Solved Multiple issues -- crippling slowdown, display driver crashes, BSOD and more

[peri609667]

Hello everyone, my name is Jordan, and i have a problem. My 6 month old Acer Aspire 5741G has been slowing down considerably over the last few months, to the point where start up takes 20 mins (used to take only 1-2) and no program will run without freezing for a few seconds every so often. I mostly use it for gaming, but even the least cpu intensive games, like Minecraft, will not run smoothly, yet they would all run perfectly on the highest settings during the first 4 months of operation.

My display driver crashes frequently as well, often several times a day. My computer has also had the BSOD a few times, but this issue seems to have passed for now. The most concerning factor though is that sometimes things happen that i had no involvement in - Icons appearing on my desktop and my cursor moving on its own.

I have scanned with AVG and Ad-Aware, both full, paid versions, and neither returned results.

I strongly suspect malware, and one that has allowed someone full control over my PC. I would like to avoid a reformat if at all possible though, due to the fact that i don't have win7 install disks (it came pre-installed, and without a backup disk), and thus forcing me to fork out money i don't have to buy it or downgrade to XP, but if it is unavoidable, then so be it.

This is my first time on this board, so i'm unsure if this is sufficient information for a starting point. If you need the specifications, or anything else, please let me know.

Log is as follows:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6587

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

16/05/2011 6:18:29 PM
mbam-log-2011-05-16 (18-18-29).txt

Scan type: Quick scan
Objects scanned: 161801
Time elapsed: 9 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[peri609667]

dds logs:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Jordan at 21:43:56.15 on Mon 16/05/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3959.1878 [GMT 10:00]
.
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Ad-Aware Total Security *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Ad-Aware Total Security *Disabled/Updated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}
FW: Ad-Aware Personal Firewall *Disabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Lachesis\OSD.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Razer\Lachesis\razertra.exe
C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jordan\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_5741g&r=27360610j805l04f4z1j5t6562k23q
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_5741g&r=27360610j805l04f4z1j5t6562k23q
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Ad-Aware WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
TB: Ad-Aware WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [BigPondWirelessBroadbandCM] "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
mRun: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe
mRun: [GDFirewallTray] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Webfilter\AVKWebIEx64.dll
BHO-X64: Ad-Aware WebFilter Class - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
TB-X64: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Webfilter\AVKWebIEx64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AppInit_DLLs-X64: avgrssta.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\hizhlqoa.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\System32\drivers\AVGIDSwa.sys [2010-6-26 27216]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-6-26 56008]
R0 GDBehave;GDBehave;C:\Windows\System32\drivers\GDBehave.sys [2011-1-15 40392]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-6-26 29976]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-6-26 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-6-26 35536]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-6-26 317520]
R1 GDMnIcpt;GDMnIcpt;C:\Windows\System32\drivers\MiniIcpt.sys [2011-1-15 85960]
R1 gdwfpcd;G DATA WFP CD;C:\Windows\System32\drivers\gdwfpcd64.sys [2011-1-15 48584]
R1 GRD;G Data Rootkit Detector Driver;C:\Windows\System32\drivers\GRD.sys [2011-1-15 106224]
R1 HookCentre;HookCentre;C:\Windows\System32\drivers\HookCentre.sys [2011-1-15 49096]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-6-27 921952]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-6-27 308136]
R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2010-6-27 2331544]
R2 AVKProxy;Ad-Aware Total Security Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-6-29 1081384]
R2 AVKService;Ad-Aware Scheduler;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [2010-6-29 412944]
R2 AVKWCtl;Ad-Aware Filesystem Monitor;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe [2010-6-23 2170224]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-1-16 310352]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-1-16 842784]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-16 13336]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-1-7 255744]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-9-24 144632]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-1-16 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-1-16 240160]
R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-6-26 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-6-26 35920]
R3 GDFwSvc;Ad-Aware Personal Firewall;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe [2010-6-15 1954472]
R3 GDPkIcpt;GDPkIcpt;C:\Windows\System32\drivers\PktIcpt.sys [2011-1-15 57288]
R3 GDScan;Ad-Aware Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-6-29 624064]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-16 56344]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-7-27 131688]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2007-8-17 30336]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-27 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-27 947528]
S3 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-6-27 5897808]
S3 GDBackupSvc;Ad-Aware Backup Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [2010-6-29 911976]
S3 GDTunerSvc;Ad-Aware Tuner Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [2010-6-29 1234896]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-27 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2010-8-16 114304]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2008-4-29 9216]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-9-24 50424]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-1-16 232992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-3 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-28 1255736]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2010-11-28 135168]
.
=============== Created Last 30 ================
.
2011-05-16 10:49:17 -------- d-----w- C:\Users\Jordan\AppData\Local\Western Digital
2011-05-16 09:02:21 -------- d-----w- C:\Users\Jordan\AppData\Local\{CAEA160D-A996-4015-AC42-887B448CD893}
2011-05-15 19:32:58 -------- d-----w- C:\Program Files\CCleaner
2011-05-15 12:18:05 -------- d-----w- C:\Users\Jordan\AppData\Local\{8C22381D-4FF5-46F5-8F29-D0EF14BE035A}
2011-05-13 12:09:17 -------- d-----w- C:\Users\Jordan\AppData\Local\{60BDA9E8-22AC-4B4B-9DC3-7EA59BADC562}
2011-05-13 12:08:39 -------- d-----w- C:\Users\Jordan\AppData\Roaming\Windows Live Writer
2011-05-13 12:08:39 -------- d-----w- C:\Users\Jordan\AppData\Local\Windows Live Writer
2011-05-12 02:55:04 -------- d-----w- C:\Users\Jordan\AppData\Local\{8DA1A2D1-E1EC-4900-9071-C4087E34047C}
2011-05-11 17:02:20 -------- d-----w- C:\c0616b96a52c0556bb
2011-05-11 16:19:39 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 16:19:36 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 16:19:36 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 16:19:30 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 16:19:30 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 16:19:30 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 16:19:30 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 16:19:30 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 16:19:30 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 16:19:30 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-10 15:40:53 -------- d-----w- C:\Users\Jordan\AppData\Local\AVG Security Toolbar
2011-05-09 06:04:35 -------- d-----w- C:\Users\Jordan\AppData\Local\{7249E9F4-CE6C-45BE-BBF8-CEE496B455D0}
2011-05-08 18:52:59 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-05-08 18:52:59 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-08 18:52:59 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-08 18:52:59 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-05-08 18:52:59 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-08 18:52:58 1892184 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-08 18:52:58 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-08 18:52:57 1974616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-06 16:14:52 -------- d-----w- C:\Users\Jordan\AppData\Local\{46BDA8D4-9F54-43FE-AF54-F43AE212877D}
2011-05-06 00:42:24 -------- d-----w- C:\Users\Jordan\AppData\Local\{96214FDE-635D-472F-89DE-4B46B60BD90F}
2011-05-05 00:44:22 -------- d-----w- C:\Users\Jordan\AppData\Local\{B7D96279-2E5A-49DF-B95B-D731BC388230}
2011-05-03 11:06:07 -------- d-----w- C:\Users\Jordan\AppData\Local\{128D21F7-8B20-424C-96E5-37C5207930CF}
2011-05-03 08:54:01 -------- d-----w- C:\Windows\System32\SPReview
2011-05-03 08:52:11 -------- d-----w- C:\Windows\System32\EventProviders
2011-05-03 08:45:59 2018304 ----a-w- C:\Windows\System32\WsmSvc.dll
2011-05-03 08:44:59 324096 ----a-w- C:\Windows\System32\netdiagfx.dll
2011-05-03 08:43:59 95232 ----a-w- C:\Windows\System32\cca.dll
2011-05-03 08:42:58 8192 ----a-w- C:\Windows\System32\KBDTUQ.DLL
2011-05-03 08:39:02 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-05-03 08:39:02 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-05-03 08:39:02 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-05-03 08:38:57 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-05-03 08:38:55 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-05-03 08:38:30 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-05-03 08:38:30 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-05-03 08:37:16 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-05-03 08:37:16 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-05-03 08:37:16 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-05-03 08:37:15 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-05-03 07:17:32 -------- d-----w- C:\Users\Jordan\AppData\Local\{78460B1C-1ED5-4A06-A3DE-F4C4C58472E3}
2011-05-01 19:50:29 -------- d-----w- C:\Users\Jordan\AppData\Local\{A7BCFFE2-844B-423A-B30A-5CD79296DAA8}
2011-05-01 07:47:13 -------- d-----w- C:\Users\Jordan\AppData\Local\{DFF0DBFF-9AB4-481D-A5F7-1E1090C18E4D}
2011-04-26 21:55:09 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-26 21:55:08 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-26 21:55:07 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-26 21:55:07 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-26 08:37:52 0 ----a-w- C:\Windows\SysWow64\sho5DF.tmp
2011-04-26 04:15:03 -------- d-----w- C:\Users\Jordan\AppData\Roaming\Malwarebytes
2011-04-26 04:14:49 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-26 04:14:48 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-26 04:14:45 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-26 04:14:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-26 00:43:07 -------- d-----w- C:\Program Files\iPod
2011-04-26 00:43:06 -------- d-----w- C:\Program Files\iTunes
2011-04-26 00:43:06 -------- d-----w- C:\Program Files (x86)\iTunes
2011-04-26 00:38:43 -------- d-----w- C:\Program Files\Bonjour
2011-04-26 00:38:43 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-04-26 00:23:09 -------- d-----w- C:\Users\Jordan\AppData\Local\{5A62D52B-9610-48E6-8EC6-5D3DAD0E8934}
2011-04-22 00:04:00 -------- d-----w- C:\Users\Jordan\AppData\Local\{205453AC-7AEA-4246-A668-72720CE2849F}
2011-04-21 23:29:00 -------- d-----w- C:\ILLUSION
2011-04-21 13:42:51 -------- d-----w- C:\Users\Jordan\AppData\Local\{A898FC74-9EB6-4A55-A264-33A97DE21AE3}
2011-04-21 13:26:18 -------- d-----w- C:\Users\Jordan\AppData\Local\{A3C892B6-8D41-4E3E-AD37-DB952AF23623}
2011-04-21 13:13:50 -------- d-----w- C:\Users\Jordan\AppData\Local\{990906C7-094D-461F-829C-1680E786E8AD}
2011-04-21 02:02:06 2469888 ----a-r- C:\Users\Jordan\AppData\Roaming\Microsoft\Installer\{2773B836-AC66-4178-A414-C5A0F9F5D805}\kaiEngine.exe
2011-04-21 02:02:06 -------- d-----w- C:\Program Files (x86)\XLink Kai
2011-04-19 06:36:17 -------- d-----w- C:\Users\Jordan\AppData\Local\{17CDF3DF-9C72-4C35-8D83-D794E20E37A3}
.
==================== Find3M ====================
.
2011-05-05 22:47:08 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-05-03 09:54:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-05-03 09:54:26 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-09 08:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-04-09 08:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2011-04-06 06:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 06:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 06:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 06:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 06:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 06:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 06:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 06:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-04-06 02:52:58 0 ----a-w- C:\Windows\SysWow64\sho9D6F.tmp
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 10:56:44 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-02-18 06:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 06:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-18 05:43:28 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
.
============= FINISH: 21:44:56.56 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 24/06/2010 4:38:51 PM
System Uptime: 16/05/2011 6:57:40 PM (3 hours ago)
.
Motherboard: Acer | | Aspire 5741G
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 170.634 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP157: 10/05/2011 9:53:17 AM - Avg Update
RP158: 12/05/2011 3:00:20 AM - Windows Update
RP159: 12/05/2011 8:40:44 AM - Avg Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
3 Mobile Broadband
AC3Filter 1.63b
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Ad-Aware Total Security
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4 MUI
Alice Greenfingers
Aliens vs. Predator
Altitude
Amazonia
Amnesia: The Dark Descent
Apple Application Support
Apple Software Update
µTorrent
Audiosurf
AVG 9.0
Backup Manager Basic
Battle for Wesnoth 1.8.5
Battle for Wesnoth 1.9.1
Battle for Wesnoth 1.9.2
Battlefield 2
Black & White® 2
Borderlands
Chicken Invaders 2
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 9
D3DX10
Dairy Dash
Dead Rising 2
DivX Setup
Dream Day First Home
Dungeon Keeper 2
Dungeons - Demo
EAX4 Unified Redist
eSobi v2
Exif Tag Remover 4.01
Farm Frenzy 2
FINAL FANTASY XI
Flyff
GameRanger
Garena 2010
Garry's Mod
GIMP 2.6.11
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Granny In Paradise
Heroes of Hellas
Heroes of Might & Magic V: Hammers of Fate
Heroes of Might and Magic V
Heroes of Might and Magic V - Tribes of the East
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 24
JFK Reloaded 1.1
Junk Mail filter update
Killing Floor
Launch Manager
League of Legends
Left 4 Dead
Malwarebytes' Anti-Malware
Medieval II: Total War
Medieval II: Total War Kingdoms
Merriam Websters Spell Jam
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Business 2010 - English
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mount and Blade: Warband
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
MyWinLocker
Neverwinter Nights 2
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA PhysX
OpenAL
Pando Media Booster
Penumbra: Overture
PowerISO
PunkBuster Services
QuickTime
RapeLay
Razer Lachesis
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
S.T.A.L.K.E.R.: Shadow of Chernobyl
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Silkroad
StarCraft II
Steam
Stronghold Legends
System Requirements Lab
Team Fortress 2
Telstra Mobile Broadband Manager
The Lord of the Rings - Conquest™
The Ship
The Ship Single Player
The Ship Tutorial
The Witcher: Enhanced Edition
Tom Clancy's Splinter Cell Double Agent
Total War: SHOGUN 2 Demo
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Vuze
Warlords Battlecry III
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Xfire (remove only)
XfireXO Toolbar
XLink Kai
.
==== Event Viewer Messages From Past Week ========
.
16/05/2011 7:44:50 AM, Error: Service Control Manager [7000] - The GarenaPEngine service failed to start due to the following error: This driver has been blocked from loading
16/05/2011 7:44:50 AM, Error: Application Popup [1060] - \??\C:\Users\Jordan\AppData\Local\Temp\RQJ667C.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
16/05/2011 7:04:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
16/05/2011 7:04:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.
16/05/2011 7:02:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.
16/05/2011 7:00:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
16/05/2011 6:57:53 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
16/05/2011 6:36:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
16/05/2011 3:33:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
14/05/2011 1:53:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
14/05/2011 1:53:26 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/05/2011 7:27:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nvsvc service.
.
==== End Of File ===========================

 

[peri609667]

Umm. The gmer log file is completely blank for some reason. It definitely had text in it when it popped up, and i did save it because there's a text document on my desktop labeled gmer. Should i run it again and post the new log?

 

[Bobbye]

Welcome to TechSpot, Jordan. I will be glad to review these logs for malware and have you run any other scans I think necessary.

It sound, however, that you have system problems also. But I'll go through these logs first.

While I'm doing that, can you please tell me how much RAM is installed on the machine?

And keep the following in mind:
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

I will be back shortly.

 

[Bobbye]

Welcome to TechSpot, Jordan. I will be glad to review these logs for malware and have you run any other scans I think necessary.

One of your problems is haveing 2 antivirus programs and 2 firewalls- each is probably fighting with the other for who will handle the malware! So please remove one AV and one FW:
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Ad-Aware Total Security *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
FW: Ad-Aware Personal Firewall *Disabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

Note: I will be having you run a program named Combofix. IT will not run with AVG on the system. So you may want to remove AVG for now:
Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AVG program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one: (if the Av in Adaware is current, you don't need to add the following.)
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version

Please reboot the computer when through.
=============================
You can go ahead and run Combofix after AVG has been removed
Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

-------------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

And keep the following in mind:
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

After I see the Combofi log, I will set up some script to remve entries. I can tell you that another reasons you've slowed down is the fact that you have too many processes running. You also added these programs on 4/26/2011:
C:\Program Files\iTunes
C:\Program Files (x86)\iTunes
C:\Program Files\Bonjour
C:\Program Files (x86)\Bonjour
They are all starting on boot, then running in the background. None need to start on boot.

 

[peri609667]

Thanks for your help Bobbye. In response to your first question; I have 4 GB of ram installed, all built-in (that is to say, i haven't added any).

I was unaware that AVG and Ad-Aware conflicted; it was my understanding that AVG is an antivirus, and Ad-Aware is an anti-spyware, and that it was ok, even recommended, to have one of each.

I am uninstalling AVG as requested though, it would have been the one i uninstalled anyway due to it giving false positives and not detecting as much as Ad-Aware.

I'll get back to you once I've finished the other steps.

 

[peri609667]

Ugh, problem. I read your post up to "Download AppRemover and save to the desktop", and proceeded to do everything i'd read up to that point, not wanting to read further for risk of confusing myself (i break things down into steps). Problem is, it wasn't until i'd uninstalled AVG with it's default uninstall and downloaded AppRemover that i realised i was supposed to use AppRemover for the uninstall. I started it up anyway and followed the instructions, but not surprisingly, nothing showed up. I tried "clean up a failed install" as well, with no luck. Is this going to affect the outcome, or should i just keep going?

 

[Bobbye]

Just keep going. The App Remover is a convenience, not a necessity. Please be sure to put one of the recommended temporary AV on the system.

 

[peri609667]

Alright, getting back to it. I've decided that I'll install Avira. Something that was bothering me though - you mentioned that i had too many programs running; Itunes and Bonjour, both installed on 4/26/2011. Thing is, i never installed Bonjour, i don't even know what it is (aside from hello in french) and Itunes was installed long before then, i've had it since last year. Is Bonjour just a program that was thrown in during installation of something else? What about Itunes? Does it count as a fresh install every time it updates? And finally, if they're starting on boot and continuing on as background processes, how am i meant to stop them? I can only think to manually shut down the processes after the computer has started, but that doesn't help with the slow startup.

Sorry to bombard you with questions, i'd just like to understand exactly what's happening.

Anyway, i'll do the rest of the things you asked and get back to you once they're done. I'll be back soon.

Edit: Combofix scan is finished, here is the log:

ComboFix 11-05-17.01 - Jordan 18/05/2011 7:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3959.1966 [GMT 10:00]
Running from: c:\users\Jordan\Desktop\ComboFix.exe
AV: Ad-Aware Total Security *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: Ad-Aware Personal Firewall *Disabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
SP: Ad-Aware Total Security *Disabled/Updated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jordan\AppData\Roaming\.#
c:\windows\SysWow64\system
.
.
((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))
.
.
2011-05-17 21:38 . 2011-05-17 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-17 21:11 . 2011-05-17 21:11 -------- d-----w- c:\users\Jordan\AppData\Roaming\Avira
2011-05-17 20:58 . 2011-04-01 07:07 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-17 20:58 . 2011-04-01 07:07 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-17 20:58 . 2011-05-17 20:58 -------- d-----w- c:\programdata\Avira
2011-05-17 20:58 . 2011-05-17 20:58 -------- d-----w- c:\program files (x86)\Avira
2011-05-17 16:15 . 2011-04-17 23:15 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22C331CC-296E-4CBB-9217-077C9C560BB5}\mpengine.dll
2011-05-16 10:49 . 2011-05-16 10:49 -------- d-----w- c:\users\Jordan\AppData\Local\Western Digital
2011-05-16 09:02 . 2011-05-16 09:02 -------- d-----w- c:\users\Jordan\AppData\Local\{CAEA160D-A996-4015-AC42-887B448CD893}
2011-05-15 19:32 . 2011-05-15 19:33 -------- d-----w- c:\program files\CCleaner
2011-05-15 12:18 . 2011-05-15 12:18 -------- d-----w- c:\users\Jordan\AppData\Local\{8C22381D-4FF5-46F5-8F29-D0EF14BE035A}
2011-05-13 12:09 . 2011-05-13 12:09 -------- d-----w- c:\users\Jordan\AppData\Local\{60BDA9E8-22AC-4B4B-9DC3-7EA59BADC562}
2011-05-13 12:08 . 2011-05-13 12:08 -------- d-----w- c:\users\Jordan\AppData\Local\Windows Live Writer
2011-05-13 12:08 . 2011-05-13 12:08 -------- d-----w- c:\users\Jordan\AppData\Roaming\Windows Live Writer
2011-05-12 02:55 . 2011-05-12 02:56 -------- d-----w- c:\users\Jordan\AppData\Local\{8DA1A2D1-E1EC-4900-9071-C4087E34047C}
2011-05-11 17:02 . 2011-05-11 17:06 -------- d-----w- C:\c0616b96a52c0556bb
2011-05-11 16:19 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 16:19 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 16:19 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 16:19 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 16:19 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 16:19 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 16:19 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 16:19 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 16:19 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 16:19 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-09 06:04 . 2011-05-09 06:04 -------- d-----w- c:\users\Jordan\AppData\Local\{7249E9F4-CE6C-45BE-BBF8-CEE496B455D0}
2011-05-08 18:52 . 2011-05-08 18:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-08 18:52 . 2011-05-08 18:52 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-08 18:52 . 2011-05-08 18:52 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-08 18:52 . 2011-05-08 18:52 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-08 18:52 . 2011-05-08 18:52 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-08 18:52 . 2011-05-08 18:52 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-08 18:52 . 2011-05-08 18:52 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-08 18:52 . 2011-05-08 18:52 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-06 16:14 . 2011-05-06 16:15 -------- d-----w- c:\users\Jordan\AppData\Local\{46BDA8D4-9F54-43FE-AF54-F43AE212877D}
2011-05-06 00:42 . 2011-05-06 00:43 -------- d-----w- c:\users\Jordan\AppData\Local\{96214FDE-635D-472F-89DE-4B46B60BD90F}
2011-05-05 00:44 . 2011-05-05 00:44 -------- d-----w- c:\users\Jordan\AppData\Local\{B7D96279-2E5A-49DF-B95B-D731BC388230}
2011-05-03 11:06 . 2011-05-03 11:06 -------- d-----w- c:\users\Jordan\AppData\Local\{128D21F7-8B20-424C-96E5-37C5207930CF}
2011-05-03 08:54 . 2011-05-03 08:54 -------- d-----w- c:\windows\system32\SPReview
2011-05-03 08:52 . 2011-05-03 08:52 -------- d-----w- c:\windows\system32\EventProviders
2011-05-03 08:45 . 2010-11-20 13:27 2018304 ----a-w- c:\windows\system32\WsmSvc.dll
2011-05-03 08:44 . 2010-11-20 13:27 324096 ----a-w- c:\windows\system32\netdiagfx.dll
2011-05-03 08:43 . 2010-11-20 13:33 14720 ----a-w- c:\windows\system32\drivers\hwpolicy.sys
2011-05-03 08:42 . 2010-11-20 13:02 8192 ----a-w- c:\windows\system32\KBDTUQ.DLL
2011-05-03 08:39 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-03 08:39 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-05-03 08:39 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-05-03 08:38 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-05-03 08:38 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-05-03 08:38 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-05-03 08:38 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-05-03 08:37 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-03 08:37 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-05-03 08:37 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-03 08:37 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-05-03 07:17 . 2011-05-03 07:17 -------- d-----w- c:\users\Jordan\AppData\Local\{78460B1C-1ED5-4A06-A3DE-F4C4C58472E3}
2011-05-01 19:50 . 2011-05-01 19:50 -------- d-----w- c:\users\Jordan\AppData\Local\{A7BCFFE2-844B-423A-B30A-5CD79296DAA8}
2011-05-01 07:47 . 2011-05-01 07:49 -------- d-----w- c:\users\Jordan\AppData\Local\{DFF0DBFF-9AB4-481D-A5F7-1E1090C18E4D}
2011-04-26 21:55 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-26 21:55 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-26 21:55 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 21:55 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-26 08:37 . 2011-04-26 08:37 0 ----a-w- c:\windows\SysWow64\sho5DF.tmp
2011-04-26 04:15 . 2011-04-26 04:15 -------- d-----w- c:\users\Jordan\AppData\Roaming\Malwarebytes
2011-04-26 04:14 . 2010-12-20 08:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-26 04:14 . 2011-04-26 04:14 -------- d-----w- c:\programdata\Malwarebytes
2011-04-26 04:14 . 2011-05-16 08:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-26 04:14 . 2010-12-20 08:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 00:43 . 2011-04-26 00:43 -------- d-----w- c:\program files\iPod
2011-04-26 00:43 . 2011-04-26 00:43 -------- d-----w- c:\program files\iTunes
2011-04-26 00:43 . 2011-04-26 00:43 -------- d-----w- c:\program files (x86)\iTunes
2011-04-26 00:38 . 2011-04-26 00:38 -------- d-----w- c:\program files\Bonjour
2011-04-26 00:38 . 2011-04-26 00:38 -------- d-----w- c:\program files (x86)\Bonjour
2011-04-26 00:23 . 2011-04-26 00:23 -------- d-----w- c:\users\Jordan\AppData\Local\{5A62D52B-9610-48E6-8EC6-5D3DAD0E8934}
2011-04-22 00:04 . 2011-04-22 00:04 -------- d-----w- c:\users\Jordan\AppData\Local\{205453AC-7AEA-4246-A668-72720CE2849F}
2011-04-21 23:29 . 2011-04-21 23:29 -------- d-----w- C:\ILLUSION
2011-04-21 13:42 . 2011-04-21 13:42 -------- d-----w- c:\users\Jordan\AppData\Local\{A898FC74-9EB6-4A55-A264-33A97DE21AE3}
2011-04-21 13:26 . 2011-04-21 13:26 -------- d-----w- c:\users\Jordan\AppData\Local\{A3C892B6-8D41-4E3E-AD37-DB952AF23623}
2011-04-21 13:13 . 2011-04-21 13:13 -------- d-----w- c:\users\Jordan\AppData\Local\{990906C7-094D-461F-829C-1680E786E8AD}
2011-04-21 02:02 . 2011-04-21 02:02 2469888 ----a-r- c:\users\Jordan\AppData\Roaming\Microsoft\Installer\{2773B836-AC66-4178-A414-C5A0F9F5D805}\kaiEngine.exe
2011-04-21 02:02 . 2011-04-21 02:02 -------- d-----w- c:\program files (x86)\XLink Kai
2011-04-19 06:36 . 2011-04-19 06:37 -------- d-----w- c:\users\Jordan\AppData\Local\{17CDF3DF-9C72-4C35-8D83-D794E20E37A3}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-03 09:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-03 09:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-09 08:55 . 2011-04-09 08:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 08:55 . 2011-04-09 08:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-06 06:26 . 2011-04-06 06:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 06:26 . 2011-04-06 06:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 06:26 . 2011-04-06 06:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 06:26 . 2011-04-06 06:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 06:20 . 2011-04-06 06:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 06:20 . 2011-04-06 06:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 06:20 . 2011-04-06 06:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 06:20 . 2011-04-06 06:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-04-06 02:52 . 2011-04-06 02:52 0 ----a-w- c:\windows\SysWow64\sho9D6F.tmp
2011-03-18 02:46 . 2010-06-24 01:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-11 06:34 . 2011-04-14 07:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-14 07:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-14 07:34 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 07:34 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:29 . 2011-04-14 07:33 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-14 07:33 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-07 06:31 . 2011-04-14 07:33 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 05:33 . 2011-04-14 07:33 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-07 04:24 . 2011-04-14 07:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-07 03:52 . 2011-04-14 07:33 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-04 06:19 . 2011-04-26 21:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-26 21:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-14 07:33 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-14 07:33 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-14 07:33 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-14 07:34 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 06:15 . 2011-04-14 07:34 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:38 . 2011-04-14 07:34 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56 . 2011-04-14 07:33 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:56 . 2011-04-14 07:34 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:56 . 2011-04-14 07:34 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:55 . 2011-04-14 07:34 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:55 . 2011-04-14 07:33 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:55 . 2011-04-14 07:33 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:55 . 2011-04-14 07:33 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 12:05 . 2011-03-09 22:13 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 22:13 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 22:13 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 12:03 . 2011-04-14 07:34 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 09:00 . 2011-04-14 07:34 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-02-19 06:30 . 2011-03-09 22:13 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 22:13 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-19 06:30 . 2011-04-14 07:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-19 04:34 . 2011-04-14 07:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-18 10:56 . 2011-04-14 07:34 613376 ----a-w- c:\windows\system32\vbscript.dll
2011-02-18 06:36 . 2011-02-18 06:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 06:36 . 2011-02-18 06:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 05:43 . 2011-04-14 07:34 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\tbXfir.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-06-13 09:10 2734688 ----a-w- c:\program files (x86)\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\tbXfir.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-16 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-01-11 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-01-13 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-01-22 1287760]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2010-11-20 274608]
"BigPondWirelessBroadbandCM"="c:\program files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" [2010-05-14 4352408]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"G Data AntiVirus Tray Application"="c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-29 981504]
"GDFirewallTray"="c:\program files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-29 1550576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-27 135664]
R3 dump_wmimmc;dump_wmimmc;c:\games\GPotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 GDBackupSvc;Ad-Aware Backup Service;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [2010-06-29 911976]
R3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [2010-06-29 1234896]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-27 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 SysInfo;SysInfo;c:\windows\system32\drivers\SysInfo.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-01-14 106224]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-06-29 1081384]
S2 AVKService;Ad-Aware Scheduler;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [2010-06-29 412944]
S2 AVKWCtl;Ad-Aware Filesystem Monitor;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe [2010-06-23 2170224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-01-22 310352]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-01-18 842784]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-01-07 255744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 GDFwSvc;Ad-Aware Personal Firewall;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe [2010-06-15 1954472]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
S3 GDScan;Ad-Aware Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-06-29 624064]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-27 08:33]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-27 08:33]
.
2010-11-13 c:\windows\Tasks\Install_NSS.job
- c:\program files (x86)\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-01-18 832544]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\hizhlqoa.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1029209321-3977581243-1105138651-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1029209321-3977581243-1105138651-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1029209321-3977581243-1105138651-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cd,85,91,fc,1d,af,c1,78,24,71,99,cc,b4,6e,1d,84,f6,e6,f9,7c,68,db,7e,
03,f6,24,85,f4,76,f7,61,15,09,e9,cd,e5,27,9e,fb,a0,81,58,37,22,c9,92,10,ea,\
"??"=hex:b7,59,b2,5b,f2,63,a1,a7,ff,aa,c6,8e,92,5d,a1,57
.
[HKEY_USERS\S-1-5-21-1029209321-3977581243-1105138651-1000\Software\SecuROM\License information*]
"datasecu"=hex:db,f9,30,98,ec,25,65,4a,89,84,eb,7c,e9,b4,ad,47,f3,f0,c9,0c,c7,
2b,6f,14,f9,6a,a8,e4,0f,7e,ae,57,d5,c6,41,2e,61,a8,9e,c8,08,c8,52,64,20,ec,\
"rkeysecu"=hex:1e,d5,aa,a7,ee,53,a8,8c,ea,9c,50,47,da,ae,bc,64
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-18 07:42:32
ComboFix-quarantined-files.txt 2011-05-17 21:42
.
Pre-Run: 191,679,664,128 bytes free
Post-Run: 191,498,129,408 bytes free
.
- - End Of File - - 6A541CF362778888D25C92D47BA42FDE

 

[Bobbye]

Jordan, AdAware currently also has an antivirus program:

AV: Ad-Aware Total Security >> antivirus
AV: AntiVir Desktop >> antivirus
FW: Ad-Aware Personal Firewall>> firewall
SP: Ad-Aware Total Security >> antispyware/antimalware
SP: AntiVir Desktop >> antimalware
SP: Windows Defender>> antimalware

You should have only one antivirus program, one firewall, okay to have 2 or more antimalware programs. You have the AdAware Total Security which is described in part as:

Complete Malware Protection
A power-packed combination of our pioneer anti-spyware technology together with traditional anti-virus to provide comprehensive malware protection, including protection against virus, spyware, blended malware, trojans, rootkits, hijackers, keyloggers, and much more.

As long as is displays as AV, it is considered 'antivirus'. Back when I had the paid AdAware, the Real Time Protection was AdWatch. However, I have seen that process also displayed in addition to the AV & FW.
=================================
Please don't add anything else to the system- especially for security. I have also found an entry from Norton. Please handle the AV- get down to ONE.
==========================================
These are all related to Apple. They all show the same install date. They are not updates or app data entries> they are program installs:

2011-04-26 00:43
c:\program files\iPod
c:\program files\iTunes
c:\program files (x86)\iTunes
c:\program files\Bonjour
c:\program files (x86)\Bonjour

You can do Google searches for each. The internet is full of information about them.
===================================
It's going to take me a while to get through the Combofix log. Before I write the script for removal of entries, I need to know the following:
1. You have uninstalled AVG and do not intent to reinstall it- is that correct?
2. Please look into the AdAware program.. I need to know what you will be running for it. I have emailed Lavasoft on several occasions about the AV AdAware, but so for, I have not gotten any replies.
3. Look into the Apple Programs. Understand what they are for, what they do, if you want them installed.
=======================================
After you have handled the security programs, please run the following Security Check

Download Security Check by screen317 from HERE or HERE .

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===============================================
I'm thinking you are not aware of many of the processes in the system and are possibly having some conflicts between them.

 

[peri609667]

Thanks for replying, Bobbye. I Didn't know Ad-Aware included Anti-Virus as well. I've done a little research on it and there have been multiple reports of slowdown after using this version of Ad-Aware while having another Anti-Virus installed, similar to my case. It seems the Anti-Virus component was only added in the more recent versions, which has confused many people (myself included).

My plan was to disable the AV components of Ad-Aware and leave the rest on, but so far i haven't figured out how to do that. I've searched google and their support page but only found complaints about problems it causes (slowdown, BSOD, crashes), and found nothing to help me. I'm considering just uninstalling it completely, but i'm worried that will leave me vulnerable to attacks, as it's the only paid malware protection i have left. If i uninstalled Avira, that would leave me with only one AV, but i installed that due to your suggestion, so it seems counter-productive to remove it shortly afterwards.

Regarding this, i'm very on the fence about what to do - i'm happy to disable Ad-Aware's AV protection, if you can tell me how to do so, i'm happy to uninstall Avira if it's only causing problems. I'm even ok with removing Ad-Aware entirely as long as it doesn't leave me completely vulnerable. So i'm just going to leave this decision up to you - i'll follow whatever course of action you deem most appropriate.

The Norton entry is probably the "Symantec Online Back-up" program that came pre-installed on the computer. I've never used it and have never had any other affiliation with Norton, so that's probably all it is. Since i never use it, and don't intend to, i have no problem with all traces of it being removed if it will cause issues.

I looked up Bonjour, and it's a program that is installed with Apple products and assists those products in certain tasks. For example "iTunes uses Bonjour to find shared music libraries, to find AirPort Express devices for streaming music to, and to find Apple TVs". It seems to cause problems with the programs that rely on it if it's removed, so i'll leave it alone. Still, it doesn't need to be running at startup, or as a background process all the time. Ideally it, and iTunes, should only have processes running when i open them. If possible, i'd like to set it up that way. Also, while i did have iTunes installed long before that, i did perform an update on that date. My guess is when iTunes "updates" it completely uninstalls the old version and reinstalls the new. Seems odd to me, but oh well.

Next up i'll answer your list of questions;
1. Yes, i have completely uninstalled AVG. I have no intent to reinstall it at this time.
2. At this point, everything, because i can't work out how to shut down individual components. If i could figure out how to do that i would disable AV and possibly the real time protection, if it causes conflicts. I only want it for spyware and malware protection / removal, so anything not related to that which causes conflicts.
3. I already have, and addressed this in an earlier segment. I would like to get them to stop running on startup, but other than that, they are both fine.

I'll await your advice regarding the Anti-Virus programs before continuing with the security check. If you have no personal opinion or there is little difference, i'll flip a coin or something. On an unrelated side note; both security programs i had installed; Ad-Aware and AVG, begin with the letter A. Both security programs you suggested; Avira and Avast, start with A as well. Was this pure coincidence, or were you trying to continue the trend?

Anyway, jokes aside, i'll wait for your return and advice. Looking forward to your next reply.

 

[Bobbye]

Decide what you want to do with the A programs! Just coincidence! But I do not recommend trying to shut down part of a suite and run just the other part. But rather use free standing programs. There are good ones available and free.

Then please run the Security Check.

Here are some alternatives for security: Note: All may not work on Win 7 yet: I removed some of the content that does not apply, but if you have any of the programs already, just go to next section.

A Note about my experience: I had the paid AdAware for many years. It had AdAware and AdWatch. But they went up to a new engine some years ago (it may have been v 6) and many of us who had been loyal users dropped it. Some of these earlier programs that started with either AV or antimalware, decided to start bundling it all together. Contrary to what they thought, it did not necessarily work better! I used AVG until they bundled in v8. In my opinion, it ruin what had been a good security program

Tips for added security and safer browsing: (Links are in Bold Blue)

1. Browser Security
   [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
   [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
   [o] Replace the Host Files
   [o] Google Toolbar Pop Up Blocker
   [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
   
2. Have layered Security:
   [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
   [o]Comodo
   [o]Zone Alarm
   
3. Antimalware: I recommend all of the following:
   [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
   [o]Spybot Search & Destroy
   
4. Updates: Stay current:
   [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
   [o]Adobe Reader Install current, uninstall old.
   [o]Java Updates Install current, uninstall old.
   
5. Tracking Cookies
   Reset Cookie:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
   
6. Do regular Maintenance
   [o] Temporary File Cleaner
7. Restore Points:
   [o]See System Restore Guide
8. Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad link.

 

[peri609667]

Ok, i figured out how to disable individual components of AdAware, but following your advice against doing so, i've decided to just remove it instead. I've also installed Comodo and Spywareblaster, uninstalled Java 6.24 and installed 6.25, updated Adobe Reader (same method as Java) and re-installed Spybot. I checked the Microsoft updates page, but i'm already up to date.

I also ran the Security Check (i did this immediately after uninstalling AdAware, but before installing anything else). Here's the log:

Results of screen317's Security Check version 0.99.11
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader 9.4.4 MUI
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

All of the links worked fine by the way.

 

[Bobbye]

My apology for the delay. I must have had an email problem because I have several threads that are still active and old.

Looking at the Errors from the Event Viewer, if appears that you're having some compatibility problems:
Errors: Whatever the BOLD print represents, these processes are not compatible with your OS. It could be simply updating a driver-or-if that can't be done, stopping the processes from trying to load.

16/05/2011 7:44:50 AM, Error: Application Popup [1060] - \??\C:\Users\Jordan\AppData\Local\Temp\RQJ667C.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
16/05/2011 6:57:53 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

There are also indications of Errors on the drives as follows:

16/05/2011 7:04:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
16/05/2011 3:33:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

Please go to this Microsoft site for instructions to Check a drive for errors

I see multiple USB entries and also one for a USBHUB. If these drives have errors, that can be the cause of the crashes. IF it is possible to fix them with the Error Checking, it could resolve all or part of the problems.
===========================================
Remove this version>Adobe Reader 9.4.4 MUI > Update here: Adobe Reader site
Remove this version> Java(TM) 6 Update 24> Update here: Java Updates
===========================================
After handling the above, to include the compatibility and drive errors, if the system is stable, I will give you instructions for using the msconfig utility in Windows 7 to take those processes you don't want/need to start on boot, off of the Startup Menu.

 

[peri609667]

Sorry for the delay, there was an issue with my ISP which resulted in my internet connection becoming too slow to be usable.

I checked my drive using the method you gave me, and it did a boot scan when i restarted. I've noticed some improvement since then, most notably my display driver hasn't crashed since. The computer is running a little faster which allows me to run more programs than i could before, but still not as many as it should be capable of.

Adobe reader and Java have already been updated, as I mentioned this in the previous post. Java is now running version 6.25 and Adobe reader is running version 10.

The USB entries are most likely just my Flash Drives, which i use to backup important files periodically. The USBHUB is most likely my friends external hard drive, which i transferred some files from. Should i be checking these the same way i checked my C drive?

 

[Bobbye]

Delay unavoidable- we are swamped!

Any removable drive that were connected to the infected machine should be disinfected. You can use this for Win 7:

• Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
• Install and run it.
• Plug in USB drive and click on Vaccinate USB and Vaccinate computer.

=========================================
For the msconfig instructions I promised:

• Click on the Windows 7 start icon in the bottom left corner of your screen.
• Type MSCONFIG in the search box> press enter or double-click on the MSCONFIG program that appears in the search results.
  
  
• Click on Selective Startup
• Click on the Startup tab. You will now see the System Msconfig Utility
  
  
  
  
  Windows 7 loads almost all of Windows' essential programs are loaded through Windows Services. So most of the startup items you see here are optional and can be turned off.
  Important! When in doubt, leave it on-or- use a Startup database to identify a process you are not sure of.
• Uncheck any process you don't want to start on boot.
• When finished> click on OK
  Reboot the computer.
• When you see this message come up: Check 'don't show this message again'> then Restart.

Images courtesy NetSquirrel

The only processes that need to start on boot are the antivirus program, third party firewall if you have one, touchpad if on laptop and network processes if using third party software for network. Any other entries in this section can be Unchecked.

This does not remove a process or program- it can still be accessed when needed through All Programs. And you can go back at a later time and reset the default programs if needed.
=====================================================
Be sure you have uninstalled the outdated Java and Adobe Reader. These are vulnerabilities.
=====================================================
I have a few questions before I give you some script to run in Combofix:
1. There are 2 entries for 5/3/2011> I just want to make sure you put them there:
C:\Windows\System32\cca.dll> CCA DirectShow Filter..
C:\Windows\System32\KBDTUQ.DLL> Turkish Q Keyboard Layout
These are both legitimate entries done at the same time.
2. Are you currently using the XfireXO Toolbar? It is a utility that automatically keeps track of when and where gamers are playing PC games online and lets their friends join them easily.
3. There are Errors related to StarOpen.sys> It must be on the Startup menu. This driver is incompatible with Vista x64 bits It looks like it's related to \Samsung PC Studio 7 You should take it off of the startup and uninstall the driver.
4. If there are programs or app on the system that you no longer use, don't use or don't plan to use, they should be uninstalled and the program folders deleted. For instance, why let Norton take up space and possibly use RAM if you don't use it.

 

[peri609667]

That took a lot longer than i expected. I've gone through all of my USB devices, or at least the ones that i can find, and disinfected them with USB Vaccine. I've also prevented a few programs from opening on startup, mostly the software for my USB modems, which i no longer use.

In response to your questions about the entries on 5/3/2011, no, i don't recognize them. It's entirely possible that i did install the DirectShow Filter, as it seems to be a codec of some sort. As for the Turkish keyboard layout, i have no idea. I don't use a Turkish keyboard so i don't understand why i would have, or need, that file.

I don't use Xfire anymore. I used to use it to chat with my friends during games but i normally just use steam now.

I've completely removed Samsung PC Studio. It was a program for transferring files between my old Samsung phone and my computer. I don't use that phone anymore, so the program is useless. The entry no longer shows up in Msconfig.

There are quite a few games i no longer play, and programs like Xfire that are redundant. I'll get started on removing anything unimportant ASAP.

 

[Bobbye]

The only reason this thread wasn't closed as Inactive after 5 days of no reply was because I was busy and forgot to do it.

The programs, apps, games> anything you no longer use should be uninstalled. That's your job.
For programs you uninstall use Windows Explorer to access My Computer> Local Drive > Programs> Find the program folder for each and do a right click> Delete.
I gave you instructions for taking processes off of Startup.

Please revisit this and handle the matters I brought up:

I have a few questions before I give you some script to run in Combofix:
1. There are 2 entries for 5/3/2011> I just want to make sure you put them there:
C:\Windows\System32\cca.dll> CCA DirectShow Filter..
C:\Windows\System32\KBDTUQ.DLL> Turkish Q Keyboard Layout
These are both legitimate entries done at the same time.
2. Are you currently using the XfireXO Toolbar? It is a utility that automatically keeps track of when and where gamers are playing PC games online and lets their friends join them easily.
3. There are Errors related to StarOpen.sys> It must be on the Startup menu. This driver is incompatible with Vista x64 bits It looks like it's related to \Samsung PC Studio 7 You should take it off of the startup and uninstall the driver.
4. If there are programs or app on the system that you no longer use, don't use or don't plan to use, they should be uninstalled and the program folders deleted. For instance, why let Norton take up space and possibly use RAM if you don't use it.

If your computer has been in use for the past 3 weeks, the logs are no longer valid. I am going to close this thread. Clean up the system . When finished, if you have malware related problems, please start a new threas.
===================================================
You can Remove all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
  [o] Click START> then RUN
  [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
• Download OTCleanIt by OldTimer and save it to your Desktop.
  [o] Double click OTCleanIt.exe.
  [o] Click the CleanUp! button.
  [o] If you are prompted to Reboot during the cleanup, select Yes.
  [o]The tool will delete itself once it finishes.
  Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  
• Set a new, clean Restore Point
  [o] Click on Start> right click on Computer> Properties
  [o] Select System Protection
  [o] Click on the Create button (near bottom)
  [o] Type a name for the Restore Point
  [o] Click on Create again to save the restore point.
  
• Deleting all but the most recent System Protection point in Windows 7
  [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
  [o] Click Disk Cleanup from there.
  
  
  
  [o] Click Clean up system files
  This restarts Disk Cleanup to run in elevated mode.
  [o] Click the More Options tab
  
  
  
  [o] Click the Clean up under System Restore and Shadow Copies.
  [o] Click OK.
  [o] You will get a confirmation screen> Just click Delete.
  [o] Click OK on the Disk Cleanup Screen.
  [o] Click Delete Files on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin