08 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP125: 7/6/2010 2:16:37 PM - Installed Rockstar Games Social Club
RP126: 7/6/2010 2:36:52 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP127: 7/6/2010 2:37:25 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP128: 7/6/2010 2:42:41 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP129: 7/6/2010 2:42:59 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP130: 7/6/2010 2:49:21 PM - Installed Grand Theft Auto IV
RP131: 7/8/2010 11:28:21 AM - ComboFix created restore point
RP132: 7/8/2010 4:30:57 PM - Removed Adobe Reader 7.0
RP133: 7/8/2010 4:31:28 PM - Configured Bully Scholarship Edition
RP134: 7/8/2010 4:42:44 PM - Installed Adobe Reader 9.3.
RP135: 7/8/2010 4:45:55 PM - Removed Gothic III Release Update
RP136: 7/8/2010 4:47:43 PM - Removed Java(TM) 6 Update 16
RP137: 7/8/2010 4:48:45 PM - Installed Java(TM) 6 Update 21
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
avast! Free Antivirus
AviSynth 2.5
CCleaner
Comical 0.8
Dragon Age: Origins
Dual-Core Optimizer
EclindneLoc
Freelancer
Freelancer Companion 2.01
Google Chrome
Grand Theft Auto IV
Hellgate: London
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Java Auto Updater
Java(TM) 6 Update 21
Killing Floor
Left 4 Dead
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2
Microsoft XML Parser
Mount&Blade Warband
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.1
PeerGuardian 2.0
Realtek High Definition Audio Driver
Risen
Security Update for Windows XP (KB923789)
SIW version 2010.04.28
Steam
System Requirements Lab
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebFldrs XP
Windows Essentials Media Codec Pack 2.3d
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
==== Event Viewer Messages From Past Week ========
7/8/2010 4:33:08 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}
7/8/2010 11:36:30 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
7/8/2010 11:29:12 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/6/2010 3:40:37 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 899e4978, parameter3 899e4aec, parameter4 805d2954.
7/6/2010 3:35:22 PM, error: System Error [1003] - Error code 10000050, parameter1 e4cc8000, parameter2 00000000, parameter3 b0e01c3e, parameter4 00000001.
==== End Of File ===========================
rtphippsjr
2010-07-09, 02:55
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, July 8, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, July 08, 2010 17:09:46
Records in database: 4242510
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Objects scanned 145619
Threats found 3
Infected objects found 5
Suspicious objects found 0
Scan duration 02:22:35
File name Threat Threats count
C:\Documents and Settings\t\Application Data\Sun\Java\Deployment\cache\6.0\21\29d9bb55-1becea72 Infected: Trojan-Downloader.Java.Agent.fe 3
C:\Documents and Settings\t\Application Data\Sun\Java\Deployment\cache\6.0\22\27c3f96-18e91723 Infected: Exploit.Java.Agent.ar 1
C:\Documents and Settings\t\Application Data\Sun\Java\Deployment\cache\6.0\22\27c3f96-18e91723 Infected: Exploit.Java.Agent.as 1
Selected area has been scanned.
Hi,
Delete these files if found:
C:\Documents and Settings\t\Application Data\Sun\Java\Deployment\cache\6.0\21\29d9bb55-1becea72
C:\Documents and Settings\t\Application Data\Sun\Java\Deployment\cache\6.0\22\27c3f96-18e91723
How's the system running?
rtphippsjr
2010-07-09, 17:18
Deleted the files but the system is still acting sluggish.
Has the hard drive been defragmented lately? One other downside with p2p programs is that those fragment hard drive making system slower.
rtphippsjr
2010-07-09, 22:03
Defraged last week.
New problem. My my comp is idling a DDS report flash's on the screen for a few seconds and then disappears. Why is that.
Could you elaborate, please? Do you mean that you tried to run DDS and it stopped? If so try after a reboot.
rtphippsjr
2010-07-10, 15:35
No. Here is an example. Last night I feel asleep in front of my comp. Suddenly a DDS report flashed onto my screen. It lasted for about 5 seconds. I have not run DDS since the last time you asked me to. I also sat and watched it for a while and saw it pop up twice more over an hour. Now When I am actually using my computer though I have not seen it pop up.
That's something I have never heard anyone saying before.
Anyway, to me posted logs look clean. Instructions here (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html) may help with system performance.
Below is a list of the final steps to take.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Run Secunia vulnerability check here (http://secunia.com/vulnerability_scanning/online/) and fix its findings.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.