PDA

View Full Version : Odd browser hijacking



NatMM
2010-11-13, 01:28
Hello! Im having a strange problem which is only happening when I browse facebook. Every so often when I'm on facebook, and only facebook (this never happens when looking at a seperate tab) a new window will randomly appear whcih is directed to the following link -

http://shinedubs.bplaced.de/redirect.php?m=

but every time the window opens it can never connect to the server anyway.

Also, what happens alot is that while im using facebook's chat feature, while im typing, something keeps selecting the address bar in firefox and for about 20 seconds its a furious clickfest between me and this thing, back and forth, so i can keep typing and then it stops, only to happen again a few minutes later.

Very weird! I searched the internet to see if this happened to anyone else but didn't find anything. It's a bit of a hard thing to search for too!

Any help or advice is much appriciated! Here is my DDS log + attachment.

Thank you, Nat.



DDS (Ver_10-11-10.01) - NTFSx86
Run by Nat at 1:04:18.26 on 13/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3455.1972 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Nat\AppData\Roaming\InstallMon.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Java\jre6\launch4j-tmp\Bloom.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nat\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\nat\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [c:\users\nat\appdata\roaming\installmon.exe] c:\users\nat\appdata\roaming\InstallMon.exe
mRun: [<NO NAME>]
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

================= FIREFOX ===================

FF - ProfilePath - c:\users\nat\appdata\roaming\mozilla\firefox\profiles\ta38zzta.default\
FF - prefs.js: browser.search.defaulturl - hxxp://gb.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://gb.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\nat\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-9 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-9 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-9 60936]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2009-6-10 29184]
S2 freenet;Freenet background service;c:\program files\freenet\bin\wrapper-windows-x86-32.exe [2009-10-23 241664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]

=============== Created Last 30 ================

2010-11-11 15:29:49 -------- d-----w- c:\program files\Bloom
2010-11-09 18:54:15 -------- d-----w- c:\users\nat\appdata\roaming\Avira
2010-11-09 18:36:36 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-09 18:36:35 -------- d-----w- c:\program files\Avira
2010-11-09 18:36:35 -------- d-----w- c:\progra~2\Avira
2010-11-09 17:38:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-09 17:38:22 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-08 13:58:31 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2010-11-06 15:48:05 -------- d-----w- c:\users\nat\appdata\local\FalloutNV
2010-11-06 14:11:28 -------- d-----w- C:\fallout vegas
2010-11-06 11:06:11 -------- d-----w- c:\users\nat\appdata\local\SKIDROW
2010-11-06 09:36:28 -------- d-----w- c:\users\nat\appdata\local\My Games
2010-11-06 09:30:59 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-11-06 09:20:31 -------- d-----w- c:\program files\Sid Meier's Civilization V

==================== Find3M ====================


============= FINISH: 1:05:12.66 ===============

Blade81
2010-11-15, 21:22
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
Freenet


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go and uninstall the programs listed above (in red).

Post fresh dds logs when done.

NatMM
2010-11-16, 13:25
Both uninstalled. Here are my fresh logs. :thanks:


DDS (Ver_10-11-10.01) - NTFSx86
Run by Nat at 13:22:24.92 on 16/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3455.2542 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Nat\AppData\Roaming\InstallMon.exe
C:\Program Files\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nat\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\nat\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [c:\users\nat\appdata\roaming\installmon.exe] c:\users\nat\appdata\roaming\InstallMon.exe
mRun: [<NO NAME>]
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\nat\appdata\roaming\mozilla\firefox\profiles\ta38zzta.default\
FF - prefs.js: browser.search.defaulturl - hxxp://gb.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://gb.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\nat\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-9 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-9 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-9 60936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2009-6-10 29184]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2010-11-16 08:20:07 -------- d-----r- c:\program files\Modern Warfare 2
2010-11-16 05:31:16 -------- d-----w- c:\users\nat\appdata\local\Activision
2010-11-16 05:30:54 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-11-16 05:30:54 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-11-16 05:30:54 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-11-16 05:30:54 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-11-16 05:30:53 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-11-16 05:30:53 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-11-16 05:30:53 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-11-16 05:30:53 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-11-16 05:30:53 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-11-16 05:30:53 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-11-16 05:30:53 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-11-16 05:30:52 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-11-16 05:05:40 -------- d-----w- c:\program files\Activision
2010-11-13 06:34:32 -------- d-----w- c:\users\nat\appdata\local\2K Games
2010-11-13 06:20:08 -------- d-----w- c:\program files\2K Games
2010-11-11 15:29:49 -------- d-----w- c:\program files\Bloom
2010-11-09 18:54:15 -------- d-----w- c:\users\nat\appdata\roaming\Avira
2010-11-09 18:36:36 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-09 18:36:35 -------- d-----w- c:\program files\Avira
2010-11-09 18:36:35 -------- d-----w- c:\progra~2\Avira
2010-11-09 17:38:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-09 17:38:22 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-08 13:58:31 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2010-11-06 15:48:05 -------- d-----w- c:\users\nat\appdata\local\FalloutNV
2010-11-06 14:11:28 -------- d-----w- C:\fallout vegas
2010-11-06 11:06:11 -------- d-----w- c:\users\nat\appdata\local\SKIDROW
2010-11-06 09:36:28 -------- d-----w- c:\users\nat\appdata\local\My Games
2010-11-06 09:30:59 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-11-06 09:20:31 -------- d-----w- c:\program files\Sid Meier's Civilization V

==================== Find3M ====================

2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-16 18:55:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-10-16 18:55:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 10:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 10:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 10:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 10:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll

============= FINISH: 13:23:25.28 ===============

Blade81
2010-11-16, 19:23
Hi,

Does the browser issue bother just Firefox or Internet Explorer too?

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Please post contents of that file in your next reply.

----

Please Download Rootkit Unhooker (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE) Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?

NatMM
2010-11-16, 22:13
Good question! Since upgrading to windows 7 I have actually had IE diabled through the turn windows features on and off menu, so I re-enabled it and now when browing to facebook it also opens up a new window to the same address I posted earlier. Weird! So, I decided to try it with google chrome too but nothing seems to happen. I bet this would make some good advertising as to why to switch to chrome! ;)

Here is the first report from Malwarebytes' Anti-Malware. I was unable to download Rootkit Unhooker or even reach the main rootkit.com website or any part of it.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5128

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16/11/2010 22:12:28
mbam-log-2010-11-16 (22-12-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 405878
Time elapsed: 2 hour(s), 30 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Nat\AppData\Roaming\Microsoft\a1.7z (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Nat\AppData\Roaming\Microsoft\n (Malware.Traces) -> Quarantined and deleted successfully.

NatMM
2010-11-16, 22:50
Well, I probably should have checked sooner... The popup window is no longer appearing after the last scan and removal. Seems that's all that was needed.

How is it that none of the different anti virus programs I try from time to time never seem to be enough whenever something like this crops up and I always end up needing to use a tool that I don't know of.

Thanks for the help none the less! Does something still need to be done to make sure it wont re-infect me since I was unable to download and run the rootkit scanner? We'll see!

Nat

NatMM
2010-11-17, 07:47
Update: Well, I turned on my computer this morning and it's back! I though to try again thw two steps you suggested in your most recent post but I still cant download Rootkit Unhooker.

Blade81
2010-11-17, 15:43
Hi,


Please download Rootkit Unhooker (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE) Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?

NatMM
2010-11-17, 15:57
Thant link does not work for me and neither does the main host website rootkit.com. All the browsers I try say they cant connect to that website.

Blade81
2010-11-17, 16:02
Let's try to run GMER instead:
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

NatMM
2010-11-17, 17:03
GMER Log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-17 17:02:37
Windows 6.1.7600
Running: 4r0nru6w.exe; Driver: C:\Users\Nat\AppData\Local\Temp\uwldqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C915C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB6052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\dvrur.sys The system cannot find the path specified. !
? System32\Drivers\spde.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 92169CA0 5 Bytes JMP 85A694E0
.text a78un4p9.SYS 931BA000 12 Bytes [44, C8, C1, 82, EE, C6, C1, ...]
.text a78un4p9.SYS 931BA00D 9 Bytes [A7, C1, 82, 48, CB, C1, 82, ...]
.text a78un4p9.SYS 931BA017 170 Bytes [00, DE, 07, 19, 8C, E6, 05, ...]
.text a78un4p9.SYS 931BA0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a78un4p9.SYS 931BA0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9D701000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9D701123 32 Bytes [C5, 6F, 9D, FE, 05, 34, C5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50D4 9D701144 596 Bytes [6F, 9D, A0, 34, C5, 6F, 9D, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9D701399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9D7013FF 136 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...
? C:\Users\Nat\AppData\Local\Temp\ALSysIO.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3008] USER32.dll!TrackPopupMenu 77274B3B 5 Bytes JMP 66935CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtCreateFile + 6 77554A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtCreateFile + B 77554A1B 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtMapViewOfSection + 6 77555076 1 Byte [28]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtMapViewOfSection + 6 77555076 4 Bytes [28, 03, 07, 00]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtMapViewOfSection + B 7755507B 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenFile + 6 77555126 4 Bytes [68, 00, 07, 00]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenFile + B 7755512B 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenProcess + 6 775551D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenProcess + B 775551DB 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenProcessToken + B 775551EB 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenProcessTokenEx + 6 775551F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenProcessTokenEx + B 775551FB 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenThread + 6 77555256 4 Bytes [68, 01, 07, 00]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenThread + B 7755525B 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenThreadToken + 6 77555266 4 Bytes [68, 02, 07, 00]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenThreadToken + B 7755526B 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtOpenThreadTokenEx + B 7755527B 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtQueryAttributesFile + 6 77555386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtQueryAttributesFile + B 7755538B 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtQueryFullAttributesFile + B 7755543B 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtSetInformationFile + 6 77555A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtSetInformationFile + B 77555A8B 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtSetInformationThread + 6 77555AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtSetInformationThread + B 77555AEB 1 Byte [E2]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtUnmapViewOfSection + 6 77555E06 1 Byte [68]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtUnmapViewOfSection + 6 77555E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe[3016] ntdll.dll!NtUnmapViewOfSection + B 77555E0B 1 Byte [E2]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3224] ntdll.dll!LdrLoadDll 7756F585 5 Bytes JMP 00FE13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8C094042] \SystemRoot\System32\Drivers\spde.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8C0946D6] \SystemRoot\System32\Drivers\spde.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8C094800] \SystemRoot\System32\Drivers\spde.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8C09413E] \SystemRoot\System32\Drivers\spde.sys
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a78un4p9.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Users\Nat\AppData\Roaming\InstallMon.exe[1848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Nat\AppData\Roaming\InstallMon.exe[1848] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Nat\AppData\Roaming\InstallMon.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Nat\AppData\Roaming\InstallMon.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Nat\AppData\Roaming\InstallMon.exe[1848] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [755B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85A271F8
Device \FileSystem\fastfat \FatCdrom 86EF01F8
Device \Driver\volmgr \Device\VolMgrControl 85A231F8
Device \Driver\usbuhci \Device\USBPDO-0 86B881F8
Device \Driver\usbuhci \Device\USBPDO-1 86B881F8
Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-2 86B881F8
Device \Driver\usbuhci \Device\USBPDO-3 86B881F8
Device \Driver\usbehci \Device\USBPDO-4 86B8A500
Device \Driver\volmgr \Device\HarddiskVolume1 85A231F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 85A231F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86BB6500
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 85A251F8
Device \Driver\atapi \Device\Ide\IdePort0 85A251F8
Device \Driver\atapi \Device\Ide\IdePort1 85A251F8
Device \Driver\atapi \Device\Ide\IdePort2 85A251F8
Device \Driver\atapi \Device\Ide\IdePort3 85A251F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 85A251F8
Device \Driver\volmgr \Device\HarddiskVolume3 85A231F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 86BB6500
Device \Driver\volmgr \Device\HarddiskVolume4 85A231F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume5 85A231F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume6 85A231F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000076 874181F8
Device \Driver\USBSTOR \Device\00000069 874181F8
Device \Driver\USBSTOR \Device\00000077 874181F8
Device \Driver\volmgr \Device\HarddiskVolume7 85A231F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 86C5E1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A76D0990-9CC3-422D-AD5F-1828EBC7C29E} 86C5E1F8
Device \Driver\USBSTOR \Device\00000079 874181F8
Device \Driver\PCI_PNP1850 \Device\0000004d spde.sys
Device \Driver\USBSTOR \Device\0000006b 874181F8
Device \Driver\sptd \Device\3122119851 spde.sys
Device \Driver\USBSTOR \Device\0000006c 874181F8
Device \Driver\usbuhci \Device\USBFDO-0 86B881F8
Device \Driver\USBSTOR \Device\0000007a 874181F8
Device \Driver\USBSTOR \Device\0000006d 874181F8
Device \Driver\usbuhci \Device\USBFDO-1 86B881F8
Device \Driver\USBSTOR \Device\0000006e 874181F8
Device \Driver\usbuhci \Device\USBFDO-2 86B881F8
Device \Driver\usbuhci \Device\USBFDO-3 86B881F8
Device \Driver\usbehci \Device\USBFDO-4 86B8A500
Device \Driver\a78un4p9 \Device\Scsi\a78un4p91 86BB21F8
Device \Driver\a78un4p9 \Device\Scsi\a78un4p91Port4Path0Target0Lun0 86BB21F8
Device \FileSystem\fastfat \Fat 86EF01F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 87551500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0x47 0x60 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0x8D 0x8A 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE5 0x5A 0x4C 0x09 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x51 0x5F 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0x8D 0x8A 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE5 0x5A 0x4C 0x09 ...

---- EOF - GMER 1.0.15 ----

Blade81
2010-11-17, 20:59
Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

NatMM
2010-11-18, 14:09
Ok here are the two logs. Combofix + DDS. So far the problem seems to have gone!


ComboFix 10-11-17.02 - Nat 18/11/2010 13:41:43.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3455.2120 [GMT 2:00]
Running from: c:\users\Nat\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Nat\AppData\Roaming\7za.exe
c:\windows\system32\drivers\fdiryf.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovtue


((((((((((((((((((((((((( Files Created from 2010-10-18 to 2010-11-18 )))))))))))))))))))))))))))))))
.

2010-11-18 11:49 . 2010-11-18 11:52 -------- d-----w- c:\users\Nat\AppData\Local\temp
2010-11-18 11:49 . 2010-11-18 11:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-17 20:32 . 2010-11-17 20:32 -------- d-----w- c:\programdata\ALM
2010-11-17 20:26 . 2010-11-17 20:26 -------- d-----w- c:\users\Nat\Adobe Flash Builder 4
2010-11-17 20:12 . 2010-03-27 16:06 67032 ----a-w- c:\program files\Mozilla Firefox\plugins\npContribute.dll
2010-11-17 20:01 . 2010-11-17 20:01 -------- d-----w- c:\program files\My Company Name
2010-11-17 08:59 . 2010-11-17 08:59 -------- d-----w- C:\OC
2010-11-16 17:40 . 2010-11-16 17:40 -------- d-----w- c:\users\Nat\AppData\Roaming\Malwarebytes
2010-11-16 17:40 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-16 17:40 . 2010-11-16 17:40 -------- d-----w- c:\programdata\Malwarebytes
2010-11-16 17:39 . 2010-11-16 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-16 17:39 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-16 15:12 . 2010-11-18 09:15 -------- d-----w- c:\program files\Core Temp
2010-11-16 08:20 . 2010-11-18 10:31 -------- d-----r- c:\program files\Modern Warfare 2
2010-11-16 05:31 . 2010-11-16 05:31 -------- d-----w- c:\users\Nat\AppData\Local\Activision
2010-11-16 05:30 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-11-16 05:30 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-11-16 05:30 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-11-16 05:30 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-11-16 05:30 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-11-16 05:30 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-11-16 05:30 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-11-16 05:30 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-11-16 05:30 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-11-16 05:30 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-11-16 05:30 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-11-16 05:30 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-11-16 05:05 . 2010-11-16 05:05 -------- d-----w- c:\program files\Activision
2010-11-15 09:04 . 2010-11-15 09:04 -------- d-----w- c:\program files\Common Files\Skype
2010-11-13 06:34 . 2010-11-13 06:34 -------- d-----w- c:\users\Nat\AppData\Local\2K Games
2010-11-13 06:20 . 2010-11-13 06:20 -------- d-----w- c:\program files\2K Games
2010-11-11 15:29 . 2010-11-11 15:29 -------- d-----w- c:\program files\Bloom
2010-11-09 18:54 . 2010-11-09 18:54 -------- d-----w- c:\users\Nat\AppData\Roaming\Avira
2010-11-09 18:36 . 2010-08-02 14:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-09 18:36 . 2010-08-02 14:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-09 18:36 . 2010-11-09 18:36 -------- d-----w- c:\programdata\Avira
2010-11-09 18:36 . 2010-11-09 18:36 -------- d-----w- c:\program files\Avira
2010-11-09 17:38 . 2010-11-09 18:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-09 17:38 . 2010-11-09 18:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-08 13:58 . 2010-11-08 13:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-11-08 13:53 . 2010-11-08 13:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-06 15:48 . 2010-11-06 15:48 -------- d-----w- c:\users\Nat\AppData\Local\FalloutNV
2010-11-06 14:11 . 2010-11-18 06:36 -------- d-----w- C:\fallout vegas
2010-11-06 11:06 . 2010-11-06 11:06 -------- d-----w- c:\users\Nat\AppData\Local\SKIDROW
2010-11-06 09:36 . 2010-11-06 09:36 -------- d-----w- c:\users\Nat\AppData\Local\My Games
2010-11-06 09:30 . 2006-11-29 11:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-11-06 09:20 . 2010-11-06 12:14 -------- d-----w- c:\program files\Sid Meier's Civilization V

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-16 18:55 . 2010-11-13 07:20 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 18:55 . 2010-04-06 05:35 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 10:42 . 2010-10-16 10:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 10:42 . 2010-10-16 10:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 10:42 . 2010-10-16 10:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 10:42 . 2010-10-16 10:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\users\Nat\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-19 136176]
"c:\users\Nat\AppData\Roaming\InstallMon.exe"="c:\users\Nat\AppData\Roaming\InstallMon.exe" [2010-06-26 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2010-03-19 4817664]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2010-03-19 58112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-19 149280]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Freenet Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Freenet Tray.lnk
backup=c:\windows\pss\Freenet Tray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-19 17:12 136176 ----atw- c:\users\Nat\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 22:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 18:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 14:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-16 07:37 1242448 ----a-w- c:\program files\Steam\steam.exe

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-04 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184]

.
Contents of the 'Scheduled Tasks' folder

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221920909-3364791455-2646380899-1001Core.job
- c:\users\Nat\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 17:12]

2010-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221920909-3364791455-2646380899-1001UA.job
- c:\users\Nat\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 17:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Nat\AppData\Roaming\Mozilla\Firefox\Profiles\ta38zzta.default\
FF - prefs.js: browser.search.defaulturl - hxxp://gb.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://gb.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Nat\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\BOINC\boinc.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\programdata\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_2.17_windows_intelx86.exe
c:\programdata\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_2.17_windows_intelx86.exe
.
**************************************************************************
.
Completion time: 2010-11-18 13:58:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-18 11:58

Pre-Run: 44,015,026,176 bytes free
Post-Run: 44,082,708,480 bytes free

- - End Of File - - 9D3E731ABA13183714C063072051953F



DDS (Ver_10-11-10.01) - NTFSx86
Run by Nat at 14:07:44.45 on 18/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3455.2357 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Nat\AppData\Roaming\InstallMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_2.17_windows_intelx86.exe
C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_2.17_windows_intelx86.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nat\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Google Update] "c:\users\nat\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [c:\users\nat\appdata\roaming\installmon.exe] c:\users\nat\appdata\roaming\InstallMon.exe
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\nat\appdata\roaming\mozilla\firefox\profiles\ta38zzta.default\
FF - prefs.js: browser.search.defaulturl - hxxp://gb.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://gb.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\nat\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-9 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-9 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-9 60936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2009-6-10 29184]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2010-11-18 11:51:48 -------- d-----w- C:\$RECYCLE.BIN
2010-11-18 11:49:30 -------- d-----w- c:\users\nat\appdata\local\temp
2010-11-18 11:38:47 98816 ----a-w- c:\windows\sed.exe
2010-11-18 11:38:47 89088 ----a-w- c:\windows\MBR.exe
2010-11-18 11:38:47 256512 ----a-w- c:\windows\PEV.exe
2010-11-18 11:38:47 161792 ----a-w- c:\windows\SWREG.exe
2010-11-17 20:32:38 -------- d-----w- c:\progra~2\ALM
2010-11-17 20:26:27 -------- d-----w- c:\users\nat\Adobe Flash Builder 4
2010-11-17 20:12:36 67032 ----a-w- c:\program files\mozilla firefox\plugins\npContribute.dll
2010-11-17 20:01:46 -------- d-----w- c:\program files\My Company Name
2010-11-17 08:59:10 -------- d-----w- C:\OC
2010-11-16 17:40:10 -------- d-----w- c:\users\nat\appdata\roaming\Malwarebytes
2010-11-16 17:40:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-16 17:40:00 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-16 17:39:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-16 17:39:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-16 15:12:48 -------- d-----w- c:\program files\Core Temp
2010-11-16 08:20:07 -------- d-----r- c:\program files\Modern Warfare 2
2010-11-16 05:31:16 -------- d-----w- c:\users\nat\appdata\local\Activision
2010-11-16 05:30:54 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-11-16 05:30:54 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-11-16 05:30:54 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-11-16 05:30:54 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-11-16 05:30:53 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-11-16 05:30:53 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-11-16 05:30:53 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-11-16 05:30:53 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-11-16 05:30:53 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-11-16 05:30:53 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-11-16 05:30:53 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-11-16 05:30:52 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-11-16 05:05:40 -------- d-----w- c:\program files\Activision
2010-11-13 06:34:32 -------- d-----w- c:\users\nat\appdata\local\2K Games
2010-11-13 06:20:08 -------- d-----w- c:\program files\2K Games
2010-11-11 15:29:49 -------- d-----w- c:\program files\Bloom
2010-11-09 18:54:15 -------- d-----w- c:\users\nat\appdata\roaming\Avira
2010-11-09 18:36:36 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-09 18:36:35 -------- d-----w- c:\program files\Avira
2010-11-09 18:36:35 -------- d-----w- c:\progra~2\Avira
2010-11-09 17:38:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-09 17:38:22 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-08 13:58:31 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2010-11-06 15:48:05 -------- d-----w- c:\users\nat\appdata\local\FalloutNV
2010-11-06 14:11:28 -------- d-----w- C:\fallout vegas
2010-11-06 11:06:11 -------- d-----w- c:\users\nat\appdata\local\SKIDROW
2010-11-06 09:36:28 -------- d-----w- c:\users\nat\appdata\local\My Games
2010-11-06 09:30:59 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-11-06 09:20:31 -------- d-----w- c:\program files\Sid Meier's Civilization V

==================== Find3M ====================

2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-16 18:55:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-10-16 18:55:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 10:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 10:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 10:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 10:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll

============= FINISH: 14:08:13.52 ===============

Blade81
2010-11-18, 16:57
Hi,

I've already told you about P2P policy here and you removed related software. However, it appears you've put it back while I've been assisting you and that pretty much shows you're not too interested in keeping system clean. Leaves me no other choice than close the topic.