humblecheesecake
2011-09-25, 23:16
Hello, and thank you so much in advance. I have a fairly new computer with Windows XP SP3, which started acting buggy about a week ago. The first thing I noticed is that my google clicks (on Chrome) were being redirected by sites like "jollysearchengine" etc. I've tried downloading Spybot, MBAM, AVG, and AdAware.
Spybot and MBAM's executable files won't start--I get a windows error message saying I may not have permissions to open the file. (Spybot will update, however, on first run.) I've run as Ryan (administrator), and as plain "Administrator" in safe mode. I've tried various renaming approaches, but I still get the message. AdAware "can't connect to the service", and AVG wouldn't finish install.
I then tried a handful of system restores from 1, 2, and 3 weeks earlier, to no luck. (Some did funny things such as mangle my keyboard driver; I finally stuck to one where I was able to install AVG. But even then, after only one successful scan where malware was found, AVG would only run scans 1 second in length, of 0 files.) I've since installed Avira, which seems to detect different things constantly via annoying notifications. When I click "remove" on any of them, it seems like it's not doing anything other than hiding the notification.
My computer is also running much more slowly, and preventing me from effectively doing certain school assignments.
Thanks again,
Ryan
:D:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ryan at 15:07:41 on 2011-09-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.1732 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Vuze\Azureus.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\ryan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
mRun: [UnlockerAssistant] "c:\windows\system32\UnlockerAssistant.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NortonOnlineBackup] c:\program files\symantec\norton online backup\NOBuClient.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [WUSB54Gv4] c:\program files\linksys wireless-g usb wireless network monitor\InvokeSvc3.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [ctfmon.exe] ctfmon.exe
dRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{2A5235AD-192B-435F-8916-D490017C23D3} : DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: schannel.dll, credssp.dll, digest.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-9-20 11608]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-20 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-20 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-20 66616]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\daodb\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-6-1 30392]
S2 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2010-4-22 136616]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
S2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\nobuagent.exe service --> c:\program files\symantec\norton online backup\NOBuAgent.exe service [?]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-6-1 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-5-13 101904]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 MSICDSetup;MSICDSetup;\??\e:\cdriver.sys --> e:\CDriver.sys [?]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2011-8-22 264576]
.
=============== Created Last 30 ================
.
2011-09-20 06:46:38 -------- d-----w- c:\windows\system32\NtmsData
2011-09-20 06:34:37 -------- d-----w- c:\documents and settings\ryan\application data\Avira
2011-09-20 06:24:37 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-20 06:24:37 -------- d-----w- c:\program files\Avira
2011-09-20 06:24:37 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-09-20 06:03:32 -------- d-----w- c:\program files\Szzzzz
2011-09-20 05:58:33 -------- d-----w- c:\program files\AVG Secure Search
2011-09-20 05:38:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-20 05:38:46 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-20 04:16:10 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2011-09-20 04:16:09 -------- d-----w- C:\HP
2011-09-20 03:34:11 -------- d-----w- c:\documents and settings\ryan\application data\AVG2012
2011-09-20 03:33:24 -------- d-----w- c:\documents and settings\ryan\application data\AVG Secure Search
2011-09-20 03:33:21 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-09-20 03:32:58 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-20 03:32:58 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-20 03:32:40 -------- d-----w- c:\program files\AVG
2011-09-20 00:40:45 48016 --sha-w- c:\windows\system32\c_84883.nl_
2011-09-20 00:39:40 -------- d-----w- c:\documents and settings\ryan\application data\Malwarebytes
2011-09-20 00:39:33 -------- d--h--w- c:\windows\PIF
2011-09-19 23:56:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-19 23:56:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-19 23:56:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-19 22:42:14 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-19 22:40:07 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-19 22:38:52 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-19 22:19:54 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-19 22:19:49 -------- d-----w- c:\program files\Lavasoft
2011-09-16 01:06:07 -------- d-----w- c:\program files\TabIt
2011-09-15 08:42:48 -------- d-----w- c:\documents and settings\ryan\.bitrock
2011-09-12 06:37:19 153088 ----a-w- c:\windows\system32\xvid.ax
2011-09-12 06:37:18 -------- d-----w- c:\program files\Xvid
2011-09-12 06:30:52 -------- d-----w- c:\program files\common files\xing shared
2011-09-12 04:57:56 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-09-07 14:18:31 599552 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-08-27 00:05:00 -------- d-----w- C:\PFiles
.
==================== Find3M ====================
.
2011-09-09 09:11:14 599552 ----a-w- c:\windows\system32\crypt32.dll
2011-07-17 23:08:56 17408 ----a-w- c:\windows\system32\drivers\1306959348.sys
2011-07-15 13:29:35 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-11 05:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 05:14:30 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 05:14:28 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 05:14:28 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 05:14:26 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 05:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 05:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 15:08:22.79 ===============
Spybot and MBAM's executable files won't start--I get a windows error message saying I may not have permissions to open the file. (Spybot will update, however, on first run.) I've run as Ryan (administrator), and as plain "Administrator" in safe mode. I've tried various renaming approaches, but I still get the message. AdAware "can't connect to the service", and AVG wouldn't finish install.
I then tried a handful of system restores from 1, 2, and 3 weeks earlier, to no luck. (Some did funny things such as mangle my keyboard driver; I finally stuck to one where I was able to install AVG. But even then, after only one successful scan where malware was found, AVG would only run scans 1 second in length, of 0 files.) I've since installed Avira, which seems to detect different things constantly via annoying notifications. When I click "remove" on any of them, it seems like it's not doing anything other than hiding the notification.
My computer is also running much more slowly, and preventing me from effectively doing certain school assignments.
Thanks again,
Ryan
:D:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ryan at 15:07:41 on 2011-09-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.1732 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Vuze\Azureus.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\ryan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
mRun: [UnlockerAssistant] "c:\windows\system32\UnlockerAssistant.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NortonOnlineBackup] c:\program files\symantec\norton online backup\NOBuClient.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [WUSB54Gv4] c:\program files\linksys wireless-g usb wireless network monitor\InvokeSvc3.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [ctfmon.exe] ctfmon.exe
dRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{2A5235AD-192B-435F-8916-D490017C23D3} : DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: schannel.dll, credssp.dll, digest.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-9-20 11608]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-20 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-20 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-20 66616]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\daodb\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-6-1 30392]
S2 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2010-4-22 136616]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
S2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\nobuagent.exe service --> c:\program files\symantec\norton online backup\NOBuAgent.exe service [?]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-6-1 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-5-13 101904]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 MSICDSetup;MSICDSetup;\??\e:\cdriver.sys --> e:\CDriver.sys [?]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2011-8-22 264576]
.
=============== Created Last 30 ================
.
2011-09-20 06:46:38 -------- d-----w- c:\windows\system32\NtmsData
2011-09-20 06:34:37 -------- d-----w- c:\documents and settings\ryan\application data\Avira
2011-09-20 06:24:37 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-20 06:24:37 -------- d-----w- c:\program files\Avira
2011-09-20 06:24:37 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-09-20 06:03:32 -------- d-----w- c:\program files\Szzzzz
2011-09-20 05:58:33 -------- d-----w- c:\program files\AVG Secure Search
2011-09-20 05:38:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-20 05:38:46 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-20 04:16:10 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2011-09-20 04:16:09 -------- d-----w- C:\HP
2011-09-20 03:34:11 -------- d-----w- c:\documents and settings\ryan\application data\AVG2012
2011-09-20 03:33:24 -------- d-----w- c:\documents and settings\ryan\application data\AVG Secure Search
2011-09-20 03:33:21 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-09-20 03:32:58 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-20 03:32:58 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-20 03:32:40 -------- d-----w- c:\program files\AVG
2011-09-20 00:40:45 48016 --sha-w- c:\windows\system32\c_84883.nl_
2011-09-20 00:39:40 -------- d-----w- c:\documents and settings\ryan\application data\Malwarebytes
2011-09-20 00:39:33 -------- d--h--w- c:\windows\PIF
2011-09-19 23:56:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-19 23:56:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-19 23:56:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-19 22:42:14 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-19 22:40:07 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-19 22:38:52 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-19 22:19:54 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-19 22:19:49 -------- d-----w- c:\program files\Lavasoft
2011-09-16 01:06:07 -------- d-----w- c:\program files\TabIt
2011-09-15 08:42:48 -------- d-----w- c:\documents and settings\ryan\.bitrock
2011-09-12 06:37:19 153088 ----a-w- c:\windows\system32\xvid.ax
2011-09-12 06:37:18 -------- d-----w- c:\program files\Xvid
2011-09-12 06:30:52 -------- d-----w- c:\program files\common files\xing shared
2011-09-12 04:57:56 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-09-07 14:18:31 599552 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-08-27 00:05:00 -------- d-----w- C:\PFiles
.
==================== Find3M ====================
.
2011-09-09 09:11:14 599552 ----a-w- c:\windows\system32\crypt32.dll
2011-07-17 23:08:56 17408 ----a-w- c:\windows\system32\drivers\1306959348.sys
2011-07-15 13:29:35 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-11 05:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 05:14:30 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 05:14:28 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 05:14:28 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 05:14:26 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 05:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 05:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 15:08:22.79 ===============