Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Not Sure whats wrong

  1. #1
    Junior Member
    Join Date
    Jun 2010
    Posts
    13

    Default Not Sure whats wrong

    Not really sure what is wrong with my pc. For the last few weeks my pc when running any application starts to slow down massively for a minute every few minutes. It does not matter what it is I am running. Not sure if this is something you can help me with or not, but I am hoping it is. Thank you for your time and support.


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by t at 22:26:47.19 on Mon 06/28/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1081 [GMT -4:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Steam\Steam.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.ask.com/?o=15438&l=dis
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
    uRun: [Google Update] "c:\documents and settings\t\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\yan3xiwg.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - plugin: c:\documents and settings\t\application data\mozilla\firefox\profiles\yan3xiwg.default\extensions\gametapplayer@gametap.com\plugins\npGameTapWebPlayer.dll
    FF - plugin: c:\documents and settings\t\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\t\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 164048]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-26 19024]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-5-14 816672]

    =============== Created Last 30 ================

    2010-06-27 04:24:39 0 d-----w- c:\docume~1\t\applic~1\uTorrent
    2010-06-26 20:41:19 0 d-----w- c:\program files\Trend Micro
    2010-06-25 07:54:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Tages
    2010-06-25 07:53:48 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2010-06-25 07:53:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2010-06-25 04:48:29 0 d-----w- c:\program files\The Learning Company
    2010-06-24 11:25:13 0 d-----w- c:\program files\Free Window Registry Repair
    2010-06-24 11:20:41 0 d-----w- c:\program files\SmartPCTools
    2010-06-24 00:20:28 0 d-----w- c:\documents and settings\t\DesktoapII
    2010-06-23 23:50:25 0 d-----w- c:\windows\system32\Adobe
    2010-06-22 09:44:16 0 d-----w- c:\program files\Freelancer Companion
    2010-06-21 10:13:06 0 d-----w- c:\program files\Freelancer Mod Manager
    2010-06-21 09:20:45 0 d-----w- c:\program files\Microsoft Games
    2010-06-18 07:13:23 0 d-----w- c:\docume~1\t\applic~1\fltk.org
    2010-06-16 20:09:41 0 d-----w- c:\docume~1\t\applic~1\SPORE
    2010-06-11 07:03:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
    2010-06-10 16:07:22 0 d-----w- c:\program files\VUGames
    2010-06-10 12:07:31 98816 ----a-w- c:\windows\sed.exe
    2010-06-10 12:07:31 77312 ----a-w- c:\windows\MBR.exe
    2010-06-10 12:07:31 256512 ----a-w- c:\windows\PEV.exe
    2010-06-10 12:07:31 161792 ----a-w- c:\windows\SWREG.exe
    2010-06-03 16:31:11 0 d--h--w- c:\windows\system32\GroupPolicy
    2010-05-31 08:23:44 0 d-----w- c:\program files\SIW

    ==================== Find3M ====================

    2010-05-16 21:18:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-04-03 23:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll
    2010-04-03 23:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-04-03 23:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2010-04-03 23:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll
    2010-04-03 23:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-04-03 23:22:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2010-04-03 22:55:31 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-04-03 22:55:31 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-04-03 22:55:31 4075520 ----a-w- c:\windows\system32\nvcuda.dll
    2010-04-03 22:55:31 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcodins.dll
    2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod.dll
    2010-04-03 22:55:31 2183470 ----a-w- c:\windows\system32\nvdata.bin
    2010-04-03 22:55:31 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-04-03 22:55:31 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-04-03 22:55:31 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-04-03 22:55:31 1097728 ----a-w- c:\windows\system32\nvapi.dll
    2010-04-02 20:54:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
    2010-03-31 04:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-03-31 04:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe

    ============= FINISH: 22:27:06.02 ===============









    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/24/2010 5:18:13 AM
    System Uptime: 6/22/2010 5:41:30 PM (149 hours ago)

    Motherboard: ASUSTeK Computer INC. | | M2N-VM DVI
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | CPU 1 | 2500/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 233 GiB total, 39.013 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP7: 2/20/2010 10:28:47 PM - System Checkpoint
    RP8: 2/21/2010 11:15:16 PM - System Checkpoint
    RP9: 2/22/2010 4:38:18 PM - Installed Windows KB954550-v5.
    RP10: 2/22/2010 4:38:25 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP11: 2/22/2010 4:38:33 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP12: 2/24/2010 7:35:34 AM - System Checkpoint
    RP13: 2/25/2010 9:24:41 AM - System Checkpoint
    RP14: 2/26/2010 9:50:40 AM - System Checkpoint
    RP15: 2/27/2010 10:56:14 AM - System Checkpoint
    RP16: 2/28/2010 11:50:40 AM - System Checkpoint
    RP17: 3/1/2010 3:38:21 PM - System Checkpoint
    RP18: 3/2/2010 5:11:11 PM - System Checkpoint
    RP19: 3/3/2010 7:28:31 PM - System Checkpoint
    RP20: 3/4/2010 7:50:37 PM - System Checkpoint
    RP21: 3/5/2010 7:51:40 PM - System Checkpoint
    RP22: 3/6/2010 4:40:35 AM - Installed Demon Stone
    RP23: 3/7/2010 3:48:43 AM - Removed Temple of Elemental Evil
    RP24: 3/7/2010 3:49:17 AM - Removed Demon Stone
    RP25: 3/8/2010 3:50:36 AM - System Checkpoint
    RP26: 3/9/2010 4:50:35 AM - System Checkpoint
    RP27: 3/10/2010 7:27:22 AM - Restore Operation
    RP28: 3/10/2010 8:44:13 AM - Software Distribution Service 3.0
    RP29: 3/11/2010 10:48:54 AM - System Checkpoint
    RP30: 3/12/2010 11:27:38 AM - System Checkpoint
    RP31: 3/12/2010 1:11:32 PM - Avg8 Update
    RP32: 3/12/2010 1:12:57 PM - Avg Update
    RP33: 3/13/2010 1:16:16 PM - System Checkpoint
    RP34: 3/14/2010 3:17:22 PM - System Checkpoint
    RP35: 3/15/2010 3:41:34 PM - System Checkpoint
    RP36: 3/16/2010 3:44:15 PM - System Checkpoint
    RP37: 3/17/2010 8:47:37 AM - Avg Update
    RP38: 3/18/2010 9:44:15 AM - System Checkpoint
    RP39: 3/19/2010 12:38:16 PM - System Checkpoint
    RP40: 3/20/2010 12:44:17 PM - System Checkpoint
    RP41: 3/21/2010 7:08:40 PM - System Checkpoint
    RP42: 3/22/2010 5:50:41 AM - Installed Steam
    RP43: 3/22/2010 6:10:30 AM - Installed DirectX
    RP44: 3/23/2010 10:43:02 AM - System Checkpoint
    RP45: 3/23/2010 9:09:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP46: 3/23/2010 9:32:39 PM - Software Distribution Service 3.0
    RP47: 3/23/2010 9:52:39 PM - Installed Dual-Core Optimizer.
    RP48: 3/24/2010 9:11:27 AM - Installed DirectX
    RP49: 3/24/2010 9:12:19 AM - Installed Windows XP Wdf01007.
    RP50: 3/25/2010 12:48:58 PM - System Checkpoint
    RP51: 3/25/2010 3:02:45 PM - Installed Windows XP WgaNotify.
    RP52: 3/26/2010 4:32:44 AM - Restore Operation
    RP53: 3/27/2010 4:38:06 AM - System Checkpoint
    RP54: 3/28/2010 4:39:44 AM - System Checkpoint
    RP55: 3/28/2010 1:53:20 PM - Installed Nero 8 Essentials
    RP56: 3/29/2010 2:04:46 PM - System Checkpoint
    RP57: 3/30/2010 3:03:30 PM - System Checkpoint
    RP58: 3/31/2010 3:04:35 PM - System Checkpoint
    RP59: 4/1/2010 6:55:48 PM - System Checkpoint
    RP60: 4/2/2010 7:04:35 PM - System Checkpoint
    RP61: 4/3/2010 8:03:31 PM - System Checkpoint
    RP62: 4/4/2010 9:03:30 PM - System Checkpoint
    RP63: 4/5/2010 10:03:30 PM - System Checkpoint
    RP64: 4/7/2010 10:16:38 PM - System Checkpoint
    RP65: 4/8/2010 11:03:17 PM - System Checkpoint
    RP66: 4/10/2010 12:03:16 AM - System Checkpoint
    RP67: 4/11/2010 1:03:16 AM - System Checkpoint
    RP68: 4/12/2010 2:03:17 AM - System Checkpoint
    RP69: 4/13/2010 3:03:17 AM - System Checkpoint
    RP70: 4/14/2010 4:03:17 AM - System Checkpoint
    RP71: 4/15/2010 4:36:09 AM - System Checkpoint
    RP72: 4/16/2010 6:54:14 AM - System Checkpoint
    RP73: 4/17/2010 7:03:17 AM - System Checkpoint
    RP74: 4/18/2010 8:03:17 AM - System Checkpoint
    RP75: 4/19/2010 8:40:46 AM - System Checkpoint
    RP76: 4/20/2010 9:40:46 AM - System Checkpoint
    RP77: 4/21/2010 12:22:24 PM - System Checkpoint
    RP78: 4/22/2010 12:40:46 PM - System Checkpoint
    RP79: 4/23/2010 3:05:03 PM - System Checkpoint
    RP80: 4/24/2010 3:43:38 PM - System Checkpoint
    RP81: 4/25/2010 4:42:32 PM - System Checkpoint
    RP82: 4/26/2010 4:43:37 PM - System Checkpoint
    RP83: 4/27/2010 5:43:37 PM - System Checkpoint
    RP84: 4/28/2010 6:42:32 PM - System Checkpoint
    RP85: 4/29/2010 6:54:53 PM - System Checkpoint
    RP86: 4/30/2010 7:49:57 PM - System Checkpoint
    RP87: 5/1/2010 7:51:02 PM - System Checkpoint
    RP88: 5/13/2010 1:11:51 PM - System Checkpoint
    RP89: 5/15/2010 12:23:10 AM - System Checkpoint
    RP90: 5/15/2010 12:52:35 PM - Avg Update
    RP91: 5/15/2010 1:01:25 PM - Avg Update
    RP92: 5/16/2010 1:02:46 PM - System Checkpoint
    RP93: 5/16/2010 5:18:09 PM - SPTD setup V1.62
    RP94: 5/16/2010 6:01:17 PM - Installed DirectX
    RP95: 5/17/2010 6:42:03 PM - System Checkpoint
    RP96: 5/18/2010 11:48:18 PM - System Checkpoint
    RP97: 5/19/2010 3:00:16 AM - Software Distribution Service 3.0
    RP98: 5/20/2010 3:02:43 AM - System Checkpoint
    RP99: 5/21/2010 4:02:43 AM - System Checkpoint
    RP100: 5/23/2010 3:00:13 AM - Software Distribution Service 3.0
    RP101: 5/25/2010 11:43:52 AM - FiOS Installation
    RP102: 5/25/2010 6:12:40 PM - Removed Ask Toolbar.
    RP103: 5/26/2010 3:00:19 AM - Software Distribution Service 3.0
    RP104: 5/26/2010 1:34:23 PM - avast! Free Antivirus Setup
    RP105: 5/29/2010 7:46:38 PM - Removed AVG Free 9.0
    RP106: 6/10/2010 8:07:40 AM - ComboFix created restore point
    RP107: 6/11/2010 3:00:21 AM - Software Distribution Service 3.0
    RP108: 6/16/2010 3:32:18 PM - Installed SPORE™
    RP109: 6/23/2010 3:00:13 AM - Software Distribution Service 3.0
    RP110: 6/24/2010 7:15:52 AM - Free Registry Fix restore point
    RP111: 6/25/2010 3:52:37 AM - Installed DirectX
    RP112: 6/26/2010 4:41:17 PM - Installed HiJackThis

    ==== Installed Programs ======================

    µTorrent
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0
    Adobe Shockwave Player 11.5
    avast! Free Antivirus
    AviSynth 2.5
    CCleaner
    Dragon Age: Origins
    Dual-Core Optimizer
    EAX(tm) Unified (SHELL)
    EclindneLoc
    ERUNT 1.1j
    Free Window Registry Repair
    Freelancer
    Freelancer Companion 2.01
    Google Chrome
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Java(TM) 6 Update 16
    Killing Floor
    Left 4 Dead
    LEISURE SUIT LARRY: MAGNA CUM LAUDE-UNCUT AND UNCENSORED
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Game Studios Common Redistributables Pack 1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Xbox 360 Accessories 1.2
    Microsoft XML Parser
    Mount&Blade
    Mount&Blade Warband
    Mozilla Firefox (3.6.3)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8 Essentials
    neroxml
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    OpenOffice.org 3.1
    Oregon Trail 5th Edition
    PeerGuardian 2.0
    Realtek High Definition Audio Driver
    Risen
    Security Update for Windows XP (KB923789)
    SIW version 2010.04.28
    SPORE™
    Spybot - Search & Destroy
    Steam
    System Requirements Lab
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    WebFldrs XP
    Windows Essentials Media Codec Pack 2.3d
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Software Update

    ==== End Of File ===========================

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent

    I'd like you to read this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


    After that:

    Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab, uncheck files option and then click scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply. Post also contents of fresh dds.txt log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Jun 2010
    Posts
    13

    Default

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-07-06 15:38:18
    Windows 5.1.2600 Service Pack 3
    Running: e31vkbl5.exe; Driver: C:\DOCUME~1\t\LOCALS~1\Temp\pgldipoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB4025C7A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB4025B36]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB40260EA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB4026014]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB402570C]
    SSDT spyh.sys ZwEnumerateKey [0xB7ECDDA4]
    SSDT spyh.sys ZwEnumerateValueKey [0xB7ECE132]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB4025C10]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB402564C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB40256B0]
    SSDT spyh.sys ZwQueryKey [0xB7ECE20A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB4025D30]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB40261B8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB4025CF0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB4025E70]

    INT 0x73 ? 89BDBBF8
    INT 0x83 ? 89D5EBF8
    INT 0x83 ? 89D5EBF8
    INT 0x83 ? 89D5EBF8
    INT 0xB4 ? 89BDBBF8

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB4032AC6]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB40328EA]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB4032A24]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes JMP 54B40260
    PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B4032A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP B40328EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP B402E536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP B402FEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP B4032ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    ? spyh.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload B74938AC 5 Bytes JMP 89BDB1D8
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB698B380, 0x566445, 0xE8000020]
    .text a47td9h8.SYS B693E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text a47td9h8.SYS B693E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text a47td9h8.SYS B693E3C4 3 Bytes [00, 80, 02]
    .text a47td9h8.SYS B693E3C9 1 Byte [30]
    .text a47td9h8.SYS B693E3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
    .text ...
    .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB35C1300, 0x3B6D8, 0xE8000020]
    .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8420300, 0x1BEE, 0xE8000020]

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spyh.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spyh.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spyh.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spyh.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spyh.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spyh.sys
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KfRaiseIrql] 00001CB1
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KfLowerIrql] 0E798366
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
    IAT \SystemRoot\System32\Drivers\a47td9h8.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
    Device \FileSystem\Ntfs \Ntfs 89D5D1F8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    Device \Driver\sptd \Device\696636856 spyh.sys

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\usbohci \Device\USBPDO-0 89B261F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DCD1F8
    Device \Driver\dmio \Device\DmControl\DmConfig 89DCD1F8
    Device \Driver\dmio \Device\DmControl\DmPnP 89DCD1F8
    Device \Driver\dmio \Device\DmControl\DmInfo 89DCD1F8
    Device \Driver\usbehci \Device\USBPDO-1 89B221F8
    Device \Driver\usbohci \Device\USBPDO-2 89B261F8
    Device \Driver\usbehci \Device\USBPDO-3 89B221F8
    Device \Driver\PCI_PNP8106 \Device\00000048 spyh.sys

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{1DED8335-6622-4E04-A74E-371442743A10} 889BE1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 89D5F1F8
    Device \Driver\Cdrom \Device\CdRom0 89B0E1F8
    Device \Driver\Cdrom \Device\CdRom1 89B0E1F8
    Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\NetBT \Device\NetBt_Wins_Export 889BE1F8
    Device \Driver\NetBT \Device\NetbiosSmb 889BE1F8

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\usbohci \Device\USBFDO-0 89B261F8
    Device \Driver\usbehci \Device\USBFDO-1 89B221F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 889BC1F8
    Device \Driver\usbohci \Device\USBFDO-2 89B261F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 889BC1F8
    Device \Driver\usbehci \Device\USBFDO-3 89B221F8
    Device \Driver\Ftdisk \Device\FtControl 89D5F1F8
    Device \Driver\a47td9h8 \Device\Scsi\a47td9h81Port2Path0Target0Lun0 899D5500
    Device \Driver\a47td9h8 \Device\Scsi\a47td9h81 899D5500
    Device \FileSystem\Cdfs \Cdfs 889611F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x2D 0x47 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8D 0xC0 0x53 0xC2 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0xCE 0x33 0x60 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x28 0x4B 0x21 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x2D 0x47 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8D 0xC0 0x53 0xC2 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0xCE 0x33 0x60 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x28 0x4B 0x21 ...

    ---- EOF - GMER 1.0.15 ----

  4. #4
    Junior Member
    Join Date
    Jun 2010
    Posts
    13

    Default

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by t at 15:44:11.75 on Tue 07/06/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1375 [GMT -4:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\t\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.ask.com/?o=15438&l=dis
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
    uRun: [Google Update] "c:\documents and settings\t\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\yan3xiwg.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - plugin: c:\documents and settings\t\application data\mozilla\firefox\profiles\yan3xiwg.default\extensions\gametapplayer@gametap.com\plugins\npGameTapWebPlayer.dll
    FF - plugin: c:\documents and settings\t\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\t\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 164048]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-26 19024]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-5-14 816672]

    =============== Created Last 30 ================

    2010-07-06 18:51:35 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM
    2010-07-06 18:16:10 0 d-----w- c:\windows\system32\xlive
    2010-07-06 18:16:09 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2010-07-06 17:31:26 77832 ----a-w- c:\windows\system32\GameuxInstallHelper.dll
    2010-07-06 17:31:26 44552 ----a-w- c:\windows\system32\FirewallInstallHelper.dll
    2010-07-01 12:05:29 0 d-----w- c:\program files\Rockstar Games
    2010-07-01 09:45:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-07-01 08:25:35 0 d-----w- c:\program files\Flagship Studios
    2010-07-01 01:08:49 0 d-----w- c:\program files\Comical
    2010-06-30 00:59:50 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
    2010-06-27 04:24:39 0 d-----w- c:\docume~1\t\applic~1\uTorrent
    2010-06-26 20:41:19 0 d-----w- c:\program files\Trend Micro
    2010-06-25 07:54:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Tages
    2010-06-25 07:53:48 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2010-06-25 07:53:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2010-06-24 00:20:28 0 d-----w- c:\documents and settings\t\DesktoapII
    2010-06-23 23:50:25 0 d-----w- c:\windows\system32\Adobe
    2010-06-22 09:44:16 0 d-----w- c:\program files\Freelancer Companion
    2010-06-21 10:13:06 0 d-----w- c:\program files\Freelancer Mod Manager
    2010-06-21 09:20:45 0 d-----w- c:\program files\Microsoft Games
    2010-06-18 07:13:23 0 d-----w- c:\docume~1\t\applic~1\fltk.org
    2010-06-11 07:03:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
    2010-06-10 16:07:22 0 d-----w- c:\program files\VUGames
    2010-06-10 12:07:31 98816 ----a-w- c:\windows\sed.exe
    2010-06-10 12:07:31 77312 ----a-w- c:\windows\MBR.exe
    2010-06-10 12:07:31 256512 ----a-w- c:\windows\PEV.exe
    2010-06-10 12:07:31 161792 ----a-w- c:\windows\SWREG.exe

    ==================== Find3M ====================

    2010-05-16 21:18:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll

    ============= FINISH: 15:44:28.84 ===============







    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/24/2010 5:18:13 AM
    System Uptime: 7/6/2010 3:39:08 PM (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | M2N-VM DVI
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | CPU 1 | 2500/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 233 GiB total, 64.553 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP7: 2/20/2010 10:28:47 PM - System Checkpoint
    RP8: 2/21/2010 11:15:16 PM - System Checkpoint
    RP9: 2/22/2010 4:38:18 PM - Installed Windows KB954550-v5.
    RP10: 2/22/2010 4:38:25 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP11: 2/22/2010 4:38:33 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP12: 2/24/2010 7:35:34 AM - System Checkpoint
    RP13: 2/25/2010 9:24:41 AM - System Checkpoint
    RP14: 2/26/2010 9:50:40 AM - System Checkpoint
    RP15: 2/27/2010 10:56:14 AM - System Checkpoint
    RP16: 2/28/2010 11:50:40 AM - System Checkpoint
    RP17: 3/1/2010 3:38:21 PM - System Checkpoint
    RP18: 3/2/2010 5:11:11 PM - System Checkpoint
    RP19: 3/3/2010 7:28:31 PM - System Checkpoint
    RP20: 3/4/2010 7:50:37 PM - System Checkpoint
    RP21: 3/5/2010 7:51:40 PM - System Checkpoint
    RP22: 3/6/2010 4:40:35 AM - Installed Demon Stone
    RP23: 3/7/2010 3:48:43 AM - Removed Temple of Elemental Evil
    RP24: 3/7/2010 3:49:17 AM - Removed Demon Stone
    RP25: 3/8/2010 3:50:36 AM - System Checkpoint
    RP26: 3/9/2010 4:50:35 AM - System Checkpoint
    RP27: 3/10/2010 7:27:22 AM - Restore Operation
    RP28: 3/10/2010 8:44:13 AM - Software Distribution Service 3.0
    RP29: 3/11/2010 10:48:54 AM - System Checkpoint
    RP30: 3/12/2010 11:27:38 AM - System Checkpoint
    RP31: 3/12/2010 1:11:32 PM - Avg8 Update
    RP32: 3/12/2010 1:12:57 PM - Avg Update
    RP33: 3/13/2010 1:16:16 PM - System Checkpoint
    RP34: 3/14/2010 3:17:22 PM - System Checkpoint
    RP35: 3/15/2010 3:41:34 PM - System Checkpoint
    RP36: 3/16/2010 3:44:15 PM - System Checkpoint
    RP37: 3/17/2010 8:47:37 AM - Avg Update
    RP38: 3/18/2010 9:44:15 AM - System Checkpoint
    RP39: 3/19/2010 12:38:16 PM - System Checkpoint
    RP40: 3/20/2010 12:44:17 PM - System Checkpoint
    RP41: 3/21/2010 7:08:40 PM - System Checkpoint
    RP42: 3/22/2010 5:50:41 AM - Installed Steam
    RP43: 3/22/2010 6:10:30 AM - Installed DirectX
    RP44: 3/23/2010 10:43:02 AM - System Checkpoint
    RP45: 3/23/2010 9:09:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP46: 3/23/2010 9:32:39 PM - Software Distribution Service 3.0
    RP47: 3/23/2010 9:52:39 PM - Installed Dual-Core Optimizer.
    RP48: 3/24/2010 9:11:27 AM - Installed DirectX
    RP49: 3/24/2010 9:12:19 AM - Installed Windows XP Wdf01007.
    RP50: 3/25/2010 12:48:58 PM - System Checkpoint
    RP51: 3/25/2010 3:02:45 PM - Installed Windows XP WgaNotify.
    RP52: 3/26/2010 4:32:44 AM - Restore Operation
    RP53: 3/27/2010 4:38:06 AM - System Checkpoint
    RP54: 3/28/2010 4:39:44 AM - System Checkpoint
    RP55: 3/28/2010 1:53:20 PM - Installed Nero 8 Essentials
    RP56: 3/29/2010 2:04:46 PM - System Checkpoint
    RP57: 3/30/2010 3:03:30 PM - System Checkpoint
    RP58: 3/31/2010 3:04:35 PM - System Checkpoint
    RP59: 4/1/2010 6:55:48 PM - System Checkpoint
    RP60: 4/2/2010 7:04:35 PM - System Checkpoint
    RP61: 4/3/2010 8:03:31 PM - System Checkpoint
    RP62: 4/4/2010 9:03:30 PM - System Checkpoint
    RP63: 4/5/2010 10:03:30 PM - System Checkpoint
    RP64: 4/7/2010 10:16:38 PM - System Checkpoint
    RP65: 4/8/2010 11:03:17 PM - System Checkpoint
    RP66: 4/10/2010 12:03:16 AM - System Checkpoint
    RP67: 4/11/2010 1:03:16 AM - System Checkpoint
    RP68: 4/12/2010 2:03:17 AM - System Checkpoint
    RP69: 4/13/2010 3:03:17 AM - System Checkpoint
    RP70: 4/14/2010 4:03:17 AM - System Checkpoint
    RP71: 4/15/2010 4:36:09 AM - System Checkpoint
    RP72: 4/16/2010 6:54:14 AM - System Checkpoint
    RP73: 4/17/2010 7:03:17 AM - System Checkpoint
    RP74: 4/18/2010 8:03:17 AM - System Checkpoint
    RP75: 4/19/2010 8:40:46 AM - System Checkpoint
    RP76: 4/20/2010 9:40:46 AM - System Checkpoint
    RP77: 4/21/2010 12:22:24 PM - System Checkpoint
    RP78: 4/22/2010 12:40:46 PM - System Checkpoint
    RP79: 4/23/2010 3:05:03 PM - System Checkpoint
    RP80: 4/24/2010 3:43:38 PM - System Checkpoint
    RP81: 4/25/2010 4:42:32 PM - System Checkpoint
    RP82: 4/26/2010 4:43:37 PM - System Checkpoint
    RP83: 4/27/2010 5:43:37 PM - System Checkpoint
    RP84: 4/28/2010 6:42:32 PM - System Checkpoint
    RP85: 4/29/2010 6:54:53 PM - System Checkpoint
    RP86: 4/30/2010 7:49:57 PM - System Checkpoint
    RP87: 5/1/2010 7:51:02 PM - System Checkpoint
    RP88: 5/13/2010 1:11:51 PM - System Checkpoint
    RP89: 5/15/2010 12:23:10 AM - System Checkpoint
    RP90: 5/15/2010 12:52:35 PM - Avg Update
    RP91: 5/15/2010 1:01:25 PM - Avg Update
    RP92: 5/16/2010 1:02:46 PM - System Checkpoint
    RP93: 5/16/2010 5:18:09 PM - SPTD setup V1.62
    RP94: 5/16/2010 6:01:17 PM - Installed DirectX
    RP95: 5/17/2010 6:42:03 PM - System Checkpoint
    RP96: 5/18/2010 11:48:18 PM - System Checkpoint
    RP97: 5/19/2010 3:00:16 AM - Software Distribution Service 3.0
    RP98: 5/20/2010 3:02:43 AM - System Checkpoint
    RP99: 5/21/2010 4:02:43 AM - System Checkpoint
    RP100: 5/23/2010 3:00:13 AM - Software Distribution Service 3.0
    RP101: 5/25/2010 11:43:52 AM - FiOS Installation
    RP102: 5/25/2010 6:12:40 PM - Removed Ask Toolbar.
    RP103: 5/26/2010 3:00:19 AM - Software Distribution Service 3.0
    RP104: 5/26/2010 1:34:23 PM - avast! Free Antivirus Setup
    RP105: 5/29/2010 7:46:38 PM - Removed AVG Free 9.0
    RP106: 6/10/2010 8:07:40 AM - ComboFix created restore point
    RP107: 6/11/2010 3:00:21 AM - Software Distribution Service 3.0
    RP108: 6/16/2010 3:32:18 PM - Installed SPORE™
    RP109: 6/23/2010 3:00:13 AM - Software Distribution Service 3.0
    RP110: 6/24/2010 7:15:52 AM - Free Registry Fix restore point
    RP111: 6/25/2010 3:52:37 AM - Installed DirectX
    RP112: 6/26/2010 4:41:17 PM - Installed HiJackThis
    RP113: 6/29/2010 8:51:51 PM - Installed Gothic III
    RP114: 6/29/2010 8:59:47 PM - Installed Gothic III Release Update
    RP115: 6/29/2010 9:00:55 PM - Installed Gothic III Update 1.08
    RP116: 6/29/2010 9:01:53 PM - Installed Gothic III Update 1.09
    RP117: 6/29/2010 9:02:09 PM - Installed Gothic III Update 1.12
    RP118: 6/30/2010 10:22:26 AM - Removed Gothic III
    RP119: 6/30/2010 10:25:54 AM - Removed SPORE™
    RP120: 7/1/2010 4:25:28 AM - Installed Hellgate: London
    RP121: 7/1/2010 8:03:57 AM - Installed Bully Scholarship Edition
    RP122: 7/6/2010 1:32:47 PM - Installed DirectX
    RP123: 7/6/2010 2:14:53 PM - Installed DirectX
    RP124: 7/6/2010 2:16:08 PM - Installed Microsoft Games for Windows - LIVE Redistributable
    RP125: 7/6/2010 2:16:37 PM - Installed Rockstar Games Social Club
    RP126: 7/6/2010 2:36:52 PM - Installed Microsoft Games for Windows - LIVE Redistributable
    RP127: 7/6/2010 2:37:25 PM - Removed Microsoft Games for Windows - LIVE Redistributable
    RP128: 7/6/2010 2:42:41 PM - Installed Microsoft Games for Windows - LIVE Redistributable
    RP129: 7/6/2010 2:42:59 PM - Removed Microsoft Games for Windows - LIVE Redistributable
    RP130: 7/6/2010 2:49:21 PM - Installed Grand Theft Auto IV

