-
Not Sure whats wrong
Not really sure what is wrong with my pc. For the last few weeks my pc when running any application starts to slow down massively for a minute every few minutes. It does not matter what it is I am running. Not sure if this is something you can help me with or not, but I am hoping it is. Thank you for your time and support.
DDS (Ver_10-03-17.01) - NTFSx86
Run by t at 22:26:47.19 on Mon 06/28/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1081 [GMT -4:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\PeerGuardian2\pg2.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.ask.com/?o=15438&l=dis
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Google Update] "c:\documents and settings\t\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\yan3xiwg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\t\application data\mozilla\firefox\profiles\yan3xiwg.default\extensions\gametapplayer@gametap.com\plugins\npGameTapWebPlayer.dll
FF - plugin: c:\documents and settings\t\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\t\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-26 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-5-14 816672]
=============== Created Last 30 ================
2010-06-27 04:24:39 0 d-----w- c:\docume~1\t\applic~1\uTorrent
2010-06-26 20:41:19 0 d-----w- c:\program files\Trend Micro
2010-06-25 07:54:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Tages
2010-06-25 07:53:48 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-25 07:53:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-25 04:48:29 0 d-----w- c:\program files\The Learning Company
2010-06-24 11:25:13 0 d-----w- c:\program files\Free Window Registry Repair
2010-06-24 11:20:41 0 d-----w- c:\program files\SmartPCTools
2010-06-24 00:20:28 0 d-----w- c:\documents and settings\t\DesktoapII
2010-06-23 23:50:25 0 d-----w- c:\windows\system32\Adobe
2010-06-22 09:44:16 0 d-----w- c:\program files\Freelancer Companion
2010-06-21 10:13:06 0 d-----w- c:\program files\Freelancer Mod Manager
2010-06-21 09:20:45 0 d-----w- c:\program files\Microsoft Games
2010-06-18 07:13:23 0 d-----w- c:\docume~1\t\applic~1\fltk.org
2010-06-16 20:09:41 0 d-----w- c:\docume~1\t\applic~1\SPORE
2010-06-11 07:03:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-06-10 16:07:22 0 d-----w- c:\program files\VUGames
2010-06-10 12:07:31 98816 ----a-w- c:\windows\sed.exe
2010-06-10 12:07:31 77312 ----a-w- c:\windows\MBR.exe
2010-06-10 12:07:31 256512 ----a-w- c:\windows\PEV.exe
2010-06-10 12:07:31 161792 ----a-w- c:\windows\SWREG.exe
2010-06-03 16:31:11 0 d--h--w- c:\windows\system32\GroupPolicy
2010-05-31 08:23:44 0 d-----w- c:\program files\SIW
==================== Find3M ====================
2010-05-16 21:18:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-03 23:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55:31 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55:31 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55:31 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55:31 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55:31 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55:31 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55:31 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55:31 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 22:55:31 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-02 20:54:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-31 04:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
============= FINISH: 22:27:06.02 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2010 5:18:13 AM
System Uptime: 6/22/2010 5:41:30 PM (149 hours ago)
Motherboard: ASUSTeK Computer INC. | | M2N-VM DVI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | CPU 1 | 2500/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 233 GiB total, 39.013 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP7: 2/20/2010 10:28:47 PM - System Checkpoint
RP8: 2/21/2010 11:15:16 PM - System Checkpoint
RP9: 2/22/2010 4:38:18 PM - Installed Windows KB954550-v5.
RP10: 2/22/2010 4:38:25 PM - Printer Driver Microsoft XPS Document Writer Installed
RP11: 2/22/2010 4:38:33 PM - Printer Driver Microsoft XPS Document Writer Installed
RP12: 2/24/2010 7:35:34 AM - System Checkpoint
RP13: 2/25/2010 9:24:41 AM - System Checkpoint
RP14: 2/26/2010 9:50:40 AM - System Checkpoint
RP15: 2/27/2010 10:56:14 AM - System Checkpoint
RP16: 2/28/2010 11:50:40 AM - System Checkpoint
RP17: 3/1/2010 3:38:21 PM - System Checkpoint
RP18: 3/2/2010 5:11:11 PM - System Checkpoint
RP19: 3/3/2010 7:28:31 PM - System Checkpoint
RP20: 3/4/2010 7:50:37 PM - System Checkpoint
RP21: 3/5/2010 7:51:40 PM - System Checkpoint
RP22: 3/6/2010 4:40:35 AM - Installed Demon Stone
RP23: 3/7/2010 3:48:43 AM - Removed Temple of Elemental Evil
RP24: 3/7/2010 3:49:17 AM - Removed Demon Stone
RP25: 3/8/2010 3:50:36 AM - System Checkpoint
RP26: 3/9/2010 4:50:35 AM - System Checkpoint
RP27: 3/10/2010 7:27:22 AM - Restore Operation
RP28: 3/10/2010 8:44:13 AM - Software Distribution Service 3.0
RP29: 3/11/2010 10:48:54 AM - System Checkpoint
RP30: 3/12/2010 11:27:38 AM - System Checkpoint
RP31: 3/12/2010 1:11:32 PM - Avg8 Update
RP32: 3/12/2010 1:12:57 PM - Avg Update
RP33: 3/13/2010 1:16:16 PM - System Checkpoint
RP34: 3/14/2010 3:17:22 PM - System Checkpoint
RP35: 3/15/2010 3:41:34 PM - System Checkpoint
RP36: 3/16/2010 3:44:15 PM - System Checkpoint
RP37: 3/17/2010 8:47:37 AM - Avg Update
RP38: 3/18/2010 9:44:15 AM - System Checkpoint
RP39: 3/19/2010 12:38:16 PM - System Checkpoint
RP40: 3/20/2010 12:44:17 PM - System Checkpoint
RP41: 3/21/2010 7:08:40 PM - System Checkpoint
RP42: 3/22/2010 5:50:41 AM - Installed Steam
RP43: 3/22/2010 6:10:30 AM - Installed DirectX
RP44: 3/23/2010 10:43:02 AM - System Checkpoint
RP45: 3/23/2010 9:09:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP46: 3/23/2010 9:32:39 PM - Software Distribution Service 3.0
RP47: 3/23/2010 9:52:39 PM - Installed Dual-Core Optimizer.
