TechSpot

8 Steps Finished

By turbokat
Nov 12, 2010
  1. ok got them done:

    Malware Bytes found no infected files, so posting log seems pointless I think

    GMER:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-12 10:46:55
    Windows 6.0.6002 Service Pack 2
    Running: vnh46j5s.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0E 0x0A 0xBA 0x73 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8A 0x7F 0xC2 0x08 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFC 0xFC 0x44 0xB2 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x34 0x84 0x2E 0x7D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8A 0x7F 0xC2 0x08 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFC 0xFC 0x44 0xB2 ...

    ---- EOF - GMER 1.0.15 ----



    DDS


    DDS (Ver_10-11-10.01) - NTFS_AMD64
    Run by Jillian at 10:48:21.06 on 12/11/2010
    Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.4028.2396 [GMT -5:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Desktop Calendar\Desktop Calendar.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SysWOW64\rpcnet.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\conime.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Jillian\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://sympatico.msn.ca/default.aspx?lang=en-ca
    uDefault_Page_URL = hxxp://sympatico.msn.ca/default.aspx?lang=en-ca
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    TB: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    uRun: [Desktop Calendar] C:\Program Files (x86)\Desktop Calendar\Desktop Calendar.exe
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [BatteryCare] "C:\Program Files (x86)\BatteryCare\BatteryCare.exe"
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [LoJackForLaptops] C:\Program Files (x86)\LFLInstall\InstallManager.exe /d60 /dd1 /bd0
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
    mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    StartupFolder: C:\Users\Jillian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://games.bigfishgames.com/en_chocolatier/online/ChocolatierWeb.1.0.0.13.cab
    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://aolsvc.aol.com/onlinegames/luxor/mjolauncher.cab
    DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://games.bigfishgames.com/en_chocolatier-2-secret-ingredients/online/Chocolatier2Web.1.0.0.10.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101102215131.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Jillian\AppData\Roaming\Mozilla\Firefox\Profiles\61eiwow8.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - google.ca
    FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?sid=60399&cuid=&userid=43584715&q=
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - component: C:\Users\Jillian\AppData\Roaming\Mozilla\Firefox\Profiles\61eiwow8.default\extensions\{091dc955-8128-4a3d-bd56-88e400cc28c6}\components\Engine.dll
    FF - component: C:\Users\Jillian\AppData\Roaming\Mozilla\Firefox\Profiles\61eiwow8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: C:\Users\Jillian\AppData\Roaming\Mozilla\Firefox\Profiles\61eiwow8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Jillian\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\Jillian\AppData\Roaming\Mozilla\Firefox\Profiles\61eiwow8.default\extensions\activegs@freetoolsassociation.com\platform\WINNT_x86-msvc\plugins\npActiveGS.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-11-7 69152]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-7-9 529128]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-7-9 55856]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-11-12 121936]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-8-16 75032]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-8-16 283360]
    R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-7-9 89600]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-11-12 20048]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-11-12 61008]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-12 40384]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-16 355440]
    R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-16 355440]
    R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-16 355440]
    R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-16 200056]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-16 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-16 149032]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-8 1153368]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-8-16 62800]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-7-9 160704]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-9 126464]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-7-9 252928]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-7-9 190136]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-8-16 441328]
    R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\System32\drivers\OA008Ufd.sys [2009-3-6 159840]
    R3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\System32\drivers\OA008Vid.sys [2009-5-6 313696]
    S2 0216711289552428mcinstcleanup;McAfee Application Installer Cleanup (0216711289552428);C:\Windows\TEMP\021671~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\021671~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-24 135664]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 1375992]
    S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-12 40384]
    S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-12 40384]
    S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 17440]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\System32\drivers\mfebopk.sys [2009-7-9 41032]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-8-16 94864]
    S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-7-9 40904]
    S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-7-9 49480]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 qcusbser;ACER Android USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\qcusbser.sys [2009-8-14 120960]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [2008-7-26 14544]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-11-7 89920]

    =============== File Associations ===============

    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

    =============== Created Last 30 ================

    2010-11-12 06:09:01 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2010-11-12 06:08:09 38848 ----a-w- C:\Windows\avastSS.scr
    2010-11-12 06:03:29 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
    2010-11-12 06:03:29 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
    2010-11-10 04:24:30 -------- d-----w- C:\Program Files\Perfect Uninstaller
    2010-11-09 05:07:14 388096 ----a-r- C:\Users\Jillian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-11-08 06:37:30 -------- d-----w- C:\Users\Jillian\DoctorWeb
    2010-11-08 05:33:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2010-11-08 00:54:16 -------- d-----w- C:\DivX Movies
    2010-11-07 23:57:24 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2010-11-07 23:54:20 -------- dc-h--w- C:\PROGRA~3\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    2010-11-07 23:45:36 -------- d-----w- C:\Program Files\Windows Portable Devices
    2010-11-07 23:45:36 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
    2010-11-07 23:25:46 167424 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
    2010-11-07 23:24:26 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
    2010-11-07 23:24:25 736256 ----a-w- C:\Windows\System32\UIAutomationCore.dll
    2010-11-07 23:24:25 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
    2010-11-07 23:24:25 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
    2010-11-07 23:24:25 315904 ----a-w- C:\Windows\System32\oleacc.dll
    2010-11-07 23:24:25 234496 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2010-11-07 23:24:05 754688 ----a-w- C:\Windows\SysWow64\webservices.dll
    2010-11-07 23:24:05 1103872 ----a-w- C:\Windows\System32\webservices.dll
    2010-11-07 23:17:00 -------- d-----w- C:\Users\Jillian\{23196ab2-c9c6-44d9-a74d-10d1b2846171}
    2010-11-07 16:37:52 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
    2010-11-07 16:37:52 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
    2010-11-07 16:37:51 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
    2010-11-07 16:37:51 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
    2010-11-07 16:37:51 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
    2010-11-07 16:37:50 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
    2010-11-07 16:14:38 1927680 ----a-w- C:\Windows\System32\gameux.dll
    2010-11-07 16:14:38 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
    2010-11-07 16:14:36 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
    2010-11-07 16:14:36 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
    2010-11-07 16:14:36 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
    2010-11-07 16:14:35 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
    2010-11-07 16:06:27 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
    2010-11-07 15:38:51 -------- d-----w- C:\Windows\SysWow64\vi-VN
    2010-11-07 15:38:51 -------- d-----w- C:\Windows\SysWow64\eu-ES
    2010-11-07 15:38:51 -------- d-----w- C:\Windows\SysWow64\ca-ES
    2010-11-07 15:38:51 -------- d-----w- C:\Windows\System32\eu-ES
    2010-11-07 15:38:51 -------- d-----w- C:\Windows\System32\ca-ES
    2010-11-07 15:38:50 -------- d-----w- C:\Windows\System32\vi-VN
    2010-11-07 07:21:33 3584 ----a-w- C:\Windows\System32\drivers\en-US\hdaudbus.sys.mui
    2010-11-07 07:21:11 56320 ----a-w- C:\Windows\System32\compcln.exe
    2010-11-07 07:21:03 7680 ----a-w- C:\Windows\System32\drivers\en-US\bthport.sys.mui
    2010-11-07 07:20:24 946688 ----a-w- C:\Windows\System32\scavenge.dll
    2010-11-07 07:17:55 166400 ----a-w- C:\Windows\SysWow64\puiapi.dll
    2010-11-07 07:16:58 52224 ----a-w- C:\Windows\System32\cmmon32.exe
    2010-11-07 07:15:59 269288 ----a-w- C:\Windows\System32\drivers\volsnap.sys
    2010-11-07 07:15:56 1433600 ----a-w- C:\Windows\System32\VSSVC.exe
    2010-11-07 07:15:55 372736 ----a-w- C:\Windows\System32\w32time.dll
    2010-11-07 07:15:43 67048 ----a-w- C:\Windows\System32\drivers\volmgr.sys
    2010-11-07 07:15:43 408024 ----a-w- C:\Windows\System32\drivers\volmgrx.sys
    2010-11-07 06:59:41 -------- d-----w- C:\b87506e471afb999cf
    2010-11-07 04:56:22 -------- d-----w- C:\Windows\Paradise Beach 2 - Around the World
    2010-11-07 04:56:22 -------- d-----w- C:\Program Files (x86)\Paradise Beach 2 - Around the World
    2010-11-07 04:55:56 -------- d-----w- C:\Windows\SysWow64\2053
    2010-11-03 19:48:40 -------- d-----w- C:\Users\Jillian\AppData\Local\Absolute_Software
    2010-11-01 16:53:02 -------- d-----w- C:\Windows\System32\EventProviders
    2010-11-01 16:08:05 -------- d-----w- C:\Users\Jillian\AppData\Local\Sunbelt Software
    2010-11-01 04:20:31 -------- d-----w- C:\Program Files (x86)\Absolute Software
    2010-11-01 04:20:11 29184 ----a-w- C:\Windows\SysWow64\CtLoJack.dll
    2010-10-30 20:43:28 78768 ----a-w- C:\Windows\SysWow64\AbtSvcHost_.exe
    2010-10-29 02:14:37 -------- d-----w- C:\Program Files (x86)\TuneUpMedia
    2010-10-29 02:14:31 -------- d-----w- C:\Users\Jillian\AppData\Roaming\TuneUpMedia
    2010-10-29 02:14:18 -------- d-----w- C:\PROGRA~3\TuneUpMedia
    2010-10-29 02:14:00 -------- d-----w- C:\Users\Jillian\AppData\Roaming\FrostWire
    2010-10-29 02:13:56 -------- d-----w- C:\Users\Jillian\AppData\Local\OpenCandy
    2010-10-29 02:13:54 -------- d-----w- C:\Users\Jillian\AppData\Roaming\OpenCandy
    2010-10-29 02:13:40 -------- d-----w- C:\Program Files (x86)\FrostWire
    2010-10-20 16:12:14 -------- d-----w- C:\Users\Jillian\AppData\Roaming\Mobipocket
    2010-10-20 16:03:19 240944 ----a-w- C:\Windows\SysWow64\RICHED.DLL
    2010-10-20 16:03:19 212240 ----a-w- C:\Windows\SysWow64\RICHTX32.OCX
    2010-10-18 17:24:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-18 17:24:19 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-18 17:22:52 621568 ----a-w- C:\Windows\System32\usp10.dll
    2010-10-18 17:22:52 502272 ----a-w- C:\Windows\SysWow64\usp10.dll
    2010-10-18 17:22:29 171008 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2010-10-18 17:22:29 168960 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2010-10-18 17:22:26 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-10-18 17:22:26 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-10-18 17:14:04 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-10-18 17:14:04 1090048 ----a-w- C:\Windows\System32\wmpmde.dll

    ==================== Find3M ====================

    2010-11-12 14:53:02 57752 ----a-w- C:\Windows\SysWow64\rpcnet.dll
    2010-11-03 15:51:40 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2010-10-14 02:28:54 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2010-10-14 02:28:54 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2010-10-14 02:28:54 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2010-10-14 02:28:54 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2010-10-14 02:28:54 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2010-10-14 02:28:54 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2010-10-14 02:28:54 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2010-10-14 02:28:54 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2010-10-14 02:28:54 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2010-09-15 08:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
    2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
    2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
    2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
    2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
    2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
    2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
    2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-31 15:46:37 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 15:46:37 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-26 17:46:52 189952 ----a-w- C:\Windows\System32\t2embed.dll
    2010-08-26 17:40:08 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2010-08-26 17:40:07 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-08-26 17:40:07 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2010-08-26 16:37:45 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-08-26 16:33:06 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33:04 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2010-08-26 16:33:04 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2010-08-26 00:45:04 161304 ----a-w- C:\Windows\System32\igfxtray.exe
    2010-08-26 00:45:00 508952 ----a-w- C:\Windows\System32\igfxsrvc.exe
    2010-08-26 00:45:00 415256 ----a-w- C:\Windows\System32\igfxpers.exe
    2010-08-26 00:44:56 223768 ----a-w- C:\Windows\System32\igfxext.exe
    2010-08-26 00:44:54 386584 ----a-w- C:\Windows\System32\hkcmd.exe
    2010-08-26 00:44:52 3156504 ----a-w- C:\Windows\System32\GfxUI.exe
    2010-08-26 00:44:48 152600 ----a-w- C:\Windows\System32\difx64.exe
    2010-08-26 00:40:48 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2202.dll
    2010-08-26 00:36:04 10611552 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
    2010-08-26 00:36:02 6547968 ----a-w- C:\Windows\System32\igdumd64.dll
    2010-08-26 00:31:30 4967424 ----a-w- C:\Windows\SysWow64\igdumd32.dll
    2010-08-26 00:28:22 571904 ----a-w- C:\Windows\SysWow64\igdumdx32.dll
    2010-08-26 00:26:32 4720128 ----a-w- C:\Windows\System32\igd10umd64.dll
    2010-08-26 00:23:14 4411904 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
    2010-08-26 00:17:38 15032832 ----a-w- C:\Windows\System32\ig4icd64.dll
    2010-08-26 00:09:34 11040256 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
    2010-08-26 00:04:48 380416 ----a-w- C:\Windows\System32\igfxTMM.dll
    2010-08-26 00:04:48 243200 ----a-w- C:\Windows\System32\igfxpph.dll
    2010-08-26 00:04:40 27648 ----a-w- C:\Windows\System32\igfxexps.dll
    2010-08-26 00:04:28 61952 ----a-w- C:\Windows\System32\igfxsrvc.dll
    2010-08-26 00:04:00 108032 ----a-w- C:\Windows\System32\hccutils.dll
    2010-08-26 00:03:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
    2010-08-26 00:03:50 271360 ----a-w- C:\Windows\System32\igfxdev.dll
    2010-08-26 00:03:50 119808 ----a-w- C:\Windows\System32\gfxSrvc.dll
    2010-08-26 00:03:24 87552 ----a-w- C:\Windows\System32\igfxrenu.lrc
    2010-08-26 00:03:18 830464 ----a-w- C:\Windows\System32\igfxress.dll
    2010-08-26 00:03:18 142336 ----a-w- C:\Windows\System32\igfxdo.dll
    2010-08-26 00:00:00 23552 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
    2010-08-25 23:59:06 228864 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
    2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe

    ============= FINISH: 10:50:11.65 ===============


    Attach:


    ==== Installed Programs ======================


    Absolute Notifier
    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9.4.0
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Advanced Audio FX Engine
    Akamai NetSession Interface
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    µTorrent
    avast! Free Antivirus
    BatteryCare
    BufferChm
    CCleaner
    CDisplay 1.8
    Compatibility Pack for the 2007 Office system
    Copy
    CopyPod (remove only)
    CopyTrans Suite Remove Only
    CustomerResearchQFolder
    DAEMON Tools Toolbar
    DC++ 0.761
    Dell Getting Started Guide
    Dell Video Chat
    Dell Webcam Central
    Desktop Calendar 0.43b
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    DJ_AIO_03_F4200_ProductContext
    DJ_AIO_03_F4200_Software
    DJ_AIO_03_F4200_Software_Min
    EA Download Manager
    EA Download Manager UI
    eSupportQFolder
    F4200
    F4200_Help
    Facebook Plug-In
    FrostWire 4.21.1
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist 8.0.0.514
    GPBaseService
    HiJackThis
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Photosmart Essential 2.5
    HP Update
    HPProductAssistant
    HPSSupply
    ImTOO iPod Computer Transfer
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    Live! Cam Avatar Creator
    Magic ISO Maker v5.5 (build 0281)
    Malwarebytes' Anti-Malware
    MarketResearch
    McAfee Security Scan Plus
    McAfee SecurityCenter
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Mobipocket Reader 6.2
    Mozilla Firefox (3.6.12)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Security Scan
    NVIDIA PhysX
    OpenOffice.org 3.1
    Pando Media Booster
    PDF Settings
    PowerDVD DX
    Prankhouse
    Project64 1.6
    PSSWCORE
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    SD Formatter
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 4.2
    SmartWebPrintingOC
    SolutionCenter
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Status
    Sympatico / MSN Toolbar
    The Sims™ 3
    Theme Park World Fix
    Toolbox
    TrayApp
    TS3 Install Helper Monkey
    TuneUp Companion 1.9.0
    UnloadSupport
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2443839)
    VC80CRTRedist - 8.0.50727.4053
    VideoToolkit01
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.3
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Mail
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver

    ==== End Of File ===========================
     
  2. turbokat

    turbokat TS Rookie Topic Starter

    Oh i didn't actually give any details on the issues I am currently having with my computer, there are many..

    -can't save any word, powerpoint, excel documents etc. (also have openoffice on my computer and those programs won't save anythin either)
    -can't install many things, and if they do install it will not create any shortcuts for either my desktop or my start panel
    -many programs I try to open (dell webcam, skype) just bring up a screen that says 'X' has stopped working, windows is checking for a solution to the problem
    -Ad-aware is stuck at the loading screen
    -I'm sure there's more issues but thats a start
     
  3. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.

    ===================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  4. turbokat

    turbokat TS Rookie Topic Starter

    can't install superantispyware because it couldnt create shortcuts

    all it says is "error creating shortcuts, aborting installation." then it closes

    MBR Check:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Studio 1555
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 159):
    0x02407000 \SystemRoot\system32\ntoskrnl.exe
    0x0291E000 \SystemRoot\system32\hal.dll
    0x00609000 \SystemRoot\system32\kdcom.dll
    0x00613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x0064E000 \SystemRoot\system32\PSHED.dll
    0x00662000 \SystemRoot\system32\CLFS.SYS
    0x006BF000 \SystemRoot\system32\CI.dll
    0x0080D000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E7000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00A00000 \SystemRoot\System32\Drivers\spmr.sys
    0x00B26000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x00B2F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x00B5D000 \SystemRoot\system32\drivers\acpi.sys
    0x00BB3000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00BBD000 \SystemRoot\system32\drivers\pci.sys
    0x008F5000 \SystemRoot\System32\drivers\partmgr.sys
    0x00BED000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00BF1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x0090A000 \SystemRoot\system32\drivers\volmgr.sys
    0x0091E000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00984000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00997000 \SystemRoot\system32\drivers\atapi.sys
    0x0099F000 \SystemRoot\system32\drivers\ataport.SYS
    0x009C3000 \SystemRoot\system32\drivers\msahci.sys
    0x009CD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00771000 \SystemRoot\system32\drivers\fltmgr.sys
    0x009DD000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00C03000 \SystemRoot\system32\drivers\mfehidk.sys
    0x00C82000 \SystemRoot\system32\DRIVERS\Lbd.sys
    0x00C97000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x00CA4000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00E06000 \SystemRoot\system32\drivers\ndis.sys
    0x00D2B000 \SystemRoot\system32\drivers\msrpc.sys
    0x00D7B000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01007000 \SystemRoot\System32\drivers\tcpip.sys
    0x0117D000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0120D000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0138D000 \SystemRoot\system32\drivers\volsnap.sys
    0x013D1000 \SystemRoot\System32\Drivers\spldr.sys
    0x013D9000 \SystemRoot\System32\Drivers\mup.sys
    0x011A9000 \SystemRoot\System32\drivers\ecache.sys
    0x013EB000 \SystemRoot\system32\drivers\disk.sys
    0x00FC9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
    0x00DD4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x00FF5000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x02401000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x02E20000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x02F03000 \SystemRoot\System32\drivers\watchdog.sys
    0x02F13000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x02F1F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02F65000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03005000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03202000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
    0x0337A000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
    0x033BD000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x033CF000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x033DF000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x030F2000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
    0x03107000 \SystemRoot\system32\DRIVERS\rimspx64.sys
    0x0311E000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
    0x03175000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x0318B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03199000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x03200000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x031DF000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x02F76000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02F92000 \SystemRoot\System32\Drivers\aoaamzuz.SYS
    0x031EB000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02FD7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x03000000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x007B8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x03409000 \SystemRoot\system32\DRIVERS\storport.sys
    0x03466000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03473000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03496000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x034A2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x034D3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x034E3000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03501000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03519000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x0352C000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0352E000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03562000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x0356D000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0357D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x035C5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0400A000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x04083000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x040BE000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x040E1000 \SystemRoot\system32\drivers\ksthunk.sys
    0x040E7000 \SystemRoot\system32\drivers\IntcHdmi.sys
    0x0410B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x04115000 \SystemRoot\System32\Drivers\Null.SYS
    0x0411E000 \SystemRoot\System32\drivers\vga.sys
    0x0412C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x04151000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x0416D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x04176000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0417F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0418A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0419B000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x041A4000 \SystemRoot\system32\drivers\mfewfpk.sys
    0x035D9000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0420F000 \SystemRoot\system32\DRIVERS\OA008Vid.sys
    0x0425C000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x0426C000 \SystemRoot\system32\DRIVERS\OA008Ufd.sys
    0x04294000 \SystemRoot\system32\DRIVERS\smb.sys
    0x042AF000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
    0x042D7000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x0431B000 \SystemRoot\system32\drivers\afd.sys
    0x04386000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x04390000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x043AE000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
    0x043BF000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x043CE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x0460F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0465C000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x04668000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04685000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x046A8000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x046D5000 \SystemRoot\system32\drivers\mfefirek.sys
    0x0473F000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0474D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x04759000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x000E0000 \SystemRoot\System32\win32k.sys
    0x04763000 \SystemRoot\System32\drivers\Dxapi.sys
    0x004B0000 \SystemRoot\System32\TSDDD.dll
    0x006D0000 \SystemRoot\System32\cdd.dll
    0x00820000 \SystemRoot\System32\ATMFD.DLL
    0x04782000 \SystemRoot\system32\drivers\luafv.sys
    0x047A4000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x047DE000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x15A0A000 \SystemRoot\system32\drivers\spsys.sys
    0x15AA4000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x15AB8000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x15AEC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x15AF7000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x15B0F000 \SystemRoot\system32\drivers\HTTP.sys
    0x15BB2000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x15BDB000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02FE0000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x011D5000 \SystemRoot\system32\drivers\mrxdav.sys
    0x1620A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x16233000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x1627C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x1629B000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x162CD000 \SystemRoot\System32\DRIVERS\srv.sys
    0x17005000 \SystemRoot\system32\drivers\peauth.sys
    0x170BB000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x170F0000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x170FB000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x17138000 \SystemRoot\system32\drivers\BCM42RLY.sys
    0x1715D000 \SystemRoot\system32\drivers\cfwids.sys
    0x1716B000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x171B6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x1710B000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x17141000 \SystemRoot\system32\drivers\mfeapfk.sys
    0x76F90000 \Windows\System32\ntdll.dll

    Processes (total 84):
    0 System Idle Process
    4 System
    596 C:\Windows\System32\smss.exe
    672 csrss.exe
    708 C:\Windows\System32\wininit.exe
    728 csrss.exe
    764 C:\Windows\System32\services.exe
    784 C:\Windows\System32\lsass.exe
    792 C:\Windows\System32\lsm.exe
    860 C:\Windows\System32\winlogon.exe
    976 C:\Windows\System32\svchost.exe
    340 C:\Windows\System32\svchost.exe
    680 C:\Windows\System32\svchost.exe
    756 C:\Windows\System32\svchost.exe
    224 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
    1104 C:\Windows\System32\audiodg.exe
    1132 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\SLsvc.exe
    1180 C:\Windows\System32\svchost.exe
    1292 C:\Program Files\Dell\DellDock\DockLogin.exe
    1416 C:\Windows\System32\svchost.exe
    1604 C:\Windows\System32\WLTRYSVC.EXE
    1616 C:\Windows\System32\BCMWLTRY.EXE
    1624 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    2040 C:\Windows\System32\dwm.exe
    1368 C:\Windows\explorer.exe
    652 C:\Windows\System32\spoolsv.exe
    2000 C:\Windows\System32\taskeng.exe
    1216 C:\Windows\System32\svchost.exe
    2124 C:\Windows\System32\taskeng.exe
    2136 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    2504 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2536 C:\Windows\System32\WLTRAY.EXE
    2552 C:\Program Files\Dell\QuickSet\quickset.exe
    2560 C:\Program Files\IDT\WDM\sttray64.exe
    2576 C:\Windows\System32\hkcmd.exe
    2584 C:\Windows\System32\igfxpers.exe
    2600 C:\Program Files (x86)\Desktop Calendar\Desktop Calendar.exe
    2608 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    2656 C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
    2812 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
    2824 C:\Windows\SysWOW64\svchost.exe
    2860 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2872 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2916 C:\Windows\SysWOW64\svchost.exe
    2964 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    3056 C:\Windows\System32\svchost.exe
    3068 C:\Windows\SysWOW64\rpcnet.exe
    2572 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1704 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    2016 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    2836 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    2852 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    916 C:\Program Files\McAfee.com\Agent\mcagent.exe
    1284 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2248 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    716 C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
    528 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    2444 C:\Windows\System32\igfxsrvc.exe
    2704 C:\Windows\System32\svchost.exe
    3148 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    3216 C:\Program Files\Dell\DellDock\DellDock.exe
    3236 C:\Windows\System32\svchost.exe
    3356 C:\Windows\System32\SearchIndexer.exe
    3484 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    3588 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    3664 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    3748 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2348 WmiPrvSE.exe
    4332 C:\Windows\SysWOW64\conime.exe
    4128 C:\Windows\System32\wbem\unsecapp.exe
    2084 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    568 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5300 C:\Windows\splwow64.exe
    5072 C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
    5788 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    5312 C:\Program Files (x86)\OpenOffice.org 3\program\simpress.exe
    4120 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    4956 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    5196 C:\Program Files (x86)\Skype\Phone\Skype.exe
    3956 C:\Windows\System32\SearchProtocolHost.exe
    5356 C:\Windows\System32\SearchFilterHost.exe
    1300 C:\Users\Jillian\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD2500BEVT-75ZCT2, Rev: 11.01A11

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
    SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


    Done!
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I'm not sure, if we're dealing with any infection here, but let's take another look...

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  6. turbokat

    turbokat TS Rookie Topic Starter

    well when the issue first started occuring I did a malware bytes scan and it found 6 things, i'll post that log. And OTL won't open it says OTL has stopped working. and it does a little scan to find out why its not working and it says

    "Files that help describe the problem:
    C:\Users\Jillian\AppData\Local\Temp\WER4CB5.tmp.version.txt
    C:\Users\Jillian\AppData\Local\Temp\WER5F2D.tmp.appcompat.txt
    C:\Users\Jillian\AppData\Local\Temp\WER6FD0.tmp.mdmp

    so I don't know if maybe i got rid of the virus, and something else is just corrupt within my computer. Is it possible I will have to go to a store or something to get it fixed?


    Ok and just went to go search for the malwarebytes log, and obviously it didn't save it, cause nothing it saving on my computer currently -__- thanks so much for your time even if it doesn't end up being a virus, probably just have to end up reformatting or something. Let me know though if you can think of anything else I could do to check if its a virus?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  8. turbokat

    turbokat TS Rookie Topic Starter

    Ok I found a CD and installed the reatogo thing on to it, and when I restarted my computer and go into setup it doesn't recognize that there is even a CD in my drive. Am I doing something wrong? or is there seriously something wrong with my computer
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, read the "Note" from in my previous reply.
    You may need to set your computer to boot from the CD.
     
  10. turbokat

    turbokat TS Rookie Topic Starter

    Yeah I went into the boot menu and all.

    but its ok, called dell and apparently my hard drive is corrupt or something so getting that replaced in a couple of days

    Thank you for all of your help :)
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Aha...thanks for letting me know :)

    Good luck :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...