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0
    Adobe Shockwave Player 11.5
    avast! Free Antivirus
    AviSynth 2.5
    Bully Scholarship Edition
    CCleaner
    Comical 0.8
    Dragon Age: Origins
    Dual-Core Optimizer
    EAX(tm) Unified (SHELL)
    EclindneLoc
    Freelancer
    Freelancer Companion 2.01
    Google Chrome
    Gothic III Release Update
    Grand Theft Auto IV
    Hellgate: London
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Java(TM) 6 Update 16
    Killing Floor
    Left 4 Dead
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Game Studios Common Redistributables Pack 1
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Xbox 360 Accessories 1.2
    Microsoft XML Parser
    Mount&Blade Warband
    Mozilla Firefox (3.6.3)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8 Essentials
    neroxml
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    OpenOffice.org 3.1
    PeerGuardian 2.0
    Realtek High Definition Audio Driver
    Risen
    Security Update for Windows XP (KB923789)
    SIW version 2010.04.28
    Spybot - Search & Destroy
    Steam
    System Requirements Lab
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    WebFldrs XP
    Windows Essentials Media Codec Pack 2.3d
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    7/6/2010 3:40:37 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 899e4978, parameter3 899e4aec, parameter4 805d2954.
    7/6/2010 3:35:22 PM, error: System Error [1003] - Error code 10000050, parameter1 e4cc8000, parameter2 00000000, parameter3 b0e01c3e, parameter4 00000001.
    6/29/2010 10:13:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Dragon Age: Origins - Content Updater service to connect.

    ==== End Of File ===========================

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Junior Member
    Join Date
    Jun 2010
    Posts
    13

    Default

    ComboFix 10-07-07.02 - t 07/08/2010 11:29:38.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1594 [GMT -4:00]
    Running from: c:\documents and settings\t\My Documents\Downloads\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

    ----- BITS: Possible infected sites -----

    hxxp://download.xbox.com:80
    .
    ((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
    .

    2010-07-06 18:51 . 2010-07-06 18:51 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
    2010-07-06 18:19 . 2010-07-06 18:51 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Rockstar Games
    2010-07-06 18:16 . 2010-07-06 18:16 -------- d-----w- c:\windows\system32\xlive
    2010-07-06 18:16 . 2010-07-06 18:16 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2010-07-06 17:40 . 2010-07-06 17:40 -------- d--h--r- c:\documents and settings\t\Application Data\SecuROM
    2010-07-06 17:31 . 2007-10-22 07:38 77832 ----a-w- c:\windows\system32\GameuxInstallHelper.dll
    2010-07-06 17:31 . 2007-10-22 07:37 44552 ----a-w- c:\windows\system32\FirewallInstallHelper.dll
    2010-07-01 12:05 . 2010-07-06 18:50 -------- d-----w- c:\program files\Rockstar Games
    2010-07-01 09:45 . 2010-07-01 09:45 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-07-01 08:25 . 2010-07-01 08:25 -------- d-----w- c:\program files\Flagship Studios
    2010-07-01 01:08 . 2010-07-01 01:08 -------- d-----w- c:\program files\Comical
    2010-06-30 00:59 . 2010-06-30 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
    2010-06-29 14:32 . 2010-06-29 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-06-27 04:24 . 2010-07-05 15:21 -------- d-----w- c:\documents and settings\t\Application Data\uTorrent
    2010-06-26 20:41 . 2010-06-26 20:41 388096 ----a-r- c:\documents and settings\t\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-06-26 20:41 . 2010-06-26 20:41 -------- d-----w- c:\program files\Trend Micro
    2010-06-25 07:56 . 2010-06-25 07:56 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Risen
    2010-06-25 07:54 . 2010-06-25 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
    2010-06-25 07:53 . 2010-06-25 07:54 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2010-06-25 07:53 . 2010-06-25 07:53 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2010-06-24 11:13 . 2010-06-24 11:21 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Promosoft Corporation
    2010-06-24 11:13 . 2010-06-24 11:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-06-24 00:20 . 2010-06-24 00:20 -------- d-----w- c:\documents and settings\t\DesktoapII
    2010-06-23 23:50 . 2010-06-23 23:50 -------- d-----w- c:\windows\system32\Adobe
    2010-06-22 09:44 . 2010-06-22 09:44 -------- d-----w- c:\program files\Freelancer Companion
    2010-06-21 10:24 . 2010-06-21 10:24 -------- d-----w- c:\documents and settings\t\Local Settings\Application Data\Freelancer
    2010-06-21 10:13 . 2010-06-21 10:13 -------- d-----w- c:\program files\Freelancer Mod Manager
    2010-06-21 09:20 . 2010-06-21 09:20 -------- d-----w- c:\program files\Microsoft Games
    2010-06-18 07:13 . 2010-06-18 07:13 -------- d-----w- c:\documents and settings\t\Application Data\fltk.org
    2010-06-11 07:03 . 2010-06-11 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
    2010-06-10 16:07 . 2010-06-10 16:07 -------- d-----w- c:\program files\VUGames

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-06 18:50 . 2010-02-02 15:47 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-06 17:05 . 2010-02-05 22:36 -------- d-----w- c:\program files\Mount&Blade
    2010-07-06 05:50 . 2010-01-26 02:27 17744 ----a-w- c:\documents and settings\t\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-06-30 02:13 . 2010-03-22 09:50 -------- d-----w- c:\program files\Steam
    2010-06-30 00:59 . 2010-02-02 15:47 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-06-29 14:32 . 2010-03-17 01:28 -------- d-----w- c:\program files\Yahoo!
    2010-06-28 05:23 . 2010-02-02 15:53 1 ----a-w- c:\documents and settings\t\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-06-25 10:30 . 2010-01-25 16:43 -------- d-----w- c:\documents and settings\t\Application Data\BitTorrent
    2010-06-25 04:58 . 2010-02-02 09:57 -------- d-----w- c:\documents and settings\t\Application Data\AdobeUM
    2010-06-21 06:41 . 2010-05-26 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-06-21 06:41 . 2010-01-30 11:58 -------- d-----w- c:\documents and settings\t\Application Data\Media Player Classic
    2010-06-10 11:59 . 2010-05-25 22:08 -------- d-----w- c:\program files\CCleaner
    2010-06-06 09:11 . 2010-03-17 03:55 -------- d-----w- c:\documents and settings\t\Application Data\Yahoo!
    2010-05-31 08:23 . 2010-05-31 08:23 -------- d-----w- c:\program files\SIW
    2010-05-29 19:09 . 2010-01-25 16:58 0 ----a-w- c:\documents and settings\t\Local Settings\Application Data\prvlcl.dat
    2010-05-27 01:45 . 2010-05-27 01:45 -------- d-----w- c:\documents and settings\t\Application Data\NVIDIA
    2010-05-26 23:27 . 2010-01-31 19:43 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-05-26 23:26 . 2010-01-31 19:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30 . 2008-04-14 04:39 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-16 16:09 . 2008-04-14 04:42 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-04-16 16:09 . 2008-04-14 04:41 81920 ----a-w- c:\windows\system32\ieencode.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1382400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^t^Start Menu^Programs^Startup^Demonstone Registration.lnk]
    backup=c:\windows\pss\Demonstone Registration.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^t^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^t^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-06-03 07:10 136176 ----atw- c:\documents and settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-06-24 20:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-06-16 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-06-16 10:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-07-09 19:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2007-04-04 09:22 1822720 ------r- c:\windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-05-15 17:26 1238352 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
    2009-09-30 21:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "YahooAUService"=2 (0x2)
    "Schedule"=2 (0x2)
    "RemoteRegistry"=2 (0x2)
    "RasMan"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "helpsvc"=2 (0x2)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "Eventlog"=2 (0x2)
    "ERSvc"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Take Two\\borderlands\\Binaries\\Borderlands.exe"=
    "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
    "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
    "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\risen\\bin\\Risen.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
    "c:\\Documents and Settings\\t\\My Documents\\Downloads\\utorrent.exe"=
    "c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
    "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
    "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/26/2010 1:34 PM 164048]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/26/2010 1:34 PM 19024]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/26/2010 11:18 PM 691696]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1425521274-1801674531-1003Core.job
    - c:\documents and settings\t\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-03 07:10]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com/?o=15438&l=dis
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    FF - ProfilePath - c:\documents and settings\t\Application Data\Mozilla\Firefox\Profiles\yan3xiwg.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - plugin: c:\documents and settings\t\Application Data\Mozilla\Firefox\Profiles\yan3xiwg.default\extensions\GameTapPlayer@gametap.com\plugins\npGameTapWebPlayer.dll
    FF - plugin: c:\documents and settings\t\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\t\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-nwiz - nwiz.exe
    MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    AddRemove-EAX(tm) Unified (SHELL) - c:\program files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu
    AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1614895754-1425521274-1801674531-1003\Software\SecuROM\License information*]
    "datasecu"=hex:d3,d6,50,3f,a7,7f,09,08,4a,c5,bb,6a,3b,c1,1c,20,de,72,9d,9f,7e,
    70,58,0d,df,a7,d5,4d,fc,31,ee,95,9b,48,60,bd,82,45,c1,5c,da,aa,89,4c,9d,8b,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2010-07-08 11:35:18
    ComboFix-quarantined-files.txt 2010-07-08 15:35
    ComboFix2.txt 2010-06-10 12:15

    Pre-Run: 71,591,587,840 bytes free
    Post-Run: 71,672,664,064 bytes free

    - - End Of File - - CA6404C315082EF52CD5716B1C6ABC84

  7. #7
    Junior Member
    Join Date
    Jun 2010
    Posts
    13

    Default

    DDS will not run now. I try to open it and all i get is the black screen which closes immediately.

  8. #8
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Please try again after a reboot.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Junior Member
    Join Date
    Jun 2010
    Posts
    13

    Default

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by t at 15:40:13.56 on Thu 07/08/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1643 [GMT -4:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\t\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.ask.com/?o=15438&l=dis
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\yan3xiwg.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-26 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-5-14 816672]

    =============== Created Last 30 ================

    2010-07-08 15:36:28 38848 ----a-w- c:\windows\avastSS.scr
    2010-07-08 15:28:09 0 d-----w- C:\ComboFix
    2010-07-06 18:51:35 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM
    2010-07-06 18:16:10 0 d-----w- c:\windows\system32\xlive
    2010-07-06 18:16:09 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2010-07-06 17:31:26 77832 ----a-w- c:\windows\system32\GameuxInstallHelper.dll
    2010-07-06 17:31:26 44552 ----a-w- c:\windows\system32\FirewallInstallHelper.dll
    2010-07-01 12:05:29 0 d-----w- c:\program files\Rockstar Games
    2010-07-01 09:45:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-07-01 08:25:35 0 d-----w- c:\program files\Flagship Studios
    2010-07-01 01:08:49 0 d-----w- c:\program files\Comical
    2010-06-30 00:59:50 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
    2010-06-27 04:24:39 0 d-----w- c:\docume~1\t\applic~1\uTorrent
    2010-06-26 20:41:19 0 d-----w- c:\program files\Trend Micro
    2010-06-25 07:54:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Tages
    2010-06-25 07:53:48 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2010-06-25 07:53:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2010-06-24 00:20:28 0 d-----w- c:\documents and settings\t\DesktoapII
    2010-06-23 23:50:25 0 d-----w- c:\windows\system32\Adobe
    2010-06-22 09:44:16 0 d-----w- c:\program files\Freelancer Companion
    2010-06-21 10:13:06 0 d-----w- c:\program files\Freelancer Mod Manager
    2010-06-21 09:20:45 0 d-----w- c:\program files\Microsoft Games
    2010-06-18 07:13:23 0 d-----w- c:\docume~1\t\applic~1\fltk.org
    2010-06-11 07:03:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
    2010-06-10 16:07:22 0 d-----w- c:\program files\VUGames
    2010-06-10 12:07:31 98816 ----a-w- c:\windows\sed.exe
    2010-06-10 12:07:31 77312 ----a-w- c:\windows\MBR.exe
    2010-06-10 12:07:31 256512 ----a-w- c:\windows\PEV.exe
    2010-06-10 12:07:31 161792 ----a-w- c:\windows\SWREG.exe

    ==================== Find3M ====================

    2010-05-16 21:18:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll

    ============= FINISH: 15:40:33.50 ===============

  10. #10
    Junior Member
    Join Date
    Jun 2010
    Posts
    13

    Default

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/24/2010 5:18:13 AM
    System Uptime: 7/8/2010 3:38:18 PM (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | M2N-VM DVI
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | CPU 1 | 2499/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 233 GiB total, 66.792 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP7: 2/20/2010 10:28:47 PM - System Checkpoint
    RP8: 2/21/2010 11:15:16 PM - System Checkpoint
    RP9: 2/22/2010 4:38:18 PM - Installed Windows KB954550-v5.
    RP10: 2/22/2010 4:38:25 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP11: 2/22/2010 4:38:33 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP12: 2/24/2010 7:35:34 AM - System Checkpoint
    RP13: 2/25/2010 9:24:41 AM - System Checkpoint
    RP14: 2/26/2010 9:50:40 AM - System Checkpoint
    RP15: 2/27/2010 10:56:14 AM - System Checkpoint
    RP16: 2/28/2010 11:50:40 AM - System Checkpoint
    RP17: 3/1/2010 3:38:21 PM - System Checkpoint
    RP18: 3/2/2010 5:11:11 PM - System Checkpoint
    RP19: 3/3/2010 7:28:31 PM - System Checkpoint
    RP20: 3/4/2010 7:50:37 PM - System Checkpoint
    RP21: 3/5/2010 7:51:40 PM - System Checkpoint
    RP22: 3/6/2010 4:40:35 AM - Installed Demon Stone
    RP23: 3/7/2010 3:48:43 AM - Removed Temple of Elemental Evil
    RP24: 3/7/2010 3:49:17 AM - Removed Demon Stone
    RP25: 3/8/2010 3:50:36 AM - System Checkpoint
    RP26: 3/9/2010 4:50:35 AM - System Checkpoint
    RP27: 3/10/2010 7:27:22 AM - Restore Operation
    RP28: 3/10/2010 8:44:13 AM - Software Distribution Service 3.0
    RP29: 3/11/2010 10:48:54 AM - System Checkpoint
    RP30: 3/12/2010 11:27:38 AM - System Checkpoint
    RP31: 3/12/2010 1:11:32 PM - Avg8 Update
    RP32: 3/12/2010 1:12:57 PM - Avg Update
    RP33: 3/13/2010 1:16:16 PM - System Checkpoint
    RP34: 3/14/2010 3:17:22 PM - System Checkpoint
    RP35: 3/15/2010 3:41:34 PM - System Checkpoint
    RP36: 3/16/2010 3:44:15 PM - System Checkpoint
    RP37: 3/17/2010 8:47:37 AM - Avg Update
    RP38: 3/18/2010 9:44:15 AM - System Checkpoint
    RP39: 3/19/2010 12:38:16 PM - System Checkpoint
    RP40: 3/20/2010 12:44:17 PM - System Checkpoint
    RP41: 3/21/2010 7:08:40 PM - System Checkpoint
    RP42: 3/22/2010 5:50:41 AM - Installed Steam
    RP43: 3/22/2010 6:10:30 AM - Installed DirectX
    RP44: 3/23/2010 10:43:02 AM - System Checkpoint
    RP45: 3/23/2010 9:09:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP46: 3/23/2010 9:32:39 PM - Software Distribution Service 3.0
    RP47: 3/23/2010 9:52:39 PM - Installed Dual-Core Optimizer.
    RP48: 3/24/2010 9:11:27 AM - Installed DirectX
    RP49: 3/24/2010 9:12:19 AM - Installed Windows XP Wdf01007.
    RP50: 3/25/2010 12:48:58 PM - System Checkpoint
    RP51: 3/25/2010 3:02:45 PM - Installed Windows XP WgaNotify.
    RP52: 3/26/2010 4:32:44 AM - Restore Operation
    RP53: 3/27/2010 4:38:06 AM - System Checkpoint
    RP54: 3/28/2010 4:39:44 AM - System Checkpoint
    RP55: 3/28/2010 1:53:20 PM - Installed Nero 8 Essentials
    RP56: 3/29/2010 2:04:46 PM - System Checkpoint
    RP57: 3/30/2010 3:03:30 PM - System Checkpoint
    RP58: 3/31/2010 3:04:35 PM - System Checkpoint
    RP59: 4/1/2010 6:55:48 PM - System Checkpoint
    RP60: 4/2/2010 7:04:35 PM - System Checkpoint
    RP61: 4/3/2010 8:03:31 PM - System Checkpoint
    RP62: 4/4/2010 9:03:30 PM - System Checkpoint
    RP63: 4/5/2010 10:03:30 PM - System Checkpoint
    RP64: 4/7/2010 10:16:38 PM - System Checkpoint
    RP65: 4/8/2010 11:03:17 PM - System Checkpoint
    RP66: 4/10/2010 12:03:16 AM - System Checkpoint
    RP67: 4/11/2010 1:03:16 AM - System Checkpoint
    RP68: 4/12/2010 2:03:17 AM - System Checkpoint
    RP69: 4/13/2010 3:03:17 AM - System Checkpoint
    RP70: 4/14/2010 4:03:17 AM - System Checkpoint
    RP71: 4/15/2010 4:36:09 AM - System Checkpoint
    RP72: 4/16/2010 6:54:14 AM - System Checkpoint
    RP73: 4/17/2010 7:03:17 AM - System Checkpoint
    RP74: 4/18/2010 8:03:17 AM - System Checkpoint
    RP75: 4/19/2010 8:40:46 AM - System Checkpoint
    RP76: 4/20/2010 9:40:46 AM - System Checkpoint
    RP77: 4/21/2010 12:22:24 PM - System Checkpoint
    RP78: 4/22/2010 12:40:46 PM - System Checkpoint
    RP79: 4/23/2010 3:05:03 PM - System Checkpoint
    RP80: 4/24/2010 3:43:38 PM - System Checkpoint
    RP81: 4/25/2010 4:42:32 PM - System Checkpoint
    RP82: 4/26/2010 4:43:37 PM - System Checkpoint
    RP83: 4/27/2010 5:43:37 PM - System Checkpoint
    RP84: 4/28/2010 6:42:32 PM - System Checkpoint
    RP85: 4/29/2010 6:54:53 PM - System Checkpoint
    RP86: 4/30/2010 7:49:57 PM - System Checkpoint
    RP87: 5/1/2010 7:51:02 PM - System Checkpoint
    RP88: 5/13/2010 1:11:51 PM - System Checkpoint
    RP89: 5/15/2010 12:23:10 AM - System Checkpoint
    RP90: 5/15/2010 12:52:35 PM - Avg Update
    RP91: 5/15/2010 1:01:25 PM - Avg Update
    RP92: 5/16/2010 1:02:46 PM - System Checkpoint
    RP93: 5/16/2010 5:18:09 PM - SPTD setup V1.62
    RP94: 5/16/2010 6:01:17 PM - Installed DirectX
    RP95: 5/17/2010 6:42:03 PM - System Checkpoint
    RP96: 5/18/2010 11:48:18 PM - System Checkpoint
    RP97: 5/19/2010 3:00:16 AM - Software Distribution Service 3.0
    RP98: 5/20/2010 3:02:43 AM - System Checkpoint
    RP99: 5/21/2010 4:02:43 AM - System Checkpoint
    RP100: 5/23/2010 3:00:13 AM - Software Distribution Service 3.0
    RP101: 5/25/2010 11:43:52 AM - FiOS Installation
    RP102: 5/25/2010 6:12:40 PM - Removed Ask Toolbar.
    RP103: 5/26/2010 3:00:19 AM - Software Distribution Service 3.0
    RP104: 5/26/2010 1:34:23 PM - avast! Free Antivirus Setup
    RP105: 5/29/2010 7:46:38 PM - Removed AVG Free 9.0
    RP106: 6/10/2010 8:07:40 AM - ComboFix created restore point
    RP107: 6/11/2010 3:00:21 AM - Software Distribution Service 3.0
    RP108: 6/16/2010 3:32:18 PM - Installed SPORE™
    RP109: 6/23/2010 3:00:13 AM - Software Distribution Service 3.0
    RP110: 6/24/2010 7:15:52 AM - Free Registry Fix restore point
    RP111: 6/25/2010 3:52:37 AM - Installed DirectX
    RP112: 6/26/2010 4:41:17 PM - Installed HiJackThis
    RP113: 6/29/2010 8:51:51 PM - Installed Gothic III
    RP114: 6/29/2010 8:59:47 PM - Installed Gothic III Release Update
    RP115: 6/29/2010 9:00:55 PM - Installed Gothic III Update 1.08
    RP116: 6/29/2010 9:01:53 PM - Installed Gothic III Update 1.09
    RP117: 6/29/2010 9:02:09 PM - Installed Gothic III Update 1.12
    RP118: 6/30/2010 10:22:26 AM - Removed Gothic III
    RP119: 6/30/2010 10:25:54 AM - Removed SPORE™
    RP120: 7/1/2010 4:25:28 AM - Installed Hellgate: London
    RP121: 7/1/2010 8:03:57 AM - Installed Bully Scholarship Edition
    RP122: 7/6/2010 1:32:47 PM - Installed DirectX
    RP123: 7/6/2010 2:14:53 PM - Installed DirectX
    RP124: 7/6/2010 2:16:08 PM - Installed Microsoft Games for Windows - LIVE Redistributable
    RP125: 7/6/2010 2:16:37 PM - Installed Rockstar Games Social Club
    RP126: 7/6/2010 2:36:52 PM - Installed Microsoft Games for Windows - LIVE Redistributable
    RP127: 7/6/2010 2:37:25 PM - Removed Microsoft Games for Windows - LIVE Redistributable
    RP128: 7/6/2010 2:42:41 PM - Installed Microsoft Games for Windows - LIVE Redistributable
    RP129: 7/6/2010 2:42:59 PM - Removed Microsoft Games for Windows - LIVE Redistributable
    RP130: 7/6/2010 2:49:21 PM - Installed Grand Theft Auto IV
    RP131: 7/8/2010 11:28:21 AM - ComboFix created restore point

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0
    Adobe Shockwave Player 11.5
    avast! Free Antivirus
    AviSynth 2.5
    Bully Scholarship Edition
    CCleaner
    Comical 0.8
    Dragon Age: Origins
    Dual-Core Optimizer
    EclindneLoc
    Freelancer
    Freelancer Companion 2.01
    Google Chrome
    Gothic III Release Update
    Grand Theft Auto IV
    Hellgate: London
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Java(TM) 6 Update 16
    Killing Floor
    Left 4 Dead
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Game Studios Common Redistributables Pack 1
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Xbox 360 Accessories 1.2
    Microsoft XML Parser
    Mount&Blade Warband
    Mozilla Firefox (3.6.3)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8 Essentials
    neroxml
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    OpenOffice.org 3.1
    PeerGuardian 2.0
    Realtek High Definition Audio Driver
    Risen
    Security Update for Windows XP (KB923789)
    SIW version 2010.04.28
    Steam
    System Requirements Lab
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    WebFldrs XP
    Windows Essentials Media Codec Pack 2.3d
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    7/8/2010 11:36:30 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    7/8/2010 11:29:12 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    7/6/2010 3:40:37 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 899e4978, parameter3 899e4aec, parameter4 805d2954.
    7/6/2010 3:35:22 PM, error: System Error [1003] - Error code 10000050, parameter1 e4cc8000, parameter2 00000000, parameter3 b0e01c3e, parameter4 00000001.

    ==== End Of File ===========================

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •