Results 1 to 6 of 6

Thread: "antivirus software" malwar infection (tough one![repost as requested :)])

  1. #1
    Junior Member
    Join Date
    Aug 2010
    Posts
    3

    Default "antivirus software" malwar infection (tough one![repost as requested :)])

    Hello, I am using vista service pack 2. This is a repost with DDS log this time as requested.... Yesterday my wife called me at work and said the computer keeps poping up that we are infected and need to activate some antivirus software. Then it blocked all internet access, then it stoped allowing us to start any executables with the following message.

    "Application cannot be executed. The file is infected. do you want to activate your antivirus now?"

    Obviously I don't believe this message.

    So my first question is how did I get this?


    Now here is what I have done so far

    I was able to get it to reboot into safe mode using msconfig. Then I ran spybot search and destroy and ran the imunization then scanned the system. It found some stuff and got rid of it. Then rebooted again into safe mode but this time with network enabled. When I tried to go to the web I get a proxy error message saying firefox cannot connect to the proxy server. I do not use a proxy server so I assumed this was relatd to the malware. I am assuming this is because when I immunized with spybot that server was blacklisted. So I went into the firefox setup and told it not to use the system proxy information and to use normal host. Since I was able to access the internet I downloaded hijackThis and malwarebytes anti-malware software. I ran the anti-malware and it found a few things that it deleted. Then I went to hijackThis and fixed an entry related to the proxy. Every thing seems to be cleaned up now but I would very much appreciate it if someone here could look over my DDS log below and make sure I actually got rid of all the malware.

    Thank you Very much!!




    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Mark at 19:05:52.94 on Sat 08/14/2010
    Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.3597 [GMT -4:00]

    AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\AASP\1.00.77\aaCenter.exe
    C:\Windows\RAVCpl64.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
    C:\Program Files (x86)\Wallpaper Cycle\Change Wallpaper.exe
    C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Mark\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/ig
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\syswow64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan enterprise\scriptcl.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [PlayNC Launcher]
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [ShStatEXE] "c:\program files (x86)\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [McAfeeUpdaterUI] "c:\program files (x86)\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
    mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
    mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
    mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
    mRun: [iPodConverterSuite_upgrade] "c:\program files (x86)\e-zsoft\ipodconvertersuite\iPodConverterSuite.exe" /upgrade
    StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\change~1.lnk - c:\program files (x86)\wallpaper cycle\Change Wallpaper.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Search - ?p=ZJfox000
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [Skytel] Skytel.exe
    mRun-x64: [RtHDVCpl] RAVCpl64.exe
    mRun-x64: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\iy2hn8ty.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=S9FdCwBBvVevd8.yPZ1NJA&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce826a&searchfor=
    FF - prefs.js: network.proxy.type - 1
    FF - plugin: c:\program files (x86)\download manager\npfpdlm.dll
    FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\users\mark\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\mark\appdata\roaming\mozilla\firefox\profiles\iy2hn8ty.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071301000019.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-9-13 52760]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-4 202752]
    R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files (x86)\mcafee\common framework\FrameworkService.exe [2009-9-9 104000]
    R2 McShield;McAfee McShield;c:\program files (x86)\mcafee\virusscan enterprise\x64\McShield.exe [2006-11-30 153664]
    R2 McTaskManager;McAfee Task Manager;c:\program files (x86)\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-8-7 1153368]
    R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-9-9 92488]
    R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-9-9 246344]
    S1 mferkdk;VSCore mferkdk;c:\program files (x86)\mcafee\virusscan enterprise\x64\mferkdk.sys [2006-11-30 38600]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-3 25832]
    S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2009-3-16 12744]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-3-31 16896]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 19456]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 9216]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-20 29184]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
    S3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24\RivaTuner64.sys [2009-2-25 19952]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-18 89920]

    ============== File Associations ===============

    JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

    =============== Created Last 30 ================

    2010-08-14 19:57:43 0 d-----w- c:\users\mark\appdata\roaming\Malwarebytes
    2010-08-14 19:57:36 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-14 19:57:36 0 d-----w- c:\programdata\Malwarebytes
    2010-08-14 19:57:36 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2010-08-12 14:46:00 453120 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-12 14:46:00 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-03 10:20:16 11584512 ----a-w- c:\windows\syswow64\shell32.dll
    2010-07-26 11:26:47 0 d-----w- c:\program files\iPod
    2010-07-26 11:26:46 0 d-----w- c:\program files\iTunes

    ==================== Find3M ====================

    2010-06-26 14:15:35 86016 ----a-w- c:\windows\inf\infstor.dat
    2010-06-26 14:15:35 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-06-26 14:15:34 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
    2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
    2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
    2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
    2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
    2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
    2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
    2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
    2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
    2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
    2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
    2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
    2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
    2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
    2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
    2010-06-21 14:05:22 2752000 ----a-w- c:\windows\system32\win32k.sys
    2010-06-18 17:48:21 50688 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-18 17:31:29 36864 ----a-w- c:\windows\syswow64\rtutils.dll
    2010-06-16 17:11:35 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-06-11 16:39:28 343040 ----a-w- c:\windows\system32\schannel.dll
    2010-06-11 16:38:10 1869824 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-11 16:16:20 274944 ----a-w- c:\windows\syswow64\schannel.dll
    2010-06-11 16:15:06 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
    2010-06-08 18:00:36 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\syswow64\GPhotos.scr
    2010-05-27 20:08:17 81920 ----a-w- c:\windows\syswow64\iccvid.dll
    2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
    2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
    2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-18 20:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 20:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-18 20:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
    2010-05-18 20:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
    2009-11-18 11:21:58 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
    2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
    2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-10-15 22:16:37 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-03-19 00:18:15 16384 --sha-w- c:\windows\temp\cookies\index.dat
    2009-03-19 00:18:15 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
    2009-03-19 00:18:15 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

    ============= FINISH: 19:06:32.18 ===============

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    If help still needed please do this:
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Copy-paste following contents into custom scan -area:
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\*.wt
      %systemroot%\system32\*.ruy
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Aug 2010
    Posts
    3

    Default

    OTL logfile created on: 8/22/2010 6:34:31 PM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Mark\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 78.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.51 Gb Total Space | 509.27 Gb Free Space | 54.67% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ZEUS
    Current User Name: Mark
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Mark\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\BOINC\boinctray.exe (Space Sciences Laboratory)
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
    PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
    PRC - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
    PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
    PRC - C:\Program Files (x86)\Wallpaper Cycle\Change Wallpaper.exe (Xarsoft)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Mark\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
    SRV:64bit: - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
    SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
    SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
    SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
    SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
    SRV - (SSScsiSV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
    SRV - (SonicStage Back-End Service) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
    SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
    SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
    SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
    SRV - (McShield) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe (McAfee, Inc.)
    SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
    SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
    SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
    DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
    DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
    DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
    DRV:64bit: - (DhaHelper) -- C:\Windows\SysNative\drivers\dhahelper.sys File not found
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
    DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
    DRV:64bit: - (motccgp) -- C:\Windows\SysNative\DRIVERS\motccgp.sys (Motorola)
    DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys (Motorola)
    DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys (EnTech Taiwan)
    DRV:64bit: - (motport) -- C:\Windows\SysNative\DRIVERS\motport.sys (Motorola)
    DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
    DRV:64bit: - (libusb0) -- C:\Windows\SysNative\DRIVERS\libusb0.sys (http://libusb-win32.sourceforge.net)
    DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
    DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV:64bit: - (mfetdik) -- C:\Windows\SysNative\drivers\mfetdik.sys (McAfee, Inc.)
    DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
    DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys ()
    DRV - (hmonitor) -- C:\Windows\SysWOW64\drivers\Hmonitor.sys ()
    DRV - (DhaHelper) -- C:\Windows\SysWOW64\drivers\dhahelper.sys (MPlayer <http://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>)
    DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan)
    DRV - (mferkdk) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys (McAfee, Inc.)
    DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071301000019
    FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=S9FdCwBBvVevd8.yPZ1NJA&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce826a&searchfor="
    FF - prefs.js..network.proxy.type: 1

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/06 06:08:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/22 18:31:15 | 000,000,000 | ---D | M]

