More problems...

Resolved
By Mazrim
Mar 28, 2011
Topic Status:
Not open for further replies.
  1. So I just got a hand here in this forum about my desktop system that got infected with a virus. Well, somehow, it's acting funny again.

    I have gone to the following websites: iupui.edu (indiana/purdue university); supergiant games.com; crate entertainment.com (for the game "Grim Dawn", from the makers of Titan Quest); and aeriagames.com (for Shin Megami Tensei Online).

    This morning, I decided to scan the system using Avira. Last nigh, I had emptied my temp files using TFC, and had scanned the system using mbam. Everything was clean it appeared.

    Now, however, anytime I bring up Firefox, a web page comes up, but nothing loads. I can't go to any websites, either. It's almost like I'm being hit with a Dos.

    This is getting retarded: I'm half tempted to reformat, but I really can't lose the work I've done for this semester.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    Edit: Broni had your system all cleaned up 5 days ago!. If you can't download now, use a flash drive for download, install on problem system.

    About that hard reset: Instead of doing that, use the Event Viewer to see what's hanging. For instance> my laptop was closed but I heard the drive running. I open the latop and saw message that print spooler was hanging, preventing it from going into Stand By. Fixed that, next time worked fine.
  3. Mazrim

    Mazrim TechSpot Enthusiast Topic Starter Posts: 106

    Sorry I've been busy with exams this week. I can deal with my problem system most likely Saturday this week, if that's ok.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    That's good for me- have had internet problems. Post when ready! Good luck on exams!
  5. Mazrim

    Mazrim TechSpot Enthusiast Topic Starter Posts: 106

    Ok, so here's the deal: The system still hangs, but only during a specific circumstance. If I ever have to soft reboot (i.e.: Windows Update, etc), there's absolutely no problem, system boots right away.

    It's when I turn it on for the 1st time for the day after I've had it turned off for the night where it hangs, or in other words, after a full system shut down, upon powering back up, the system hangs until I hit the reset button, then all is well.

    Also, when gaming, at random times the system will blue screen. Drivers for the video card are up to date.

    I took a look at the event logs for my system, but didn't see anything outside the blue screen error (looked in the error files and only saw the system stop for a gupdate error which I assume the "g" stands for graphics).

    I will run through the cleaning steps again and post my new results as soon as I can, but am afraid that turning my Avira off will allow a worm it detected (which I think is a false positive because it's detecting my photo shop pro studio software as the Kolbac.ixm worm, but seeing as my other system got trashed BY a worm, I'm not too trusting right now). The BIGGER problem is that my girlfriend clicked on "restore object" after seeing the file path and file scanned before I could say anything (like "STOP!"). :(

    If you have any ideas in light of these issues, please let me know. I'll wait for a reply before tearing back into my system. I just don't want to let something loose on accident.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You don't have to turn Avira off to run the preliminary steps, which is where we should start. I can't do anything until I see those logs.
  7. Mazrim

    Mazrim TechSpot Enthusiast Topic Starter Posts: 106

    Sorry for the delay, please give me a bit more time to go re-do the 8 steps and post the logs. Things at home at the moment are chaotic, so I won't have much time during the week to get things done.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    No problem! I have been running behind also. Post the logs when ready.
  9. Mazrim

    Mazrim TechSpot Enthusiast Topic Starter Posts: 106

    Ok sorry I took so long since posting this: Between final exams, professors at IU botching grades, and looking for a summer job in my field of study, things got out of hand.

    I will run the steps again and post them by Tuesday. There's a new development in that my system now resets at random, especially when playing any games (my sons showed me this while playing Vindictus). So as I was scanning for spyware earlier, it reset again while in mid-scan. I really cant afford another PSU (I hope that's not the problem), seeing as they run a king's ransom for a quality unit.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Goodness! After all that, returning to the malware forum should be welcomed! If you downloaded the programs earlier, be sure to update before running.

    Post logs when ready. We'll see what shows up and if the reboot are related. If they are happening during gaming, it could be a RAM issue. Be sure to reboot occasionally to free up the RAM and don't have other active Windows open when gaming.
  11. Mazrim

    Mazrim TechSpot Enthusiast Topic Starter Posts: 106

    Ok, sorry I didnt get it up Tuesday. We had bad storms blow through so I thought it'd be safer to have the system unplugged. Here we go:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6684

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/26/2011 10:55:17 AM
    mbam-log-2011-05-26 (10-55-17).txt

    Scan type: Quick scan
    Objects scanned: 208480
    Time elapsed: 2 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-26 13:35:02
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD6400AAKS-00E4A0 rev.05.01D05
    Running: ihkt1ftz.exe; Driver: C:\DOCUME~1\ED1EBC~1.KID\LOCALS~1\Temp\pxtdqpoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT BA7C78DE ZwCreateKey
    SSDT BA7C78D4 ZwCreateThread
    SSDT BA7C78E3 ZwDeleteKey
    SSDT BA7C78ED ZwDeleteValueKey
    SSDT BA7C78F2 ZwLoadKey
    SSDT BA7C78C0 ZwOpenProcess
    SSDT BA7C78C5 ZwOpenThread
    SSDT BA7C78FC ZwReplaceKey
    SSDT BA7C78F7 ZwRestoreKey
    SSDT BA7C78E8 ZwSetValueKey

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2FC0 8050485C 4 Bytes CALL 990AC4D9
    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB50D1000, 0x2A1A98, 0xE8000020]
    init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xA8CD6280]
    ? C:\WINDOWS\system32\drivers\EagleNT.sys The system cannot find the file specified. !

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Ed at 13:42:16 on 2011-05-26
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2663 [GMT -4:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\dlcdcoms.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Ed.KIDS\Desktop\dds.scr
    C:\WINDOWS\system32\WSCRIPT.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
    mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe"
    mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\ed.kids\application data\mozilla\firefox\profiles\jnvd4nmb.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - component: c:\documents and settings\ed.kids\application data\mozilla\firefox\profiles\jnvd4nmb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\ed.kids\application data\mozilla\firefox\profiles\jnvd4nmb.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\documents and settings\all users.windows\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\all users.windows\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-18 11608]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-18 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-18 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-18 61960]
    R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2010-12-18 22016]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
    R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-18 1374464]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-10 136176]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-10 136176]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-3-25 14856]
    S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2010-12-18 25984]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2010-12-18 17408]
    S3 XDva383;XDva383;\??\c:\windows\system32\xdva383.sys --> c:\windows\system32\XDva383.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-22 15:45:49 -------- d-----w- c:\program files\AMD APP
    2011-05-18 20:07:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-03 03:53:48 -------- d-----w- c:\program files\common files\HP
    2011-05-03 03:52:58 267864 ----a-r- c:\windows\system32\hpzids01.dll
    2011-05-03 03:52:57 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
    2011-05-03 03:52:57 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
    2011-05-03 03:52:13 -------- d-----w- c:\program files\HP
    .
    ==================== Find3M ====================
    .
    2011-04-20 02:41:56 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2011-04-20 02:38:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2011-04-20 02:29:06 57344 ----a-w- c:\windows\system32\aticalrt.dll
    2011-04-20 02:29:00 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2011-04-20 02:24:20 5459968 ----a-w- c:\windows\system32\aticaldd.dll
    2011-04-20 02:14:04 17743872 ----a-w- c:\windows\system32\atioglxx.dll
    2011-04-20 02:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll
    2011-04-20 02:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll
    2011-04-20 02:04:00 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-04-20 02:02:58 302080 ----a-w- c:\windows\system32\ati2dvag.dll
    2011-04-20 02:01:50 4017408 ----a-w- c:\windows\system32\ati3duag.dll
    2011-04-20 01:55:20 1115008 ----a-w- c:\windows\system32\ativvamv.dll
    2011-04-20 01:45:06 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
    2011-04-20 01:44:34 212992 ----a-w- c:\windows\system32\atipdlxx.dll
    2011-04-20 01:44:22 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2011-04-20 01:44:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2011-04-20 01:44:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2011-04-20 01:43:54 188416 ----a-w- c:\windows\system32\ati2evxx.dll
    2011-04-20 01:42:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-04-20 01:41:22 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2011-04-20 01:40:08 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-04-20 01:36:24 651264 ----a-w- c:\windows\system32\atikvmag.dll
    2011-04-20 01:34:10 200704 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-04-20 01:33:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2011-04-20 01:30:48 503808 ----a-w- c:\windows\system32\atiok3x2.dll
    2011-04-20 01:28:32 851968 ----a-w- c:\windows\system32\ati2cqag.dll
    2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\atimpc32.dll
    2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\amdpcom32.dll
    2011-04-20 01:26:26 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-04-17 16:45:55 1259545769 ----a-w- c:\program files\ElswordInstaller-1a.bin
    2011-04-17 16:44:55 327392 ----a-w- c:\program files\ElswordInstaller.exe
    2011-03-21 23:56:06 51712 ----a-w- c:\windows\system32\OpenCL.dll
    2011-03-20 05:51:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-03-20 05:49:00 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 13:42:35.76 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/18/2010 9:40:00 AM
    System Uptime: 5/25/2011 4:12:31 PM (21 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A79XTD EVO
    Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 596 GiB total, 453.412 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Audio Device on High Definition Audio Bus
    Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&189B28C4&0&0001
    Manufacturer:
    Name: Audio Device on High Definition Audio Bus
    PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&189B28C4&0&0001
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_834E1043&REV_3C\3&267A616A&0&A0
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_834E1043&REV_3C\3&267A616A&0&A0
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    ABBYY FineReader 6.0 Sprint
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Akamai NetSession Interface
    AMD APP SDK Runtime
    Apple Application Support
    Apple Software Update
    ATI Catalyst Install Manager
    Avira AntiVir Personal - Free Antivirus
    Bandisoft MPEG-1 Decoder
    BufferChm
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    ccc-utility
    CCC Help English
    Cogs
    Conduit Engine
    CustomerResearchQFolder
    Dell Photo AIO Printer 944
    DeviceDiscovery
    DeviceManagementQFolder
    DFOLauncher
    Diagnostic Utility
    dj_sf_software
    dj_sf_software_req
    Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.04.801
    Elsword version 1.00
    Epic Adventures Cursed Onboard 1.00
    ESET Online Scanner v3
    eSupportQFolder
    Fiction Fixers The Curse of OZ 1.00
    Google Chrome
    Google Update Helper
    Half-Life 2
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Half-Life 2: Lost Coast
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 9.0
    HP Deskjet Printer Driver Software 9.0
    HP Imaging Device Functions 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Solution Center 9.0
    HP Update
    HPProductAssistant
    HPSSupply
    Jasc Paint Shop Photo Album 5
    Jasc Paint Shop Pro Studio, Dell Editon
    Mahjong Champ
    Mahjong Towers Eternity 1.00
    Malwarebytes' Anti-Malware
    MapleStory
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.17)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mysterious Adventures Bundle
    Nexon Game Manager
    Pando Media Booster
    PanoStandAlone
    Platform
    Portal
    PSSWCORE
    QuickTime
    Reading the Dead 1.00
    RIFT
    Runes of Magic
    RUSH
    Secunia PSI (2.0.0.3001)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Shin Megami Tensei: Imagine Online
    SolutionCenter
    SPORE™
    Spybot - Search & Destroy
    Status
    Steam
    Team Fortress 2
    The Stroke of Midnight and Guide
    Titan Quest
    Titan Quest Immortal Throne
    Toolbox
    Torchlight
    TQ Defiler.NET
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    uTorrentBar Toolbar
    Ventrilo Client
    VideoToolkit01
    Vindictus
    Virtual Villagers - New Believers Just For Fun Games
    WebFldrs XP
    WebReg
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows XP Service Pack 3
    WinRAR archiver
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/25/2011 4:12:50 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 485B39A7A92C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    5/22/2011 10:26:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    5/22/2011 10:26:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    5/22/2011 10:26:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    5/22/2011 10:26:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip
    5/22/2011 10:26:06 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    5/22/2011 10:26:06 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/22/2011 10:26:06 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/22/2011 10:26:06 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    5/22/2011 10:26:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    .
    ==== End Of File ===========================
     
  12. Mazrim

    Mazrim TechSpot Enthusiast Topic Starter Posts: 106

    That should be it, let me know how things look. :)
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Regarding this:
    This points to a probable application hang. This can be a legit process on the Start menu that isn't able to load due to a bad driver, corrupt file or other. Or it can be malware entry on the Startup menu that can't start because it either needs or 'wants' another process to be running. It is also possible that a Service can't start up because a Dependency isn't running. And occasionally, an app will hang on shutdown and not close down properly>>> you can check the App log in the Event Viewer> Look for Hanging App. Usually Event #1001/1002.

    And all gs don't stand for Graphics:
    This little jewel is the update for the Google Toolbar. Got it>>> gupdate=Google update! A big nuisance as far as I'm concerned! How often does a toolbar need to be updated?! But it takes patience and time to stop this one- it is very pushy and overrode everything I put in it's way to stop it! I don't do any auto-updates evept for the AV program.
    ==========================================
    I'd like you to run the Eset Online Virus scan:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =======================================
    Follow with Combofix:
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  14. Mazrim

    Mazrim TechSpot Enthusiast Topic Starter Posts: 106

    ESET does the same thing it always has: After scanning, it flashes information about the scan for 1/10th of a second, then goes to try and push you to buy the retail version. There's no option to go back to the scanner screen, and there are no other options available to see the scan info; nothing except "purchase", and "free 30 day trial". So from here out I will have to skip that step since it's essentially useless for me, seeing as ESET refuses to let me see the information I need and instead wants to coerce me to buy their products TO actually see the results. This occurs whether or not threats are found on the system.
  15. Mazrim

    Mazrim TechSpot Enthusiast Topic Starter Posts: 106

    ComboFix 11-05-27.01 - Ed 05/27/2011 19:51:23.3.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2650 [GMT -4:00]
    Running from: c:\documents and settings\Ed.KIDS\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\z.xml
    C:\install.exe
    c:\windows\system32\AutoRun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-27 04:01 . 2011-04-20 23:25 66520 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
    2011-05-27 04:01 . 2011-04-20 23:25 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
    2011-05-27 04:01 . 2011-04-20 23:25 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
    2011-05-27 04:00 . 2011-04-20 23:25 505816 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
    2011-05-27 04:00 . 2011-04-20 23:25 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
    2011-05-22 15:47 . 2011-05-22 15:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
    2011-05-22 15:45 . 2011-05-22 15:45 -------- d-----w- c:\program files\AMD APP
    2011-05-22 14:25 . 2011-05-22 14:25 -------- d-----w- c:\documents and settings\Administrator
    2011-05-18 20:07 . 2011-05-18 20:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-06 01:45 . 2011-05-06 01:45 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
    2011-05-03 03:54 . 2011-05-03 03:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP Product Assistant
    2011-05-03 03:54 . 2011-05-03 03:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP
    2011-05-03 03:53 . 2011-05-03 03:53 -------- d-----w- c:\program files\Common Files\HP
    2011-05-03 03:53 . 2011-05-03 03:53 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
    2011-05-03 03:53 . 2011-05-03 03:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Hewlett-Packard
    2011-05-03 03:52 . 2007-03-30 15:11 267864 ----a-r- c:\windows\system32\hpzids01.dll
    2011-05-03 03:52 . 2007-03-28 18:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
    2011-05-03 03:52 . 2007-03-28 17:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
    2011-05-03 03:52 . 2011-05-03 03:55 -------- d-----w- c:\program files\HP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-20 02:41 . 2010-12-19 01:07 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2011-04-20 02:38 . 2010-12-19 01:07 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2011-04-20 02:29 . 2010-12-19 01:07 57344 ----a-w- c:\windows\system32\aticalrt.dll
    2011-04-20 02:29 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2011-04-20 02:24 . 2010-12-19 01:07 5459968 ----a-w- c:\windows\system32\aticaldd.dll
    2011-04-20 02:14 . 2010-12-19 01:07 17743872 ----a-w- c:\windows\system32\atioglxx.dll
    2011-04-20 02:10 . 2011-04-20 02:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
    2011-04-20 02:10 . 2011-04-20 02:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
    2011-04-20 02:04 . 2010-12-19 01:07 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-04-20 02:02 . 2010-12-19 01:07 302080 ----a-w- c:\windows\system32\ati2dvag.dll
    2011-04-20 02:01 . 2010-12-19 01:07 4017408 ----a-w- c:\windows\system32\ati3duag.dll
    2011-04-20 01:55 . 2011-04-17 16:02 1115008 ----a-w- c:\windows\system32\ativvamv.dll
    2011-04-20 01:45 . 2010-12-19 01:07 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
    2011-04-20 01:44 . 2010-12-19 01:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
    2011-04-20 01:44 . 2010-12-19 01:07 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2011-04-20 01:44 . 2010-12-19 01:07 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2011-04-20 01:44 . 2010-12-19 01:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2011-04-20 01:43 . 2010-12-19 01:07 188416 ----a-w- c:\windows\system32\ati2evxx.dll
    2011-04-20 01:42 . 2010-12-19 01:07 643072 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-04-20 01:41 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2011-04-20 01:40 . 2010-12-19 01:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-04-20 01:36 . 2010-12-19 01:07 651264 ----a-w- c:\windows\system32\atikvmag.dll
    2011-04-20 01:34 . 2010-12-19 01:07 200704 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-04-20 01:33 . 2010-12-19 01:07 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2011-04-20 01:30 . 2010-12-19 01:07 503808 ----a-w- c:\windows\system32\atiok3x2.dll
    2011-04-20 01:28 . 2010-12-19 01:07 851968 ----a-w- c:\windows\system32\ati2cqag.dll
    2011-04-20 01:27 . 2010-12-19 01:07 64512 ----a-w- c:\windows\system32\atimpc32.dll
    2011-04-20 01:27 . 2010-12-19 01:07 64512 ----a-w- c:\windows\system32\amdpcom32.dll
    2011-04-20 01:26 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-04-17 16:45 . 2011-04-17 16:21 1259545769 ----a-w- c:\program files\ElswordInstaller-1a.bin
    2011-04-17 16:44 . 2011-04-17 16:21 327392 ----a-w- c:\program files\ElswordInstaller.exe
    2011-03-21 23:56 . 2011-03-21 23:56 51712 ----a-w- c:\windows\system32\OpenCL.dll
    2011-03-20 05:51 . 2011-03-20 05:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-03-20 05:49 . 2011-03-20 05:49 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
    2011-03-16 13:31 . 2010-12-18 16:36 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-07 05:33 . 2010-12-18 14:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 17:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\Steam\Steam.exe" [2010-12-19 1242448]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-05 33628160]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 98304]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632]
    "dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 430080]
    "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-06-27 282624]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
    .
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Runes of Magic\\Client.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
    "c:\\Nexon\\DFO\\DFO.exe"=
    "c:\\Nexon\\Vindictus\\en-US\\Vindictus.exe"=
    "c:\\Nexon\\Vindictus\\en-US\\NMService.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\cogs\\cogs.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\rush\\rush.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
    "c:\\Program Files\\Kill3rCombo\\Elsword\\data\\x2.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "57788:TCP"= 57788:TCP:pando Media Booster
    "57788:UDP"= 57788:UDP:pando Media Booster
    "56440:TCP"= 56440:TCP:pando Media Booster
    "56440:UDP"= 56440:UDP:pando Media Booster
    "3857:TCP"= 3857:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 AM 14336]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/18/2010 12:36 PM 136360]
    R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [12/18/2010 11:52 AM 22016]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 10:24 AM 993848]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 10:24 AM 399416]
    R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
    R3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/18/2010 11:48 AM 1374464]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2011 12:52 AM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2011 12:52 AM 136176]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [11/23/2009 5:37 PM 19720]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [3/25/2011 7:46 PM 14856]
    S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [12/18/2010 11:52 AM 25984]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [12/18/2010 11:52 AM 17408]
    S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 04:52]
    .
    2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 04:52]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-27 19:56
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
    DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1644491937-1326574676-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:13,1a,de,73,c8,29,0e,b1,5a,21,db,66,56,c3,fc,1e,99,59,1b,12,55,
    aa,bc,b6,40,79,1a,0a,c1,16,8f,a5,c0,3c,ba,73,39,40,dd,27,2b,3f,dc,17,97,00,\
    "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(720)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    Completion time: 2011-05-27 19:58:10
    ComboFix-quarantined-files.txt 2011-05-27 23:58
    .
    Pre-Run: 486,381,678,592 bytes free
    Post-Run: 486,433,632,256 bytes free
    .
    - - End Of File - - 68F7C8F83B0007A3B12E73A3FAF34473
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\system32\drivers\EagleXNt.sys
    FileLook::
    c:\windows\system32\dlcdcoms.exe -service
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}].
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}].
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    Driver::
    EagleXN
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Advise remove both of these extensions from Firefox:
    Conduit Engine
    uTorrentBar Community Toolbar


    Advise uninstall HackShield :A lot of gamers are getting errors related to this. IF you can do without it, best remove.
    ====================================================
    Please try this for the Eset scan. I haven't had anyone else report pressure to ourchase. If you do get it, just bypas and continue with the scan.
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
  17. Mazrim

    Mazrim TechSpot Enthusiast Topic Starter Posts: 106

    Getting ads BEFORE the scan isn't the problem. The problem is that when the scan completes, instead of going to a results panel, or options to view the results, I get only one window, which is an ad to buy their products. there are no buttons or commands to click on to view the results, nor are there any buttons to export any results found. And there's no way to bring up anything like that. It's just that one window, and nothing more.

    BTW Avira found another virus a minute before I posted this, Trokojan was the name of it. Im nearly at the point where reformatting this system is looking good because it seems that for every one malware I find, TEN take its place. My email now won't work properly: Outlook now hangs when checking for any new msgs.

    UPDATE: I found out someone was using my email as a bot, and my isp reset my PW. So I need to start all over again I guess from step 1, as I missed SOMETHING somewhere, or just reformat unless there's a solution to this garbage.
  18. Mazrim

    Mazrim TechSpot Enthusiast Topic Starter Posts: 106

    Ok, I ran ESET one last time, and this time it worked. No threats were found so no log.
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Let me explain about the virus scans and what you may see:

    If you do a scan and the malware is anywhere on the system, the scan will usually show it-but-

    1) If you see malware located in System Volume, (this is where the restore points are kept) it means that when that restore point was created, the malware was on what was imaged. But when we have removed entries in the system or that malware, it is not longer active in the system and the only way if could reinfect the system is if you did a System restore and happened to choose that restore point. I have you drop the old restore points at the end of cleaning and set a new clean one.

    2) If you see entries in the Qoobox, which is where Combofix puts the files they quarantine, is means that again, it is not active in the system and will be removed when Combofix is uninstalled.

    3) If you see entries in the Recycle Bin, it has been 'thrown away', so just empty the trash.
    The antivirus programs do not differentiate these locations and the user may see 10 entries in places that have been handled and are not active in the system,

    So Avira may have ''found' one Trojan, but unless I know the location, I cannot evaluate it.
    ==========================================
    Were you ever able to resolve this?
    Did you uncheck everything on the Startup Menu except the AV, 3rd party firewall if there is one, touchpad process if using laptop and network process if using Pure Magic or Citrix?

    Do the system still hang under those conditions?
    =========================================
    Did we discuss the uTorrent Toolbar and Conduit engine? Did you decide to keep them?

    I don't know what you're seeing on the Eset site. But many programs with free downloads also offer a paid version. All you should need to do is ignore the offer. It shouldn't affect running the scan or producing a log if malware is found.
  20. Mazrim

    Mazrim TechSpot Enthusiast Topic Starter Posts: 106

    Well the ESET scan worked this time, and no threats were found. I don't have a uTorrent toolbar installed (or at least I don't see one ever), and I've never used Conduit, so I don't know what it is really. The Turkojan virus is quarantined atm, and its location was also found in a system restore point.

    that reminds me: This is gonna sound really dumb, but I have to ask it. How do I safely DELETE malware that's quarantined in my antivirus? I remember trying to delete some malware a long tiem ago, using AVG at that time, and I somehow let it loose in my system :(

    I'm kind of afraid I might do the same trying to get rid of the stuff quarantined in Avira.

    BTW: I'm not familiar with turning stuff on and off in startup, so bear with me.
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Actually, you have many entries for both. And the installed programs show: uTorrent, Conduit Engine and uTorrent Toolbar I put them in script for you to run in Combofix. But I did not get the log that is generated after the scrip has been run.

    We need to bring this to a close. It was started over 2 months ago. We haven't found malware.
    To remove entries your antivirus has quarantined, do a RIGHT Click> Delete.

    The Qoobox will be removed when you uninstall Combofix and the infected restore points will be dropped.

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
  22. Mazrim

    Mazrim TechSpot Enthusiast Topic Starter Posts: 106

    Sorry to have wasted your time. Here's the log per the previous instructions:

    ComboFix 11-06-11.01 - Ed 06/12/2011 14:32:09.5.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2785 [GMT -4:00]
    Running from: c:\documents and settings\Ed.KIDS\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Ed.KIDS\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\system32\drivers\EagleXNt.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\j.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Ed.KIDS\Application Data\PriceGong\Data\z.xml
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-10 01:57 . 2011-06-10 01:57 -------- d-----w- c:\documents and settings\Ed.KIDS\Local Settings\Application Data\Oblivion
    2011-06-10 01:41 . 2011-06-10 01:41 -------- d-----w- c:\program files\Bethesda Softworks
    2011-06-10 01:29 . 2011-06-10 01:29 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
    2011-06-10 01:29 . 2005-04-04 03:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
    2011-06-10 01:29 . 2005-04-04 03:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
    2011-06-10 01:29 . 2005-04-04 03:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
    2011-06-10 01:29 . 2005-04-04 03:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
    2011-06-10 01:29 . 2005-04-04 02:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
    2011-06-10 01:29 . 2011-06-10 01:29 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    2011-06-03 17:52 . 2011-06-03 17:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BioWare
    2011-06-03 17:50 . 2011-06-03 17:50 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-06-03 17:47 . 2011-06-03 17:47 -------- d-----w- c:\windows\system32\AGEIA
    2011-06-03 17:47 . 2011-06-03 17:47 -------- d-----w- c:\program files\AGEIA Technologies
    2011-06-03 17:29 . 2011-06-05 03:19 -------- d-----w- c:\program files\Dragon Age
    2011-06-03 17:29 . 2011-06-03 17:47 -------- d-----w- c:\program files\Common Files\BioWare
    2011-06-01 21:02 . 2011-06-01 21:02 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
    2011-05-29 06:48 . 2011-05-29 06:48 -------- d-sh--w- c:\documents and settings\Ed.KIDS\IECompatCache
    2011-05-27 04:01 . 2011-04-20 23:25 66520 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
    2011-05-27 04:01 . 2011-04-20 23:25 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
    2011-05-27 04:01 . 2011-04-20 23:25 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
    2011-05-27 04:00 . 2011-04-20 23:25 505816 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
    2011-05-27 04:00 . 2011-04-20 23:25 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
    2011-05-22 15:47 . 2011-05-22 15:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
    2011-05-22 15:45 . 2011-05-22 15:45 -------- d-----w- c:\program files\AMD APP
    2011-05-22 14:25 . 2011-05-22 14:25 -------- d-----w- c:\documents and settings\Administrator
    2011-05-18 20:07 . 2011-06-09 22:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-29 13:11 . 2011-03-20 21:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11 . 2011-03-20 21:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-20 02:41 . 2010-12-19 01:07 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2011-04-20 02:38 . 2010-12-19 01:07 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2011-04-20 02:29 . 2010-12-19 01:07 57344 ----a-w- c:\windows\system32\aticalrt.dll
    2011-04-20 02:29 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2011-04-20 02:24 . 2010-12-19 01:07 5459968 ----a-w- c:\windows\system32\aticaldd.dll
    2011-04-20 02:14 . 2010-12-19 01:07 17743872 ----a-w- c:\windows\system32\atioglxx.dll
    2011-04-20 02:10 . 2011-04-20 02:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
    2011-04-20 02:10 . 2011-04-20 02:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
    2011-04-20 02:04 . 2010-12-19 01:07 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-04-20 02:02 . 2010-12-19 01:07 302080 ----a-w- c:\windows\system32\ati2dvag.dll
    2011-04-20 02:01 . 2010-12-19 01:07 4017408 ----a-w- c:\windows\system32\ati3duag.dll
    2011-04-20 01:55 . 2011-04-17 16:02 1115008 ----a-w- c:\windows\system32\ativvamv.dll
    2011-04-20 01:45 . 2010-12-19 01:07 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
    2011-04-20 01:44 . 2010-12-19 01:07 212992 ----a-w- c:\windows\system32\atipdlxx.dll
    2011-04-20 01:44 . 2010-12-19 01:07 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2011-04-20 01:44 . 2010-12-19 01:07 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2011-04-20 01:44 . 2010-12-19 01:07 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2011-04-20 01:43 . 2010-12-19 01:07 188416 ----a-w- c:\windows\system32\ati2evxx.dll
    2011-04-20 01:42 . 2010-12-19 01:07 643072 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-04-20 01:41 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2011-04-20 01:40 . 2010-12-19 01:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-04-20 01:36 . 2010-12-19 01:07 651264 ----a-w- c:\windows\system32\atikvmag.dll
    2011-04-20 01:34 . 2010-12-19 01:07 200704 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-04-20 01:33 . 2010-12-19 01:07 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2011-04-20 01:30 . 2010-12-19 01:07 503808 ----a-w- c:\windows\system32\atiok3x2.dll
    2011-04-20 01:28 . 2010-12-19 01:07 851968 ----a-w- c:\windows\system32\ati2cqag.dll
    2011-04-20 01:27 . 2010-12-19 01:07 64512 ----a-w- c:\windows\system32\atimpc32.dll
    2011-04-20 01:27 . 2010-12-19 01:07 64512 ----a-w- c:\windows\system32\amdpcom32.dll
    2011-04-20 01:26 . 2010-12-19 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-04-17 16:45 . 2011-04-17 16:21 1259545769 ----a-w- c:\program files\ElswordInstaller-1a.bin
    2011-04-17 16:44 . 2011-04-17 16:21 327392 ----a-w- c:\program files\ElswordInstaller.exe
    2011-03-21 23:56 . 2011-03-21 23:56 51712 ----a-w- c:\windows\system32\OpenCL.dll
    2011-03-20 05:51 . 2011-03-20 05:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-03-20 05:49 . 2011-03-20 05:49 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
    2011-03-16 13:31 . 2010-12-18 16:36 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-05-27_23.56.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-11 03:03 . 2011-01-11 03:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
    + 2009-07-12 00:54 . 2009-07-12 00:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
    + 2011-01-11 02:32 . 2011-01-11 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
    + 2011-01-11 02:32 . 2011-01-11 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
    + 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
    + 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
    + 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
    + 2011-01-11 02:32 . 2011-01-11 02:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
    + 2011-01-11 02:32 . 2011-01-11 02:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
    + 2011-01-11 02:32 . 2011-01-11 02:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
    + 2011-01-11 02:32 . 2011-01-11 02:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
    + 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
    + 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
    + 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
    + 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
    + 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
    + 2009-07-12 00:32 . 2009-07-12 00:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
    + 2009-07-12 00:32 . 2009-07-12 00:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
    + 2009-07-12 00:32 . 2009-07-12 00:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
    + 2009-07-12 00:32 . 2009-07-12 00:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
    + 2011-01-11 08:05 . 2011-01-11 08:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
    + 2011-01-11 08:23 . 2011-01-11 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
    + 2009-07-12 05:07 . 2009-07-12 05:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
    + 2009-07-12 05:19 . 2009-07-12 05:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
    + 2011-01-11 01:21 . 2011-01-11 01:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
    + 2011-06-12 18:22 . 2011-06-12 18:22 16384 c:\windows\temp\Perflib_Perfdata_414.dat
    + 2009-04-03 16:39 . 2009-04-03 16:39 70936 c:\windows\system32\PhysXLoader.dll
    + 2008-12-04 13:28 . 2008-12-04 13:28 24344 c:\windows\system32\PhysXDevice.dll
    - 2004-08-04 12:00 . 2011-05-27 04:13 71846 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2011-06-12 18:26 71846 c:\windows\system32\perfc009.dat
    + 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelTraditionalChinese.dll
    + 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelSwedish.dll
    + 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelSpanish.dll
    + 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelSimplifiedChinese.dll
    + 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelPortugese.dll
    + 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelKorean.dll
    + 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelJapanese.dll
    + 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelGerman.dll
    + 2008-10-07 13:13 . 2008-10-07 13:13 58648 c:\windows\system32\AgCPanelFrench.dll
    + 2011-06-01 21:02 . 2011-06-01 21:02 21504 c:\windows\Installer\69bfe0a.msi
    + 2011-06-10 01:31 . 2011-06-10 01:31 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2011-04-02 19:53 . 2011-04-02 19:53 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2011-06-10 01:31 . 2011-06-10 01:31 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    - 2011-04-02 19:53 . 2011-04-02 19:53 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2011-01-11 08:27 . 2011-01-11 08:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
    + 2011-01-11 08:24 . 2011-01-11 08:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
    + 2011-01-11 08:08 . 2011-01-11 08:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
    + 2008-10-07 13:13 . 2008-10-07 13:13 197912 c:\windows\system32\physxcudart_20.dll
    + 2008-11-26 12:55 . 2008-11-26 12:55 288024 c:\windows\system32\PhysXCplUI.exe
    + 2008-11-25 12:38 . 2008-11-25 12:38 288024 c:\windows\system32\PhysXCompatCplUI.exe
    - 2004-08-04 12:00 . 2011-05-27 04:13 443588 c:\windows\system32\perfh009.dat
    + 2004-08-04 12:00 . 2011-06-12 18:26 443588 c:\windows\system32\perfh009.dat
    + 2011-06-09 22:46 . 2011-06-09 22:46 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe
    + 2011-06-09 22:44 . 2011-06-09 22:44 240288 c:\windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe
    + 2011-06-09 22:44 . 2011-06-09 22:44 321184 c:\windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.dll
    + 2008-10-07 13:13 . 2008-10-07 13:13 116977 c:\windows\system32\AGEIA\AG1021\diag.bin
    + 2008-10-07 13:13 . 2008-10-07 13:13 214629 c:\windows\system32\AGEIA\AG1021\app.bin
    + 2008-10-07 13:13 . 2008-10-07 13:13 119473 c:\windows\system32\AGEIA\AG1011\diag.bin
    + 2008-10-07 13:13 . 2008-10-07 13:13 199885 c:\windows\system32\AGEIA\AG1011\app.bin
    + 2011-06-05 03:20 . 2011-06-05 03:20 424960 c:\windows\Installer\7c62d71.msi
    + 2011-06-07 06:04 . 2011-06-07 06:04 459264 c:\windows\Installer\12a99750.msi
    + 2011-06-10 01:31 . 2011-06-10 01:31 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2011-04-02 19:53 . 2011-04-02 19:53 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2011-06-10 01:31 . 2011-06-10 01:31 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    - 2011-04-02 19:53 . 2011-04-02 19:53 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2011-06-10 01:31 . 2011-06-10 01:31 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    - 2011-04-02 19:53 . 2011-04-02 19:53 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    - 2011-04-02 19:53 . 2011-04-02 19:53 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2011-06-10 01:31 . 2011-06-10 01:31 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2011-04-02 19:53 . 2011-04-02 19:53 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2011-06-10 01:31 . 2011-06-10 01:31 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2011-06-10 01:31 . 2011-06-10 01:31 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-04-02 19:53 . 2011-04-02 19:53 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-04-02 19:53 . 2011-04-02 19:53 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2011-06-10 01:31 . 2011-06-10 01:31 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2011-01-11 02:50 . 2011-01-11 02:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
    + 2011-01-11 02:50 . 2011-01-11 02:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
    + 2009-07-12 00:46 . 2009-07-12 00:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
    + 2009-07-12 00:46 . 2009-07-12 00:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
    + 2010-12-18 16:33 . 2011-06-09 22:46 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    - 2010-12-18 16:33 . 2011-05-18 20:07 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2011-06-03 17:47 . 2011-06-03 17:47 1500160 c:\windows\Installer\94209b.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\Steam\Steam.exe" [2010-12-19 1242448]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-06-05 33628160]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 98304]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632]
    "dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 430080]
    "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-06-27 282624]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
    .
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Runes of Magic\\Client.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
    "c:\\Nexon\\DFO\\DFO.exe"=
    "c:\\Nexon\\Vindictus\\en-US\\Vindictus.exe"=
    "c:\\Nexon\\Vindictus\\en-US\\NMService.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
    "c:\\Program Files\\Kill3rCombo\\Elsword\\data\\x2.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\cogs\\cogs.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\rush\\rush.exe"=
    "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
    "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
    "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "57788:TCP"= 57788:TCP:pando Media Booster
    "57788:UDP"= 57788:UDP:pando Media Booster
    "56440:TCP"= 56440:TCP:pando Media Booster
    "56440:UDP"= 56440:UDP:pando Media Booster
    "1162:TCP"= 1162:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 AM 14336]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/18/2010 12:36 PM 136360]
    R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [12/18/2010 11:52 AM 22016]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 10:24 AM 993848]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 10:24 AM 399416]
    R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/18/2010 11:48 AM 1374464]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2011 12:52 AM 136176]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2011 12:52 AM 136176]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [11/23/2009 5:37 PM 19720]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [3/25/2011 7:46 PM 14856]
    S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [12/18/2010 11:52 AM 25984]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [12/18/2010 11:52 AM 17408]
    S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 04:52]
    .
    2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 04:52]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-12 14:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
    DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1644491937-1326574676-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:37,37,7d,7a,76,93,30,1f,c6,50,e2,66,54,58,5f,03,29,81,d9,d3,1c,6b,fe,
    a8,4d,74,17,db,cc,41,96,d8,20,78,ee,e1,5f,8a,1b,3c,98,de,ca,61,96,ee,47,59,\
    "??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
    .
    [HKEY_USERS\S-1-5-21-1644491937-1326574676-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:13,1a,de,73,c8,29,0e,b1,5a,21,db,66,56,c3,fc,1e,99,59,1b,12,55,
    aa,bc,b6,40,79,1a,0a,c1,16,8f,a5,c0,3c,ba,73,39,40,dd,27,2b,3f,dc,17,97,00,\
    "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(720)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    Completion time: 2011-06-12 14:38:26
    ComboFix-quarantined-files.txt 2011-06-12 18:38
    ComboFix2.txt 2011-06-07 00:38
    ComboFix3.txt 2011-05-27 23:58
    .
    Pre-Run: 460,815,585,280 bytes free
    Post-Run: 460,862,885,888 bytes free
    .
    - - End Of File - - AC4850C1EE1706B5EB07066DA9A3A973
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Thread closed at members request. Getting new hardware.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.