RP48: 3/24/2010 9:11:27 AM - Installed DirectX
RP49: 3/24/2010 9:12:19 AM - Installed Windows XP Wdf01007.
RP50: 3/25/2010 12:48:58 PM - System Checkpoint
RP51: 3/25/2010 3:02:45 PM - Installed Windows XP WgaNotify.
RP52: 3/26/2010 4:32:44 AM - Restore Operation
RP53: 3/27/2010 4:38:06 AM - System Checkpoint
RP54: 3/28/2010 4:39:44 AM - System Checkpoint
RP55: 3/28/2010 1:53:20 PM - Installed Nero 8 Essentials
RP56: 3/29/2010 2:04:46 PM - System Checkpoint
RP57: 3/30/2010 3:03:30 PM - System Checkpoint
RP58: 3/31/2010 3:04:35 PM - System Checkpoint
RP59: 4/1/2010 6:55:48 PM - System Checkpoint
RP60: 4/2/2010 7:04:35 PM - System Checkpoint
RP61: 4/3/2010 8:03:31 PM - System Checkpoint
RP62: 4/4/2010 9:03:30 PM - System Checkpoint
RP63: 4/5/2010 10:03:30 PM - System Checkpoint
RP64: 4/7/2010 10:16:38 PM - System Checkpoint
RP65: 4/8/2010 11:03:17 PM - System Checkpoint
RP66: 4/10/2010 12:03:16 AM - System Checkpoint
RP67: 4/11/2010 1:03:16 AM - System Checkpoint
RP68: 4/12/2010 2:03:17 AM - System Checkpoint
RP69: 4/13/2010 3:03:17 AM - System Checkpoint
RP70: 4/14/2010 4:03:17 AM - System Checkpoint
RP71: 4/15/2010 4:36:09 AM - System Checkpoint
RP72: 4/16/2010 6:54:14 AM - System Checkpoint
RP73: 4/17/2010 7:03:17 AM - System Checkpoint
RP74: 4/18/2010 8:03:17 AM - System Checkpoint
RP75: 4/19/2010 8:40:46 AM - System Checkpoint
RP76: 4/20/2010 9:40:46 AM - System Checkpoint
RP77: 4/21/2010 12:22:24 PM - System Checkpoint
RP78: 4/22/2010 12:40:46 PM - System Checkpoint
RP79: 4/23/2010 3:05:03 PM - System Checkpoint
RP80: 4/24/2010 3:43:38 PM - System Checkpoint
RP81: 4/25/2010 4:42:32 PM - System Checkpoint
RP82: 4/26/2010 4:43:37 PM - System Checkpoint
RP83: 4/27/2010 5:43:37 PM - System Checkpoint
RP84: 4/28/2010 6:42:32 PM - System Checkpoint
RP85: 4/29/2010 6:54:53 PM - System Checkpoint
RP86: 4/30/2010 7:49:57 PM - System Checkpoint
RP87: 5/1/2010 7:51:02 PM - System Checkpoint
RP88: 5/13/2010 1:11:51 PM - System Checkpoint
RP89: 5/15/2010 12:23:10 AM - System Checkpoint
RP90: 5/15/2010 12:52:35 PM - Avg Update
RP91: 5/15/2010 1:01:25 PM - Avg Update
RP92: 5/16/2010 1:02:46 PM - System Checkpoint
RP93: 5/16/2010 5:18:09 PM - SPTD setup V1.62
RP94: 5/16/2010 6:01:17 PM - Installed DirectX
RP95: 5/17/2010 6:42:03 PM - System Checkpoint
RP96: 5/18/2010 11:48:18 PM - System Checkpoint
RP97: 5/19/2010 3:00:16 AM - Software Distribution Service 3.0
RP98: 5/20/2010 3:02:43 AM - System Checkpoint
RP99: 5/21/2010 4:02:43 AM - System Checkpoint
RP100: 5/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP101: 5/25/2010 11:43:52 AM - FiOS Installation
RP102: 5/25/2010 6:12:40 PM - Removed Ask Toolbar.
RP103: 5/26/2010 3:00:19 AM - Software Distribution Service 3.0
RP104: 5/26/2010 1:34:23 PM - avast! Free Antivirus Setup
RP105: 5/29/2010 7:46:38 PM - Removed AVG Free 9.0
RP106: 6/10/2010 8:07:40 AM - ComboFix created restore point
RP107: 6/11/2010 3:00:21 AM - Software Distribution Service 3.0
RP108: 6/16/2010 3:32:18 PM - Installed SPORE™
RP109: 6/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP110: 6/24/2010 7:15:52 AM - Free Registry Fix restore point
RP111: 6/25/2010 3:52:37 AM - Installed DirectX
RP112: 6/26/2010 4:41:17 PM - Installed HiJackThis
==== Installed Programs ======================
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11.5
avast! Free Antivirus
AviSynth 2.5
CCleaner
Dragon Age: Origins
Dual-Core Optimizer
EAX(tm) Unified (SHELL)
EclindneLoc
ERUNT 1.1j
Free Window Registry Repair
Freelancer
Freelancer Companion 2.01
Google Chrome
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Java(TM) 6 Update 16
Killing Floor
Left 4 Dead
LEISURE SUIT LARRY: MAGNA CUM LAUDE-UNCUT AND UNCENSORED
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2
Microsoft XML Parser
Mount&Blade
Mount&Blade Warband
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.1
Oregon Trail 5th Edition
PeerGuardian 2.0
Realtek High Definition Audio Driver
Risen
Security Update for Windows XP (KB923789)
SIW version 2010.04.28
SPORE™
Spybot - Search & Destroy
Steam
System Requirements Lab
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebFldrs XP
Windows Essentials Media Codec Pack 2.3d
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
==== End Of File ===========================
-
Hi,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
I'd like you to read this thread.
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Download GMER here by clicking download exe -button and then saving it your desktop:- Double-click .exe that you downloaded
- Click rootkit-tab, uncheck files option and then click scan.
- Don't check
Show All
box while scanning in progress! - When scanning is ready, click Copy.
- This copies log to clipboard
- Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply. Post also contents of fresh dds.txt log.
-
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-06 15:38:18
Windows 5.1.2600 Service Pack 3
Running: e31vkbl5.exe; Driver: C:\DOCUME~1\t\LOCALS~1\Temp\pgldipoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB4025C7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB4025B36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB40260EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB4026014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB402570C]
SSDT spyh.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spyh.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB4025C10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB402564C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB40256B0]
SSDT spyh.sys ZwQueryKey [0xB7ECE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB4025D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB40261B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB4025CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB4025E70]
INT 0x73 ? 89BDBBF8
INT 0x83 ? 89D5EBF8
INT 0x83 ? 89D5EBF8
INT 0x83 ? 89D5EBF8
INT 0xB4 ? 89BDBBF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB4032AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB40328EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB4032A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54B40260
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B4032A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP B40328EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP B402E536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP B402FEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP B4032ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? spyh.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B74938AC 5 Bytes JMP 89BDB1D8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB698B380, 0x566445, 0xE8000020]
.text a47td9h8.SYS B693E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a47td9h8.SYS B693E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a47td9h8.SYS B693E3C4 3 Bytes [00, 80, 02]
.text a47td9h8.SYS B693E3C9 1 Byte [30]
.text a47td9h8.SYS B693E3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB35C1300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8420300, 0x1BEE, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spyh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spyh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spyh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spyh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spyh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spyh.sys
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 89D5D1F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \Driver\sptd \Device\696636856 spyh.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBPDO-0 89B261F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DCD1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DCD1F8
Device \Driver\usbehci \Device\USBPDO-1 89B221F8
Device \Driver\usbohci \Device\USBPDO-2 89B261F8
Device \Driver\usbehci \Device\USBPDO-3 89B221F8
Device \Driver\PCI_PNP8106 \Device\00000048 spyh.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{1DED8335-6622-4E04-A74E-371442743A10} 889BE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89D5F1F8
Device \Driver\Cdrom \Device\CdRom0 89B0E1F8
Device \Driver\Cdrom \Device\CdRom1 89B0E1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 889BE1F8
Device \Driver\NetBT \Device\NetbiosSmb 889BE1F8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBFDO-0 89B261F8
Device \Driver\usbehci \Device\USBFDO-1 89B221F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 889BC1F8
Device \Driver\usbohci \Device\USBFDO-2 89B261F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 889BC1F8
Device \Driver\usbehci \Device\USBFDO-3 89B221F8
Device \Driver\Ftdisk \Device\FtControl 89D5F1F8
Device \Driver\a47td9h8 \Device\Scsi\a47td9h81Port2Path0Target0Lun0 899D5500
Device \Driver\a47td9h8 \Device\Scsi\a47td9h81 899D5500
Device \FileSystem\Cdfs \Cdfs 889611F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x2D 0x47 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8D 0xC0 0x53 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0xCE 0x33 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x28 0x4B 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x2D 0x47 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8D 0xC0 0x53 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0xCE 0x33 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x28 0x4B 0x21 ...
---- EOF - GMER 1.0.15 ----
-
DDS (Ver_10-03-17.01) - NTFSx86
Run by t at 15:44:11.75 on Tue 07/06/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1375 [GMT -4:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\t\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.ask.com/?o=15438&l=dis
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Google Update] "c:\documents and settings\t\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\yan3xiwg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\t\application data\mozilla\firefox\profiles\yan3xiwg.default\extensions\gametapplayer@gametap.com\plugins\npGameTapWebPlayer.dll
FF - plugin: c:\documents and settings\t\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\t\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-26 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-5-14 816672]
=============== Created Last 30 ================
2010-07-06 18:51:35 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM
2010-07-06 18:16:10 0 d-----w- c:\windows\system32\xlive
2010-07-06 18:16:09 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-06 17:31:26 77832 ----a-w- c:\windows\system32\GameuxInstallHelper.dll
2010-07-06 17:31:26 44552 ----a-w- c:\windows\system32\FirewallInstallHelper.dll
2010-07-01 12:05:29 0 d-----w- c:\program files\Rockstar Games
2010-07-01 09:45:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-01 08:25:35 0 d-----w- c:\program files\Flagship Studios
2010-07-01 01:08:49 0 d-----w- c:\program files\Comical
2010-06-30 00:59:50 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2010-06-27 04:24:39 0 d-----w- c:\docume~1\t\applic~1\uTorrent
2010-06-26 20:41:19 0 d-----w- c:\program files\Trend Micro
2010-06-25 07:54:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Tages
2010-06-25 07:53:48 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-25 07:53:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-24 00:20:28 0 d-----w- c:\documents and settings\t\DesktoapII
2010-06-23 23:50:25 0 d-----w- c:\windows\system32\Adobe
2010-06-22 09:44:16 0 d-----w- c:\program files\Freelancer Companion
2010-06-21 10:13:06 0 d-----w- c:\program files\Freelancer Mod Manager
2010-06-21 09:20:45 0 d-----w- c:\program files\Microsoft Games
2010-06-18 07:13:23 0 d-----w- c:\docume~1\t\applic~1\fltk.org
2010-06-11 07:03:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-06-10 16:07:22 0 d-----w- c:\program files\VUGames
2010-06-10 12:07:31 98816 ----a-w- c:\windows\sed.exe
2010-06-10 12:07:31 77312 ----a-w- c:\windows\MBR.exe
2010-06-10 12:07:31 256512 ----a-w- c:\windows\PEV.exe
2010-06-10 12:07:31 161792 ----a-w- c:\windows\SWREG.exe
==================== Find3M ====================
2010-05-16 21:18:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll
============= FINISH: 15:44:28.84 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2010 5:18:13 AM
System Uptime: 7/6/2010 3:39:08 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | M2N-VM DVI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | CPU 1 | 2500/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 233 GiB total, 64.553 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP7: 2/20/2010 10:28:47 PM - System Checkpoint
RP8: 2/21/2010 11:15:16 PM - System Checkpoint
RP9: 2/22/2010 4:38:18 PM - Installed Windows KB954550-v5.
RP10: 2/22/2010 4:38:25 PM - Printer Driver Microsoft XPS Document Writer Installed
RP11: 2/22/2010 4:38:33 PM - Printer Driver Microsoft XPS Document Writer Installed
RP12: 2/24/2010 7:35:34 AM - System Checkpoint
RP13: 2/25/2010 9:24:41 AM - System Checkpoint
RP14: 2/26/2010 9:50:40 AM - System Checkpoint
RP15: 2/27/2010 10:56:14 AM - System Checkpoint
RP16: 2/28/2010 11:50:40 AM - System Checkpoint
RP17: 3/1/2010 3:38:21 PM - System Checkpoint
RP18: 3/2/2010 5:11:11 PM - System Checkpoint
RP19: 3/3/2010 7:28:31 PM - System Checkpoint
RP20: 3/4/2010 7:50:37 PM - System Checkpoint
RP21: 3/5/2010 7:51:40 PM - System Checkpoint
RP22: 3/6/2010 4:40:35 AM - Installed Demon Stone
RP23: 3/7/2010 3:48:43 AM - Removed Temple of Elemental Evil
RP24: 3/7/2010 3:49:17 AM - Removed Demon Stone
RP25: 3/8/2010 3:50:36 AM - System Checkpoint
RP26: 3/9/2010 4:50:35 AM - System Checkpoint
RP27: 3/10/2010 7:27:22 AM - Restore Operation
RP28: 3/10/2010 8:44:13 AM - Software Distribution Service 3.0
RP29: 3/11/2010 10:48:54 AM - System Checkpoint
RP30: 3/12/2010 11:27:38 AM - System Checkpoint
RP31: 3/12/2010 1:11:32 PM - Avg8 Update
RP32: 3/12/2010 1:12:57 PM - Avg Update
RP33: 3/13/2010 1:16:16 PM - System Checkpoint
RP34: 3/14/2010 3:17:22 PM - System Checkpoint
RP35: 3/15/2010 3:41:34 PM - System Checkpoint
RP36: 3/16/2010 3:44:15 PM - System Checkpoint
RP37: 3/17/2010 8:47:37 AM - Avg Update
RP38: 3/18/2010 9:44:15 AM - System Checkpoint
RP39: 3/19/2010 12:38:16 PM - System Checkpoint
RP40: 3/20/2010 12:44:17 PM - System Checkpoint
RP41: 3/21/2010 7:08:40 PM - System Checkpoint
RP42: 3/22/2010 5:50:41 AM - Installed Steam
RP43: 3/22/2010 6:10:30 AM - Installed DirectX
RP44: 3/23/2010 10:43:02 AM - System Checkpoint
RP45: 3/23/2010 9:09:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP46: 3/23/2010 9:32:39 PM - Software Distribution Service 3.0
RP47: 3/23/2010 9:52:39 PM - Installed Dual-Core Optimizer.
RP48: 3/24/2010 9:11:27 AM - Installed DirectX
RP49: 3/24/2010 9:12:19 AM - Installed Windows XP Wdf01007.
RP50: 3/25/2010 12:48:58 PM - System Checkpoint
RP51: 3/25/2010 3:02:45 PM - Installed Windows XP WgaNotify.
RP52: 3/26/2010 4:32:44 AM - Restore Operation
RP53: 3/27/2010 4:38:06 AM - System Checkpoint
RP54: 3/28/2010 4:39:44 AM - System Checkpoint
RP55: 3/28/2010 1:53:20 PM - Installed Nero 8 Essentials
RP56: 3/29/2010 2:04:46 PM - System Checkpoint
RP57: 3/30/2010 3:03:30 PM - System Checkpoint
RP58: 3/31/2010 3:04:35 PM - System Checkpoint
RP59: 4/1/2010 6:55:48 PM - System Checkpoint
RP60: 4/2/2010 7:04:35 PM - System Checkpoint
RP61: 4/3/2010 8:03:31 PM - System Checkpoint
RP62: 4/4/2010 9:03:30 PM - System Checkpoint
RP63: 4/5/2010 10:03:30 PM - System Checkpoint
RP64: 4/7/2010 10:16:38 PM - System Checkpoint
RP65: 4/8/2010 11:03:17 PM - System Checkpoint
RP66: 4/10/2010 12:03:16 AM - System Checkpoint
RP67: 4/11/2010 1:03:16 AM - System Checkpoint
RP68: 4/12/2010 2:03:17 AM - System Checkpoint
RP69: 4/13/2010 3:03:17 AM - System Checkpoint
RP70: 4/14/2010 4:03:17 AM - System Checkpoint
RP71: 4/15/2010 4:36:09 AM - System Checkpoint
RP72: 4/16/2010 6:54:14 AM - System Checkpoint
RP73: 4/17/2010 7:03:17 AM - System Checkpoint
RP74: 4/18/2010 8:03:17 AM - System Checkpoint
RP75: 4/19/2010 8:40:46 AM - System Checkpoint
RP76: 4/20/2010 9:40:46 AM - System Checkpoint
RP77: 4/21/2010 12:22:24 PM - System Checkpoint
RP78: 4/22/2010 12:40:46 PM - System Checkpoint
RP79: 4/23/2010 3:05:03 PM - System Checkpoint
RP80: 4/24/2010 3:43:38 PM - System Checkpoint
RP81: 4/25/2010 4:42:32 PM - System Checkpoint
RP82: 4/26/2010 4:43:37 PM - System Checkpoint
RP83: 4/27/2010 5:43:37 PM - System Checkpoint
RP84: 4/28/2010 6:42:32 PM - System Checkpoint
RP85: 4/29/2010 6:54:53 PM - System Checkpoint
RP86: 4/30/2010 7:49:57 PM - System Checkpoint
RP87: 5/1/2010 7:51:02 PM - System Checkpoint
RP88: 5/13/2010 1:11:51 PM - System Checkpoint
RP89: 5/15/2010 12:23:10 AM - System Checkpoint
RP90: 5/15/2010 12:52:35 PM - Avg Update
RP91: 5/15/2010 1:01:25 PM - Avg Update
RP92: 5/16/2010 1:02:46 PM - System Checkpoint
RP93: 5/16/2010 5:18:09 PM - SPTD setup V1.62
RP94: 5/16/2010 6:01:17 PM - Installed DirectX
RP95: 5/17/2010 6:42:03 PM - System Checkpoint
RP96: 5/18/2010 11:48:18 PM - System Checkpoint
RP97: 5/19/2010 3:00:16 AM - Software Distribution Service 3.0
RP98: 5/20/2010 3:02:43 AM - System Checkpoint
RP99: 5/21/2010 4:02:43 AM - System Checkpoint
RP100: 5/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP101: 5/25/2010 11:43:52 AM - FiOS Installation
RP102: 5/25/2010 6:12:40 PM - Removed Ask Toolbar.
RP103: 5/26/2010 3:00:19 AM - Software Distribution Service 3.0
RP104: 5/26/2010 1:34:23 PM - avast! Free Antivirus Setup
RP105: 5/29/2010 7:46:38 PM - Removed AVG Free 9.0
RP106: 6/10/2010 8:07:40 AM - ComboFix created restore point
RP107: 6/11/2010 3:00:21 AM - Software Distribution Service 3.0
RP108: 6/16/2010 3:32:18 PM - Installed SPORE™
RP109: 6/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP110: 6/24/2010 7:15:52 AM - Free Registry Fix restore point
RP111: 6/25/2010 3:52:37 AM - Installed DirectX
RP112: 6/26/2010 4:41:17 PM - Installed HiJackThis
RP113: 6/29/2010 8:51:51 PM - Installed Gothic III
RP114: 6/29/2010 8:59:47 PM - Installed Gothic III Release Update
RP115: 6/29/2010 9:00:55 PM - Installed Gothic III Update 1.08
RP116: 6/29/2010 9:01:53 PM - Installed Gothic III Update 1.09
RP117: 6/29/2010 9:02:09 PM - Installed Gothic III Update 1.12
RP118: 6/30/2010 10:22:26 AM - Removed Gothic III
RP119: 6/30/2010 10:25:54 AM - Removed SPORE™
RP120: 7/1/2010 4:25:28 AM - Installed Hellgate: London
RP121: 7/1/2010 8:03:57 AM - Installed Bully Scholarship Edition
RP122: 7/6/2010 1:32:47 PM - Installed DirectX
RP123: 7/6/2010 2:14:53 PM - Installed DirectX
RP124: 7/6/2010 2:16:08 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP125: 7/6/2010 2:16:37 PM - Installed Rockstar Games Social Club
RP126: 7/6/2010 2:36:52 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP127: 7/6/2010 2:37:25 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP128: 7/6/2010 2:42:41 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP129: 7/6/2010 2:42:59 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP130: 7/6/2010 2:49:21 PM - Installed Grand Theft Auto IV
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11.5
avast! Free Antivirus
AviSynth 2.5
Bully Scholarship Edition
CCleaner
Comical 0.8
Dragon Age: Origins
Dual-Core Optimizer
EAX(tm) Unified (SHELL)
EclindneLoc
Freelancer
Freelancer Companion 2.01
Google Chrome
Gothic III Release Update
Grand Theft Auto IV
Hellgate: London
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Java(TM) 6 Update 16
Killing Floor
Left 4 Dead
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2
Microsoft XML Parser
Mount&Blade Warband
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.1
PeerGuardian 2.0
Realtek High Definition Audio Driver
Risen
Security Update for Windows XP (KB923789)
SIW version 2010.04.28
Spybot - Search & Destroy
Steam
System Requirements Lab
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebFldrs XP
Windows Essentials Media Codec Pack 2.3d
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
7/6/2010 3:40:37 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 899e4978, parameter3 899e4aec, parameter4 805d2954.
7/6/2010 3:35:22 PM, error: System Error [1003] - Error code 10000050, parameter1 e4cc8000, parameter2 00000000, parameter3 b0e01c3e, parameter4 00000001.
6/29/2010 10:13:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Dragon Age: Origins - Content Updater service to connect.
==== End Of File ===========================
-
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
-
ComboFix 10-07-07.02 - t 07/08/2010 11:29:38.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1594 [GMT -4:00]
Running from: c:\documents and settings\t\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://download.xbox.com:80
.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.
2010-07-06 18:51 . 2010-07-06 18:51 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-07-06 18:19 . 2010-07-06 18:51 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Rockstar Games
2010-07-06 18:16 . 2010-07-06 18:16 -------- d-----w- c:\windows\system32\xlive
2010-07-06 18:16 . 2010-07-06 18:16 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-06 17:40 . 2010-07-06 17:40 -------- d--h--r- c:\documents and settings\t\Application Data\SecuROM
2010-07-06 17:31 . 2007-10-22 07:38 77832 ----a-w- c:\windows\system32\GameuxInstallHelper.dll
2010-07-06 17:31 . 2007-10-22 07:37 44552 ----a-w- c:\windows\system32\FirewallInstallHelper.dll
2010-07-01 12:05 . 2010-07-06 18:50 -------- d-----w- c:\program files\Rockstar Games
2010-07-01 09:45 . 2010-07-01 09:45 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-01 08:25 . 2010-07-01 08:25 -------- d-----w- c:\program files\Flagship Studios
2010-07-01 01:08 . 2010-07-01 01:08 -------- d-----w- c:\program files\Comical
2010-06-30 00:59 . 2010-06-30 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-06-29 14:32 . 2010-06-29 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-27 04:24 . 2010-07-05 15:21 -------- d-----w- c:\documents and settings\t\Application Data\uTorrent
2010-06-26 20:41 . 2010-06-26 20:41 388096 ----a-r- c:\documents and settings\t\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-26 20:41 . 2010-06-26 20:41 -------- d-----w- c:\program files\Trend Micro
2010-06-25 07:56 . 2010-06-25 07:56 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Risen
2010-06-25 07:54 . 2010-06-25 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2010-06-25 07:53 . 2010-06-25 07:54 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-25 07:53 . 2010-06-25 07:53 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-24 11:13 . 2010-06-24 11:21 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Promosoft Corporation
2010-06-24 11:13 . 2010-06-24 11:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-24 00:20 . 2010-06-24 00:20 -------- d-----w- c:\documents and settings\t\DesktoapII
2010-06-23 23:50 . 2010-06-23 23:50 -------- d-----w- c:\windows\system32\Adobe
2010-06-22 09:44 . 2010-06-22 09:44 -------- d-----w- c:\program files\Freelancer Companion
2010-06-21 10:24 . 2010-06-21 10:24 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Freelancer
2010-06-21 10:13 . 2010-06-21 10:13 -------- d-----w- c:\program files\Freelancer Mod Manager
2010-06-21 09:20 . 2010-06-21 09:20 -------- d-----w- c:\program files\Microsoft Games
2010-06-18 07:13 . 2010-06-18 07:13 -------- d-----w- c:\documents and settings\t\Application Data\fltk.org
2010-06-11 07:03 . 2010-06-11 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-06-10 16:07 . 2010-06-10 16:07 -------- d-----w- c:\program files\VUGames
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 18:50 . 2010-02-02 15:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 17:05 . 2010-02-05 22:36 -------- d-----w- c:\program files\Mount&Blade
2010-07-06 05:50 . 2010-01-26 02:27 17744 ----a-w- c:\documents and settings\t\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 02:13 . 2010-03-22 09:50 -------- d-----w- c:\program files\Steam
2010-06-30 00:59 . 2010-02-02 15:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-29 14:32 . 2010-03-17 01:28 -------- d-----w- c:\program files\Yahoo!
2010-06-28 05:23 . 2010-02-02 15:53 1 ----a-w- c:\documents and settings\t\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-25 10:30 . 2010-01-25 16:43 -------- d-----w- c:\documents and settings\t\Application Data\BitTorrent
2010-06-25 04:58 . 2010-02-02 09:57 -------- d-----w- c:\documents and settings\t\Application Data\AdobeUM
2010-06-21 06:41 . 2010-05-26 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-21 06:41 . 2010-01-30 11:58 -------- d-----w- c:\documents and settings\t\Application Data\Media Player Classic
2010-06-10 11:59 . 2010-05-25 22:08 -------- d-----w- c:\program files\CCleaner
2010-06-06 09:11 . 2010-03-17 03:55 -------- d-----w- c:\documents and settings\t\Application Data\Yahoo!
2010-05-31 08:23 . 2010-05-31 08:23 -------- d-----w- c:\program files\SIW
2010-05-29 19:09 . 2010-01-25 16:58 0 ----a-w- c:\documents and settings\t\Local Settings\Application Data\prvlcl.dat
2010-05-27 01:45 . 2010-05-27 01:45 -------- d-----w- c:\documents and settings\t\Application Data\NVIDIA
2010-05-26 23:27 . 2010-01-31 19:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-26 23:26 . 2010-01-31 19:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-14 04:39 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2008-04-14 04:42 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2008-04-14 04:41 81920 ----a-w- c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1382400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^t^Start Menu^Programs^Startup^Demonstone Registration.lnk]
backup=c:\windows\pss\Demonstone Registration.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^t^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^t^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-03 07:10 136176 ----atw- c:\documents and settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 10:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 19:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-04-04 09:22 1822720 ------r- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-15 17:26 1238352 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-09-30 21:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"Schedule"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RasMan"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Take Two\\borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\risen\\bin\\Risen.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Documents and Settings\\t\\My Documents\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/26/2010 1:34 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/26/2010 1:34 PM 19024]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/26/2010 11:18 PM 691696]
.
Contents of the 'Scheduled Tasks' folder
2010-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1425521274-1801674531-1003Core.job
- c:\documents and settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-03 07:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=15438&l=dis
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\t\Application Data\Mozilla\Firefox\Profiles\yan3xiwg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\t\Application Data\Mozilla\Firefox\Profiles\yan3xiwg.default\extensions\GameTapPlayer@gametap.com\plugins\npGameTapWebPlayer.dll
FF - plugin: c:\documents and settings\t\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\t\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
AddRemove-EAX(tm) Unified (SHELL) - c:\program files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1425521274-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:d3,d6,50,3f,a7,7f,09,08,4a,c5,bb,6a,3b,c1,1c,20,de,72,9d,9f,7e,
70,58,0d,df,a7,d5,4d,fc,31,ee,95,9b,48,60,bd,82,45,c1,5c,da,aa,89,4c,9d,8b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-07-08 11:35:18
ComboFix-quarantined-files.txt 2010-07-08 15:35
ComboFix2.txt 2010-06-10 12:15
Pre-Run: 71,591,587,840 bytes free
Post-Run: 71,672,664,064 bytes free
- - End Of File - - CA6404C315082EF52CD5716B1C6ABC84
-
DDS will not run now. I try to open it and all i get is the black screen which closes immediately.
-
Please try again after a reboot.
-
DDS (Ver_10-03-17.01) - NTFSx86
Run by t at 15:40:13.56 on Thu 07/08/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1643 [GMT -4:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\PeerGuardian2\pg2.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\t\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.ask.com/?o=15438&l=dis
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\yan3xiwg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-26 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-5-14 816672]
=============== Created Last 30 ================
2010-07-08 15:36:28 38848 ----a-w- c:\windows\avastSS.scr
2010-07-08 15:28:09 0 d-----w- C:\ComboFix
2010-07-06 18:51:35 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM
2010-07-06 18:16:10 0 d-----w- c:\windows\system32\xlive
2010-07-06 18:16:09 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-06 17:31:26 77832 ----a-w- c:\windows\system32\GameuxInstallHelper.dll
2010-07-06 17:31:26 44552 ----a-w- c:\windows\system32\FirewallInstallHelper.dll
2010-07-01 12:05:29 0 d-----w- c:\program files\Rockstar Games
2010-07-01 09:45:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-01 08:25:35 0 d-----w- c:\program files\Flagship Studios
2010-07-01 01:08:49 0 d-----w- c:\program files\Comical
2010-06-30 00:59:50 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2010-06-27 04:24:39 0 d-----w- c:\docume~1\t\applic~1\uTorrent
2010-06-26 20:41:19 0 d-----w- c:\program files\Trend Micro
2010-06-25 07:54:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Tages
2010-06-25 07:53:48 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-25 07:53:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-24 00:20:28 0 d-----w- c:\documents and settings\t\DesktoapII
2010-06-23 23:50:25 0 d-----w- c:\windows\system32\Adobe
2010-06-22 09:44:16 0 d-----w- c:\program files\Freelancer Companion
2010-06-21 10:13:06 0 d-----w- c:\program files\Freelancer Mod Manager
2010-06-21 09:20:45 0 d-----w- c:\program files\Microsoft Games
2010-06-18 07:13:23 0 d-----w- c:\docume~1\t\applic~1\fltk.org
2010-06-11 07:03:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-06-10 16:07:22 0 d-----w- c:\program files\VUGames
2010-06-10 12:07:31 98816 ----a-w- c:\windows\sed.exe
2010-06-10 12:07:31 77312 ----a-w- c:\windows\MBR.exe
2010-06-10 12:07:31 256512 ----a-w- c:\windows\PEV.exe
2010-06-10 12:07:31 161792 ----a-w- c:\windows\SWREG.exe
==================== Find3M ====================
2010-05-16 21:18:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll
============= FINISH: 15:40:33.50 ===============
-
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2010 5:18:13 AM
System Uptime: 7/8/2010 3:38:18 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | M2N-VM DVI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | CPU 1 | 2499/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 233 GiB total, 66.792 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP7: 2/20/2010 10:28:47 PM - System Checkpoint
RP8: 2/21/2010 11:15:16 PM - System Checkpoint
RP9: 2/22/2010 4:38:18 PM - Installed Windows KB954550-v5.
RP10: 2/22/2010 4:38:25 PM - Printer Driver Microsoft XPS Document Writer Installed
RP11: 2/22/2010 4:38:33 PM - Printer Driver Microsoft XPS Document Writer Installed
RP12: 2/24/2010 7:35:34 AM - System Checkpoint
RP13: 2/25/2010 9:24:41 AM - System Checkpoint
RP14: 2/26/2010 9:50:40 AM - System Checkpoint
RP15: 2/27/2010 10:56:14 AM - System Checkpoint
RP16: 2/28/2010 11:50:40 AM - System Checkpoint
RP17: 3/1/2010 3:38:21 PM - System Checkpoint
RP18: 3/2/2010 5:11:11 PM - System Checkpoint
RP19: 3/3/2010 7:28:31 PM - System Checkpoint
RP20: 3/4/2010 7:50:37 PM - System Checkpoint
RP21: 3/5/2010 7:51:40 PM - System Checkpoint
RP22: 3/6/2010 4:40:35 AM - Installed Demon Stone
RP23: 3/7/2010 3:48:43 AM - Removed Temple of Elemental Evil
RP24: 3/7/2010 3:49:17 AM - Removed Demon Stone
RP25: 3/8/2010 3:50:36 AM - System Checkpoint
RP26: 3/9/2010 4:50:35 AM - System Checkpoint
RP27: 3/10/2010 7:27:22 AM - Restore Operation
RP28: 3/10/2010 8:44:13 AM - Software Distribution Service 3.0
RP29: 3/11/2010 10:48:54 AM - System Checkpoint
RP30: 3/12/2010 11:27:38 AM - System Checkpoint
RP31: 3/12/2010 1:11:32 PM - Avg8 Update
RP32: 3/12/2010 1:12:57 PM - Avg Update
RP33: 3/13/2010 1:16:16 PM - System Checkpoint
RP34: 3/14/2010 3:17:22 PM - System Checkpoint
RP35: 3/15/2010 3:41:34 PM - System Checkpoint
RP36: 3/16/2010 3:44:15 PM - System Checkpoint
RP37: 3/17/2010 8:47:37 AM - Avg Update
RP38: 3/18/2010 9:44:15 AM - System Checkpoint
RP39: 3/19/2010 12:38:16 PM - System Checkpoint
RP40: 3/20/2010 12:44:17 PM - System Checkpoint
RP41: 3/21/2010 7:08:40 PM - System Checkpoint
RP42: 3/22/2010 5:50:41 AM - Installed Steam
RP43: 3/22/2010 6:10:30 AM - Installed DirectX
RP44: 3/23/2010 10:43:02 AM - System Checkpoint
RP45: 3/23/2010 9:09:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP46: 3/23/2010 9:32:39 PM - Software Distribution Service 3.0
RP47: 3/23/2010 9:52:39 PM - Installed Dual-Core Optimizer.
RP48: 3/24/2010 9:11:27 AM - Installed DirectX
RP49: 3/24/2010 9:12:19 AM - Installed Windows XP Wdf01007.
RP50: 3/25/2010 12:48:58 PM - System Checkpoint
RP51: 3/25/2010 3:02:45 PM - Installed Windows XP WgaNotify.
RP52: 3/26/2010 4:32:44 AM - Restore Operation
RP53: 3/27/2010 4:38:06 AM - System Checkpoint
RP54: 3/28/2010 4:39:44 AM - System Checkpoint
RP55: 3/28/2010 1:53:20 PM - Installed Nero 8 Essentials
RP56: 3/29/2010 2:04:46 PM - System Checkpoint
RP57: 3/30/2010 3:03:30 PM - System Checkpoint
RP58: 3/31/2010 3:04:35 PM - System Checkpoint
RP59: 4/1/2010 6:55:48 PM - System Checkpoint
RP60: 4/2/2010 7:04:35 PM - System Checkpoint
RP61: 4/3/2010 8:03:31 PM - System Checkpoint
RP62: 4/4/2010 9:03:30 PM - System Checkpoint
RP63: 4/5/2010 10:03:30 PM - System Checkpoint
RP64: 4/7/2010 10:16:38 PM - System Checkpoint
RP65: 4/8/2010 11:03:17 PM - System Checkpoint
RP66: 4/10/2010 12:03:16 AM - System Checkpoint
RP67: 4/11/2010 1:03:16 AM - System Checkpoint
RP68: 4/12/2010 2:03:17 AM - System Checkpoint
RP69: 4/13/2010 3:03:17 AM - System Checkpoint
RP70: 4/14/2010 4:03:17 AM - System Checkpoint
RP71: 4/15/2010 4:36:09 AM - System Checkpoint
RP72: 4/16/2010 6:54:14 AM - System Checkpoint
RP73: 4/17/2010 7:03:17 AM - System Checkpoint
RP74: 4/18/2010 8:03:17 AM - System Checkpoint
RP75: 4/19/2010 8:40:46 AM - System Checkpoint
RP76: 4/20/2010 9:40:46 AM - System Checkpoint
RP77: 4/21/2010 12:22:24 PM - System Checkpoint
RP78: 4/22/2010 12:40:46 PM - System Checkpoint
RP79: 4/23/2010 3:05:03 PM - System Checkpoint
RP80: 4/24/2010 3:43:38 PM - System Checkpoint
RP81: 4/25/2010 4:42:32 PM - System Checkpoint
RP82: 4/26/2010 4:43:37 PM - System Checkpoint
RP83: 4/27/2010 5:43:37 PM - System Checkpoint
RP84: 4/28/2010 6:42:32 PM - System Checkpoint
RP85: 4/29/2010 6:54:53 PM - System Checkpoint
RP86: 4/30/2010 7:49:57 PM - System Checkpoint
RP87: 5/1/2010 7:51:02 PM - System Checkpoint
RP88: 5/13/2010 1:11:51 PM - System Checkpoint
RP89: 5/15/2010 12:23:10 AM - System Checkpoint
RP90: 5/15/2010 12:52:35 PM - Avg Update
RP91: 5/15/2010 1:01:25 PM - Avg Update
RP92: 5/16/2010 1:02:46 PM - System Checkpoint
RP93: 5/16/2010 5:18:09 PM - SPTD setup V1.62
RP94: 5/16/2010 6:01:17 PM - Installed DirectX
RP95: 5/17/2010 6:42:03 PM - System Checkpoint
RP96: 5/18/2010 11:48:18 PM - System Checkpoint
RP97: 5/19/2010 3:00:16 AM - Software Distribution Service 3.0
RP98: 5/20/2010 3:02:43 AM - System Checkpoint
RP99: 5/21/2010 4:02:43 AM - System Checkpoint
RP100: 5/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP101: 5/25/2010 11:43:52 AM - FiOS Installation
RP102: 5/25/2010 6:12:40 PM - Removed Ask Toolbar.
RP103: 5/26/2010 3:00:19 AM - Software Distribution Service 3.0
RP104: 5/26/2010 1:34:23 PM - avast! Free Antivirus Setup
RP105: 5/29/2010 7:46:38 PM - Removed AVG Free 9.0
RP106: 6/10/2010 8:07:40 AM - ComboFix created restore point
RP107: 6/11/2010 3:00:21 AM - Software Distribution Service 3.0
RP108: 6/16/2010 3:32:18 PM - Installed SPORE™
RP109: 6/23/2010 3:00:13 AM - Software Distribution Service 3.0
RP110: 6/24/2010 7:15:52 AM - Free Registry Fix restore point
RP111: 6/25/2010 3:52:37 AM - Installed DirectX
RP112: 6/26/2010 4:41:17 PM - Installed HiJackThis
RP113: 6/29/2010 8:51:51 PM - Installed Gothic III
RP114: 6/29/2010 8:59:47 PM - Installed Gothic III Release Update
RP115: 6/29/2010 9:00:55 PM - Installed Gothic III Update 1.08
RP116: 6/29/2010 9:01:53 PM - Installed Gothic III Update 1.09
RP117: 6/29/2010 9:02:09 PM - Installed Gothic III Update 1.12
RP118: 6/30/2010 10:22:26 AM - Removed Gothic III
RP119: 6/30/2010 10:25:54 AM - Removed SPORE™
RP120: 7/1/2010 4:25:28 AM - Installed Hellgate: London
RP121: 7/1/2010 8:03:57 AM - Installed Bully Scholarship Edition
RP122: 7/6/2010 1:32:47 PM - Installed DirectX
RP123: 7/6/2010 2:14:53 PM - Installed DirectX
RP124: 7/6/2010 2:16:08 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP125: 7/6/2010 2:16:37 PM - Installed Rockstar Games Social Club
RP126: 7/6/2010 2:36:52 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP127: 7/6/2010 2:37:25 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP128: 7/6/2010 2:42:41 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP129: 7/6/2010 2:42:59 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP130: 7/6/2010 2:49:21 PM - Installed Grand Theft Auto IV
RP131: 7/8/2010 11:28:21 AM - ComboFix created restore point
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11.5
avast! Free Antivirus
AviSynth 2.5
Bully Scholarship Edition
CCleaner
Comical 0.8
Dragon Age: Origins
Dual-Core Optimizer
EclindneLoc
Freelancer
Freelancer Companion 2.01
Google Chrome
Gothic III Release Update
Grand Theft Auto IV
Hellgate: London
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Java(TM) 6 Update 16
Killing Floor
Left 4 Dead
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2
Microsoft XML Parser
Mount&Blade Warband
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.1
PeerGuardian 2.0
Realtek High Definition Audio Driver
Risen
Security Update for Windows XP (KB923789)
SIW version 2010.04.28
Steam
System Requirements Lab
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebFldrs XP
Windows Essentials Media Codec Pack 2.3d
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
7/8/2010 11:36:30 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
7/8/2010 11:29:12 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/6/2010 3:40:37 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 899e4978, parameter3 899e4aec, parameter4 805d2954.
7/6/2010 3:35:22 PM, error: System Error [1003] - Error code 10000050, parameter1 e4cc8000, parameter2 00000000, parameter3 b0e01c3e, parameter4 00000001.
==== End Of File ===========================