    [2009/03/21 02:08:46 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
    [2010/08/15 15:25:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\iy2hn8ty.default\extensions
    [2010/05/15 20:44:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\iy2hn8ty.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/06/05 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\iy2hn8ty.default\extensions\moveplayer@movenetworks.com
    [2010/02/25 07:39:59 | 000,009,977 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\iy2hn8ty.default\searchplugins\mywebsearch.xml
    [2010/08/14 15:15:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2009/04/27 10:06:30 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

    O1 HOSTS File: ([2010/08/14 13:52:53 | 000,416,870 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 14390 more lines...
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [boincmgr] C:\Program Files (x86)\BOINC\boincmgr.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [boinctray] C:\Program Files (x86)\BOINC\boinctray.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [iPodConverterSuite_upgrade] C:\Program Files (x86)\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe (E-Z soft)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [PlayNC Launcher] File not found
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Change Wallpaper.lnk = C:\Program Files (x86)\Wallpaper Cycle\Change Wallpaper.exe (Xarsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca..._2.3.8.110.cab (CDownloadCtrl Object)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Java Plug-in 1.4.2_19)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
    O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/31 20:20:36 | 000,000,022 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{2fe03d5f-c46f-11de-b8d2-00248c0e318c}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe -- File not found
    O33 - MountPoints2\{2fe03d5f-c46f-11de-b8d2-00248c0e318c}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe -- File not found
    O33 - MountPoints2\{9d5c684c-1188-11de-875c-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{9d5c684c-1188-11de-875c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe -- File not found
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe -- File not found
    O33 - MountPoints2\E\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/08/14 19:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BOINC
    [2010/08/14 19:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BOINC
    [2010/08/14 19:34:34 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
    [2010/08/14 15:57:43 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
    [2010/08/14 15:57:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/08/14 15:57:36 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/08/14 15:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/08/14 15:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/08/14 14:17:47 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\backups
    [2010/08/14 14:12:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mark\Desktop\HijackThis.exe
    [2010/08/13 10:46:16 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\gechoorpi
    [2010/08/12 10:45:54 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
    [2010/08/12 10:45:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
    [2010/08/12 10:45:43 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
    [2010/08/12 10:45:41 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2010/08/12 10:45:32 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
    [2010/08/12 10:45:29 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2010/08/12 10:45:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
    [2010/08/12 10:45:27 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2010/08/12 10:45:27 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2010/08/12 10:45:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
    [2010/08/12 10:45:26 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2010/08/12 10:45:26 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2010/08/12 10:45:24 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2010/08/12 10:45:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2010/08/12 10:45:24 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2010/08/12 10:45:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2010/08/12 10:45:24 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2010/08/12 10:45:24 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2010/08/12 10:45:24 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2010/08/12 10:45:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2010/08/12 10:45:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2010/08/12 10:45:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2010/08/12 10:45:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2010/08/12 10:45:22 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2010/08/12 10:45:22 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2010/08/12 10:45:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2010/08/12 10:45:21 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2010/07/26 07:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/07/26 07:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/08/22 18:33:46 | 007,864,320 | -HS- | M] () -- C:\Users\Mark\NTUSER.DAT
    [2010/08/22 18:31:16 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/08/22 18:30:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/08/22 15:43:32 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/08/22 15:43:32 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/08/22 07:51:56 | 000,002,301 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2010/08/14 19:43:35 | 000,703,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/08/14 19:43:35 | 000,603,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/08/14 19:43:35 | 000,105,032 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/08/14 19:37:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/08/14 19:37:34 | 2137,120,767 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/14 19:35:37 | 000,524,288 | -HS- | M] () -- C:\Users\Mark\NTUSER.DAT{74a36563-da63-11de-90fd-00248c0e318c}.TMContainer00000000000000000001.regtrans-ms
    [2010/08/14 19:35:37 | 000,065,536 | -HS- | M] () -- C:\Users\Mark\NTUSER.DAT{74a36563-da63-11de-90fd-00248c0e318c}.TM.blf
    [2010/08/14 19:35:28 | 002,501,294 | -H-- | M] () -- C:\Users\Mark\AppData\Local\IconCache.db
    [2010/08/14 16:18:13 | 000,000,732 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps64.dat
    [2010/08/14 14:12:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mark\Desktop\HijackThis.exe
    [2010/08/14 14:08:15 | 000,000,680 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
    [2010/08/14 13:52:53 | 000,416,870 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2010/08/12 15:29:35 | 000,390,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/07/26 07:27:25 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/08/14 16:34:07 | 2137,120,767 | -HS- | C] () -- C:\hiberfil.sys
    [2010/08/14 16:32:10 | 000,293,376 | ---- | C] () -- C:\Users\Mark\Desktop\gmer.exe
    [2010/08/14 14:03:56 | 000,000,680 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
    [2010/07/26 07:27:25 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/04/09 20:32:25 | 000,034,136 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\ReplayMusicLog.log
    [2010/04/09 20:13:24 | 000,000,556 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\ReplayConverterLog.log
    [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/02/25 19:50:24 | 000,004,429 | ---- | C] () -- C:\Windows\wininit.ini
    [2009/12/15 18:32:07 | 000,363,192 | ---- | C] () -- C:\Users\Mark\AppData\Local\dd_vcredistMSI6DB6.txt
    [2009/12/15 18:32:07 | 000,013,130 | ---- | C] () -- C:\Users\Mark\AppData\Local\dd_vcredistUI6DB6.txt
    [2009/10/18 05:55:34 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
    [2009/10/18 05:55:33 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
    [2009/10/18 05:55:33 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
    [2009/10/18 05:55:33 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
    [2009/10/18 05:55:33 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
    [2009/10/18 05:55:33 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll
    [2009/10/18 05:55:33 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
    [2009/10/18 05:55:33 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
    [2009/10/18 05:55:33 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
    [2009/10/18 05:55:33 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
    [2009/10/18 05:55:33 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
    [2009/10/18 05:55:33 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
    [2009/10/18 05:55:33 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
    [2009/10/18 05:55:33 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
    [2009/10/18 05:55:33 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
    [2009/10/18 05:55:33 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
    [2009/10/18 05:55:33 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
    [2009/10/01 07:50:51 | 000,029,752 | ---- | C] () -- C:\Windows\SysWow64\InstHelper.dll
    [2009/09/16 18:27:06 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
    [2009/09/13 10:09:56 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
    [2009/09/09 21:03:38 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\epoPGPsdk.dll.sig
    [2009/08/18 18:25:15 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/08/18 18:24:46 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/04/19 21:35:56 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2009/03/27 23:36:06 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
    [2009/03/26 22:16:26 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/03/24 20:23:47 | 000,424,208 | ---- | C] () -- C:\Users\Mark\AppData\Local\dd_vcredistMSI13CE.txt
    [2009/03/24 20:23:47 | 000,012,154 | ---- | C] () -- C:\Users\Mark\AppData\Local\dd_vcredistUI13CE.txt
    [2009/03/21 15:19:29 | 000,010,024 | ---- | C] () -- C:\Windows\SysWow64\drivers\Hmonitor.sys
    [2009/03/17 19:11:08 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
    [2009/03/17 16:57:52 | 000,000,606 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/03/16 00:56:01 | 000,079,872 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/15 23:20:17 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2009/03/15 23:20:17 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2009/03/15 22:52:33 | 000,032,844 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2009/03/15 22:52:03 | 000,032,232 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2009/03/15 22:50:50 | 000,000,732 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps64.dat
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
    [2008/09/17 13:36:22 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
    [2008/09/17 13:36:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
    [2008/09/17 13:36:20 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
    [2008/09/17 13:36:20 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Ogg.dll
    [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2007/12/28 03:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
    [2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
    [2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
    [2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/03/31 20:20:36 | 000,000,022 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/03/15 14:41:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/08/14 19:37:34 | 2137,120,767 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/08/14 19:37:13 | 2450,702,335 | -HS- | M] () -- C:\pagefile.sys
    [2009/03/15 23:13:07 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
    [2009/03/15 23:23:50 | 000,000,057 | ---- | M] () -- C:\splash.idx
    [2008/11/18 10:25:20 | 000,005,632 | -H-- | M] () -- C:\version

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/08/26 07:14:56 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/03/29 19:03:16 | 006,610,097 | ---- | M] () -- C:\Windows\AMD_Stra.scr
    [2010/07/01 13:26:58 | 000,828,160 | ---- | M] (Space Sciences Laboratory) -- C:\Windows\boinc.scr
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
    < End of report >

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Please post Extras.txt file contents too.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Still there?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •