TechSpot

Psvrr.exe removal help

By branson
May 19, 2011
  1. I have read someone elses thread before I came to this site . it seems very helpful and I plan on staying , i can learn a few things on here ... besides that , i recently have been having issues with popups out the wazoo , and came to find that the culprit (or so it seems) is psvrr.exe . after following many solutions i am still having trouble and am wondering whether or not it's completely removed or if its something else now . (i didnt notice the thread saying "not to follow other persons solutions" until i joined the site) :p

    best regards,
    brandon
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot, Brandon. I'll help find and hopefully remove the malware, but I need information to do that: You should not following directions or information given to someone else. Although we may use the same programs for some, both the results and what we do with them are different and based only on that system and it's problem.

    By way of description, all you're telling me is that you're having popups. As far as psvrr.ex3 "being the culprit" of your problem, I don't know that. Much depends on where a file is located and not just the name alone.

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ====================================================
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. branson

    branson TS Rookie Topic Starter

    Thanks for the help , very appreciated . DDS did not work , maybe it didn't find anything . It scanned , but nothing happened afterwards . GMER also returned nothing after scanning , empty log . But here are the logs:

    |=========================================|

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6613

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    5/20/2011 2:18:03 AM
    mbam-log-2011-05-20 (02-18-03).txt

    Scan type: Quick scan
    Objects scanned: 164577
    Time elapsed: 2 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    |=========================================|




    Avira AntiVir Personal
    Report file date: Friday, May 20, 2011 02:24

    Scanning for 2749028 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows 7 x64
    Windows version : (plain) [6.1.7600]
    Boot mode : Normally booted
    Username : Brandon
    Computer name : HOMECOMPUTER

    Version information:
    BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
    AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/1/2011 21:07:43
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2011 21:07:57
    LUKE.DLL : 10.0.3.2 104296 Bytes 4/1/2011 21:07:53
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:15:47
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 20:15:47
    VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 06:07:19
    VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 06:07:19
    VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 06:07:19
    VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 06:07:19
    VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 06:07:20
    VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 06:07:20
    VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 06:07:20
    VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 06:07:20
    VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 06:07:20
    VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 06:07:20
    VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 06:07:22
    VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 06:07:23
    VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 06:07:23
    VBASE016.VDF : 7.11.6.150 146944 Bytes 4/18/2011 06:07:24
    VBASE017.VDF : 7.11.6.192 138240 Bytes 4/20/2011 06:07:25
    VBASE018.VDF : 7.11.6.237 156160 Bytes 4/22/2011 06:07:27
    VBASE019.VDF : 7.11.7.45 427520 Bytes 4/27/2011 06:07:30
    VBASE020.VDF : 7.11.7.64 192000 Bytes 4/28/2011 06:07:33
    VBASE021.VDF : 7.11.7.97 182272 Bytes 5/2/2011 06:07:35
    VBASE022.VDF : 7.11.7.127 467968 Bytes 5/4/2011 06:07:43
    VBASE023.VDF : 7.11.7.183 185856 Bytes 5/9/2011 06:07:46
    VBASE024.VDF : 7.11.7.218 133120 Bytes 5/11/2011 06:07:47
    VBASE025.VDF : 7.11.7.234 139776 Bytes 5/11/2011 06:07:48
    VBASE026.VDF : 7.11.8.16 147456 Bytes 5/13/2011 06:07:49
    VBASE027.VDF : 7.11.8.46 169472 Bytes 5/17/2011 06:07:51
    VBASE028.VDF : 7.11.8.47 2048 Bytes 5/17/2011 06:07:51
    VBASE029.VDF : 7.11.8.48 2048 Bytes 5/17/2011 06:07:52
    VBASE030.VDF : 7.11.8.49 2048 Bytes 5/17/2011 06:07:52
    VBASE031.VDF : 7.11.8.76 89600 Bytes 5/20/2011 06:07:53
    Engineversion : 8.2.4.242
    AEVDF.DLL : 8.1.2.1 106868 Bytes 3/28/2011 20:15:27
    AESCRIPT.DLL : 8.1.3.64 1606011 Bytes 5/20/2011 06:08:11
    AESCN.DLL : 8.1.7.2 127349 Bytes 3/28/2011 20:15:27
    AESBX.DLL : 8.1.3.2 254324 Bytes 3/28/2011 20:15:26
    AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 16:21:38
    AEPACK.DLL : 8.2.6.8 557430 Bytes 5/20/2011 06:08:08
    AEOFFICE.DLL : 8.1.1.22 205178 Bytes 5/20/2011 06:08:06
    AEHEUR.DLL : 8.1.2.119 3481976 Bytes 5/20/2011 06:08:06
    AEHELP.DLL : 8.1.17.2 246135 Bytes 5/20/2011 06:07:57
    AEGEN.DLL : 8.1.5.6 401780 Bytes 5/20/2011 06:07:57
    AEEMU.DLL : 8.1.3.0 393589 Bytes 3/28/2011 20:15:19
    AECORE.DLL : 8.1.20.5 196983 Bytes 5/20/2011 06:07:55
    AEBB.DLL : 8.1.1.0 53618 Bytes 3/28/2011 20:15:19
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/28/2011 20:15:31
    AVPREF.DLL : 10.0.0.0 44904 Bytes 4/1/2011 21:07:42
    AVREP.DLL : 10.0.0.10 174120 Bytes 5/20/2011 06:08:12
    AVREG.DLL : 10.0.3.2 53096 Bytes 4/1/2011 21:07:42
    AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/1/2011 21:07:43
    AVARKT.DLL : 10.0.22.6 231784 Bytes 4/1/2011 21:07:38
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 4/1/2011 21:07:41
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/28/2011 20:15:30
    NETNT.DLL : 10.0.0.0 11624 Bytes 3/28/2011 20:15:39
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 4/1/2011 21:07:58
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/28/2011 20:15:52

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium
    Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,

    Start of the scan: Friday, May 20, 2011 02:24

    Starting search for hidden objects.
    The driver could not be initialized.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '73' Module(s) have been scanned
    Scan process 'avcenter.exe' - '99' Module(s) have been scanned
    Scan process 'plugin-container.exe' - '80' Module(s) have been scanned
    Scan process 'firefox.exe' - '127' Module(s) have been scanned
    Scan process 'avnotify.exe' - '90' Module(s) have been scanned
    Scan process 'avgnt.exe' - '59' Module(s) have been scanned
    Scan process 'sched.exe' - '55' Module(s) have been scanned
    Scan process 'avgsrmax.exe' - '42' Module(s) have been scanned
    Scan process 'jucheck.exe' - '64' Module(s) have been scanned
    Scan process 'SDWinSec.exe' - '54' Module(s) have been scanned
    Scan process 'AVGIDSAgent.exe' - '66' Module(s) have been scanned
    Scan process 'SeaPort.exe' - '75' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '33' Module(s) have been scanned
    Scan process 'avgidsmonitor.exe' - '25' Module(s) have been scanned
    Scan process 'FGuard.exe' - '37' Module(s) have been scanned
    Scan process 'avgtray.exe' - '42' Module(s) have been scanned
    Scan process 'DivXUpdate.exe' - '72' Module(s) have been scanned
    Scan process 'jusched.exe' - '41' Module(s) have been scanned
    Scan process 'BDTUpdateService.exe' - '61' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '50' Module(s) have been scanned
    Scan process 'avgwdsvc.exe' - '55' Module(s) have been scanned
    Scan process 'AsSysCtrlService.exe' - '26' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '50' Module(s) have been scanned
    Scan process 'AODAssist.exe' - '53' Module(s) have been scanned
    Scan process 'SZServer.exe' - '105' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '803' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\53f48ad8-5476d40f
    [DETECTION] Contains recognition pattern of the JAVA/Stutter.K.1 Java virus
    C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\68b74c9f-65d3628d
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/Stutter.X Java virus
    --> vmain.class
    [DETECTION] Contains recognition pattern of the JAVA/Stutter.X Java virus
    C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4e5c2020-3a45e706
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AI Java virus
    --> bpac/purok.class
    [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AI Java virus
    C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\47f8b769-44238bb4
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.OpenS.NBG Java virus
    --> glass/boing.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.OpenS.NBG Java virus
    C:\Users\Brandon\Desktop\My Stuff\Gaming Folder\GHostOne\WardenBNLS\WardenUpdater.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    C:\Windows\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!

    Beginning disinfection:
    C:\Users\Brandon\Desktop\My Stuff\Gaming Folder\GHostOne\WardenBNLS\WardenUpdater.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '4844b1df.qua'.
    C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\47f8b769-44238bb4
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.OpenS.NBG Java virus
    [NOTE] The file was moved to the quarantine directory under the name '50a79e56.qua'.
    C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4e5c2020-3a45e706
    [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AI Java virus
    [NOTE] The file was moved to the quarantine directory under the name '02cfc46c.qua'.
    C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\68b74c9f-65d3628d
    [DETECTION] Contains recognition pattern of the JAVA/Stutter.X Java virus
    [NOTE] The file was moved to the quarantine directory under the name '64cb8b7a.qua'.
    C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\53f48ad8-5476d40f
    [DETECTION] Contains recognition pattern of the JAVA/Stutter.K.1 Java virus
    [NOTE] The file was moved to the quarantine directory under the name '214ba65f.qua'.


    End of the scan: Friday, May 20, 2011 03:15
    Used time: 40:01 Minute(s)

    The scan has been done completely.

    24637 Scanned directories
    467256 Files were scanned
    5 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    5 Files were moved to quarantine
    0 Files were renamed
    1 Files cannot be scanned
    467250 Files not concerned
    2445 Archives were scanned
    1 Warnings
    5 Notes
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run DDS again. It is not looking for bad entries- the 2 logs will basically show me everything on the system. So there will be a log- 2 of them. You can do a search on the system foe DDS.txt and Attach.txt (don't zip the Attach.txt log. Those are the names of the 2 logs. If you still can't get anything, uninstall what you have now, download and run again.

    I didn't need the Avira scan- but it is strange that it is indicating some malware entries, but Mbam is clean. Right now I don't have any information about what's installed and running on the system. I don't know where you got the psvrr.exe name from, nor do I know what you did following someone else's directions.

    psvrr.exe is described as a System.Backdoor But to handle it, I need to see your system and what's on it. And it is very possible that whatever other directions you may have followed, have put the system more at risk or possibly corrupted it.
     
  5. branson

    branson TS Rookie Topic Starter

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385
    Run by Brandon at 18:51:41 on 2011-05-20
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2167 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Core Temp\Core Temp.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
    C:\Program Files\Prevx\prevx.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Prevx\prevx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Users\Brandon\Desktop\dds.scr
    C:\Windows\SysWOW64\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title =
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll
    BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - C:\Program Files (x86)\RegTweaker\key.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [PopUpStopperFreeEdition] "C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    BHO-X64: Windows Live Family Safety Browser Helper - No File
    BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO-X64: ZoneAlarm Security Engine Registrar - No File
    TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
    TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
    R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
    R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
    R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
    R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-20 136360]
    R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-4-23 136616]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2011-4-21 96896]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-5-19 337872]
    R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2011-5-18 6746280]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-5 33528]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2010-11-5 822264]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-11 1153368]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AODDriver2;AODDriver2;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-4-23 52352]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-18 984392]
    S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-6 704864]
    S3 RTCore64;RTCore64;C:\Program Files (x86)\RMClock\RTCore64.sys [2011-4-21 7168]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-5-19 371472]
    S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-5-19 1117144]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-20 269480]
    .
    =============== Created Last 30 ================
    .
    2011-05-20 06:37:04 -------- d-----w- C:\Users\Brandon\AppData\Local\Threat Expert
    2011-05-20 06:08:40 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Avira
    2011-05-20 06:04:32 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-05-20 06:04:31 -------- d-----w- C:\ProgramData\Avira
    2011-05-20 06:04:31 -------- d-----w- C:\Program Files (x86)\Avira
    2011-05-19 18:22:06 -------- d-----w- C:\Users\Brandon\AppData\Roaming\vexorian
    2011-05-19 15:10:13 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-05-19 15:10:10 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02C9369B-2EE0-4445-898C-679DCD44BD34}\mpengine.dll
    2011-05-19 05:07:15 767952 ----a-w- C:\Windows\BDTSupport.dll
    2011-05-19 05:07:14 2074576 ----a-w- C:\Windows\PCTBDCore.dll
    2011-05-19 05:07:14 1533904 ----a-w- C:\Windows\PCTBDRes.dll
    2011-05-19 05:07:14 149456 ----a-w- C:\Windows\SGDetectionTool.dll
    2011-05-19 05:05:57 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
    2011-05-19 05:05:57 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
    2011-05-19 05:05:55 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
    2011-05-19 05:05:55 140800 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
    2011-05-19 05:05:45 282440 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
    2011-05-19 05:05:32 279344 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
    2011-05-19 05:05:30 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
    2011-05-19 05:05:24 -------- d-----w- C:\Program Files (x86)\PC Tools Security
    2011-05-19 05:05:24 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2011-05-19 05:01:16 -------- d-----w- C:\ProgramData\PC Tools
    2011-05-19 04:44:26 -------- d-----w- C:\Program Files (x86)\STOPzilla!
    2011-05-19 04:44:26 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
    2011-05-19 04:21:25 -------- d-----w- C:\Program Files (x86)\Ad-Remover
    2011-05-18 23:07:01 -------- d-----w- C:\Users\Brandon\AppData\Roaming\AVG10
    2011-05-18 23:02:44 -------- d-----w- C:\ProgramData\AVG Security Toolbar
    2011-05-18 23:02:35 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2011-05-18 23:01:54 -------- d-----w- C:\Windows\System32\drivers\AVG
    2011-05-18 23:01:54 -------- d-----w- C:\ProgramData\AVG10
    2011-05-18 23:00:57 -------- d-----w- C:\Program Files (x86)\AVG
    2011-05-18 16:32:10 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-05-18 16:15:12 98816 ----a-w- C:\Windows\sed.exe
    2011-05-18 15:40:19 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll
    2011-05-18 15:40:18 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
    2011-05-18 15:40:18 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys
    2011-05-18 15:40:18 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys
    2011-05-18 15:40:18 -------- d-----w- C:\Program Files\Prevx
    2011-05-18 15:39:48 -------- d-----w- C:\ProgramData\PrevxCSI
    2011-05-18 14:27:45 388096 ----a-r- C:\Users\Brandon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-18 14:27:45 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-05-18 14:14:24 -------- d-----w- C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
    2011-05-18 14:14:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2011-05-18 14:14:18 -------- d-----w- C:\ProgramData\!SASCORE
    2011-05-18 14:14:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2011-05-18 05:47:29 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-05-18 05:47:29 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-05-17 18:22:57 -------- d-----w- C:\Program Files (x86)\Panicware
    2011-05-17 15:49:26 546256 ----a-r- C:\Windows\SysWow64\SZComp5.dll
    2011-05-17 15:49:26 456144 ----a-r- C:\Windows\SysWow64\SZBase5.dll
    2011-05-17 15:49:26 22992 ----a-r- C:\Windows\SysWow64\SZIO5.dll
    2011-05-17 15:49:26 132560 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
    2011-05-17 15:49:24 99792 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
    2011-05-17 15:49:24 99792 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
    2011-05-17 15:49:24 67024 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
    2011-05-17 15:49:24 398800 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
    2011-05-17 15:49:24 28624 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
    2011-05-17 15:49:22 738768 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
    2011-05-17 15:49:22 390608 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
    2011-05-17 15:49:22 230864 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
    2011-05-17 03:55:59 -------- d-----w- C:\ProgramData\STOPzilla!
    2011-05-17 03:08:21 -------- d-----w- C:\Users\Brandon\AppData\Local\DDMSettings
    2011-05-17 03:04:42 -------- d-----w- C:\Program Files\DivX
    2011-05-17 03:04:38 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
    2011-05-17 02:58:56 -------- d-----w- C:\Program Files (x86)\DivX
    2011-05-17 02:57:49 -------- d-----w- C:\ProgramData\DivX
    2011-05-11 19:21:49 -------- d-----w- C:\Users\Brandon\AppData\Roaming\IrfanView
    2011-05-11 19:21:49 -------- d-----w- C:\Program Files (x86)\IrfanView
    2011-05-11 02:45:35 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-05-11 02:45:35 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2011-05-11 02:45:35 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-05-11 02:45:35 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-05-11 02:45:35 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-05-11 02:45:35 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2011-05-11 02:45:35 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-05-11 02:45:33 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-11 02:45:33 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-11 02:45:32 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-06 18:20:44 -------- d-----w- C:\Users\Brandon\AppData\Local\AVG Security Toolbar
    2011-04-26 21:39:31 2870272 ----a-w- C:\Windows\explorer.exe
    2011-04-26 21:39:31 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
    2011-04-26 21:39:25 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-04-26 21:39:25 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-04-26 21:37:30 2566144 ----a-w- C:\Windows\System32\esent.dll
    2011-04-26 21:37:30 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-04-26 21:37:30 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-04-26 21:37:30 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-04-26 21:37:30 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2011-04-26 21:37:29 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-04-26 21:37:29 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-04-26 21:37:29 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-04-26 21:37:29 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2011-04-26 21:37:29 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-04-26 21:37:29 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-04-26 21:36:48 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2011-04-26 21:36:48 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2011-04-21 14:27:11 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    2011-04-21 14:27:11 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    2011-04-21 14:11:11 -------- d-----w- C:\ProgramData\ASUS OC Profiles
    2011-04-21 14:05:42 24576 ----a-w- C:\Windows\SysWow64\AsIO.dll
    2011-04-21 14:05:42 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
    2011-04-21 14:05:14 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2011-04-21 14:05:14 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2011-04-21 14:05:14 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2011-04-21 14:05:14 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2011-04-21 14:05:13 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2011-04-21 14:05:12 15416 ----a-w- C:\Windows\System32\drivers\ASACPI.sys
    2011-04-21 14:04:53 -------- d-----w- C:\Program Files (x86)\ASUS
    2011-04-21 13:46:57 25640 ----a-w- C:\Windows\gdrv.sys
    2011-04-21 13:32:25 -------- d-----w- C:\Program Files (x86)\RMClock
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 18:52:16.51 ===============





    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/1/2011 8:40:04 PM
    System Uptime: 5/20/2011 12:43:49 PM (6 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4N68T-M-V2
    Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2800/214mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 788.188 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: AVGIDSDriver
    Device ID: ROOT\LEGACY_AVGIDSDRIVER\0000
    Manufacturer:
    Name: AVGIDSDriver
    PNP Device ID: ROOT\LEGACY_AVGIDSDRIVER\0000
    Service: AVGIDSDriver
    .
    Class GUID:
    Description:
    Device ID: ROOT\*SYSTOOLDEVICE\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\*SYSTOOLDEVICE\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP64: 5/11/2011 3:00:13 AM - Windows Update
    RP65: 5/16/2011 11:55:30 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP66: 5/17/2011 12:20:45 AM - StopZILLA! Restore Point.
    RP68: 5/18/2011 3:00:12 AM - Windows Update
    RP69: 5/18/2011 10:27:21 AM - Installed HiJackThis
    RP70: 5/18/2011 11:28:35 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP71: 5/18/2011 11:35:19 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP72: 5/18/2011 11:55:32 AM - Removed AVG 2011
    RP73: 5/18/2011 11:56:53 AM - Removed AVG 2011
    RP74: 5/18/2011 7:00:24 PM - Installed AVG 2011
    RP75: 5/18/2011 7:01:04 PM - Installed AVG 2011
    RP76: 5/19/2011 12:43:54 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP77: 5/19/2011 1:27:55 AM - StopZILLA! Restore Point.
    RP78: 5/19/2011 11:09:27 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/20/2011 6:11:51 AM, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    5/20/2011 12:44:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
    5/20/2011 12:44:22 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: Insufficient system resources exist to complete the requested service.
    5/20/2011 12:44:22 PM, Error: Service Control Manager [7000] - The AVGIDSDriver service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
    5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/20/2011 1:35:11 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    5/19/2011 3:36:29 PM, Error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The pipe has been ended.
    5/19/2011 12:40:53 AM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
    5/19/2011 12:24:40 AM, Error: Service Control Manager [7038] - The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    5/19/2011 12:24:40 AM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not start due to a logon failure.
    5/19/2011 12:24:40 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The pipe has been ended.
    5/19/2011 12:24:09 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    5/19/2011 12:24:09 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.
    5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
    5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s).
    5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s).
    5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The AODService service terminated unexpectedly. It has done this 1 time(s).
    5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
    5/19/2011 12:23:39 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    5/19/2011 12:23:39 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    5/19/2011 12:23:39 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    5/19/2011 12:23:39 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/19/2011 12:23:39 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/18/2011 3:18:15 AM, Error: Service Control Manager [7023] -
    5/18/2011 12:20:55 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    5/18/2011 12:20:32 PM, Error: Application Popup [1060] - \??\C:\Combo-Fix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    5/18/2011 1:20:41 AM, Error: Service Control Manager [7000] - The RTCore64 service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    5/17/2011 12:08:03 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    .
    ==== End Of File ===========================
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please recover the rest of the attach.txt log from the DDS scan and paste it in your next reply. Everything below this is blank:

    ==== Installed Programs ======================
    Your system is truly in terrible shape. You have so much 'security' on it I'm surprised anything can get in!
    =============================================
    Do not add any more 'security programs, ad blockers, toolbars, etc. We will be removing some you already have, including the rogues, those from unsafe sites, etc.
    ============================================
    Please run this Security Check
    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    =======================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
    =========================================
    The next scan For you to run, Combofix, will not run with AVG on the system. So AVG can be uniunstalled as directed below. Do not put another AV on the system- you already have one!
    =========================================
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.


    =============================
    Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions, if needed.
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    -------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  7. branson

    branson TS Rookie Topic Starter

    I am deeply sorry for having to put this off . I was in the hospital for a little over a week ... I am back now and getting things together at home and will resume this tomorrow . I am sorry if I've tested your patience . Thank you for your time .

    Best Regards ,
    Brandon
     
  8. branson

    branson TS Rookie Topic Starter

    ComboFix 11-05-30.06 - Brandon 05/31/2011 1:15.2.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2792 [GMT -4:00]
    Running from: c:\users\Brandon\Desktop\ComboFix.exe
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-31 05:22 . 2011-05-31 05:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-31 02:57 . 2011-05-31 03:00 -------- d-----w- c:\users\Brandon\AppData\Roaming\Red Alert 3
    2011-05-27 07:38 . 2011-05-18 16:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{672B91E7-49F5-40F6-88D9-C239EE6C5CF1}\mpengine.dll
    2011-05-26 00:35 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-21 02:12 . 2011-05-21 02:12 -------- d-----w- C:\9b30e762ec4faaa359e0423c
    2011-05-20 06:37 . 2011-05-20 06:37 -------- d-----w- c:\users\Brandon\AppData\Local\Threat Expert
    2011-05-19 18:22 . 2011-05-19 18:24 -------- d-----w- c:\users\Brandon\AppData\Roaming\vexorian
    2011-05-19 05:05 . 2011-05-31 05:04 -------- d-----w- c:\program files (x86)\PC Tools Security
    2011-05-19 05:01 . 2011-05-31 03:25 -------- d-----w- c:\programdata\PC Tools
    2011-05-19 04:21 . 2011-05-31 03:19 -------- d-----w- c:\program files (x86)\Ad-Remover
    2011-05-18 23:07 . 2011-05-18 23:07 -------- d-----w- c:\users\Brandon\AppData\Roaming\AVG10
    2011-05-18 23:02 . 2011-05-31 05:02 -------- d-----w- c:\programdata\AVG Security Toolbar
    2011-05-18 23:00 . 2011-05-18 23:00 -------- d-----w- c:\program files (x86)\AVG
    2011-05-18 14:27 . 2011-05-18 14:27 388096 ----a-r- c:\users\Brandon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-18 14:27 . 2011-05-18 14:27 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-05-18 14:14 . 2011-05-18 14:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-05-18 14:14 . 2011-05-18 14:14 -------- d-----w- c:\programdata\!SASCORE
    2011-05-18 05:47 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-18 05:47 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-05-17 18:22 . 2011-05-17 18:22 -------- d-----w- c:\program files (x86)\Panicware
    2011-05-17 03:55 . 2011-05-31 03:29 -------- d-----w- c:\programdata\STOPzilla!
    2011-05-17 03:08 . 2011-05-17 03:08 -------- d-----w- c:\users\Brandon\AppData\Local\DDMSettings
    2011-05-17 03:05 . 2011-05-17 03:05 -------- d-----w- c:\users\Brandon\AppData\Roaming\DivX
    2011-05-17 03:04 . 2011-05-17 03:04 -------- d-----w- c:\program files\DivX
    2011-05-17 03:04 . 2011-05-17 03:04 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
    2011-05-17 02:58 . 2011-05-17 03:05 -------- d-----w- c:\program files (x86)\DivX
    2011-05-17 02:57 . 2011-05-17 03:05 -------- d-----w- c:\programdata\DivX
    2011-05-11 19:21 . 2011-05-11 19:21 -------- d-----w- c:\users\Brandon\AppData\Roaming\IrfanView
    2011-05-11 19:21 . 2011-05-11 19:21 -------- d-----w- c:\program files (x86)\IrfanView
    2011-05-11 02:45 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-05-11 02:45 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-05-11 02:45 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-05-11 02:45 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-05-11 02:45 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-05-11 02:45 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-05-11 02:45 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-05-11 02:45 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-11 02:45 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-05-11 02:45 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-05-06 18:20 . 2011-05-06 18:20 -------- d-----w- c:\users\Brandon\AppData\Local\AVG Security Toolbar
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-21 13:46 . 2011-04-21 13:46 25640 ----a-w- c:\windows\gdrv.sys
    2011-04-19 04:16 . 2011-04-19 04:14 2829 ----a-w- c:\windows\War3Unin.pif
    2011-04-19 04:16 . 2011-04-19 04:14 139264 ----a-w- c:\windows\War3Unin.exe
    2011-03-12 12:03 . 2011-04-26 21:39 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-03-12 11:31 . 2011-04-26 21:39 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-03-11 06:23 . 2011-04-26 21:37 187264 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-03-11 06:23 . 2011-04-26 21:37 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-03-11 06:23 . 2011-04-26 21:37 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-03-11 06:23 . 2011-04-26 21:37 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-03-11 06:23 . 2011-04-26 21:37 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-03-11 06:22 . 2011-04-26 21:37 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-03-11 06:22 . 2011-04-26 21:37 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-03-11 06:19 . 2011-04-14 03:45 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-11 06:19 . 2011-04-14 03:45 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 06:18 . 2011-04-26 21:37 2566144 ----a-w- c:\windows\system32\esent.dll
    2011-03-11 06:15 . 2011-04-26 21:37 96768 ----a-w- c:\windows\system32\fsutil.exe
    2011-03-11 05:40 . 2011-04-14 03:45 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2011-03-11 05:40 . 2011-04-14 03:45 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2011-03-11 05:39 . 2011-04-26 21:37 1686016 ----a-w- c:\windows\SysWow64\esent.dll
    2011-03-11 05:37 . 2011-04-26 21:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
    2011-03-08 06:14 . 2011-04-14 03:44 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-08 05:38 . 2011-04-14 03:44 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-03-04 06:17 . 2011-04-26 21:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17 . 2011-04-26 21:39 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17 . 2011-04-14 03:44 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 06:14 . 2011-04-14 03:44 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-03-03 05:27 . 2011-04-14 03:44 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58 . 2011-04-14 03:45 3133440 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-05-18_16.20.58 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2011-05-18 16:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-05-31 05:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-05-18 16:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-05-31 05:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-05-31 05:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-05-18 16:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-07-28 20:01 . 2011-05-31 05:06 37286 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-05-31 05:06 35432 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:30 . 2011-05-27 00:39 86016 c:\windows\system32\DriverStore\infpub.dat
    - 2009-07-14 05:30 . 2011-05-11 07:16 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2011-01-01 22:08 . 2011-05-29 15:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-01-01 22:08 . 2011-05-18 07:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-01-01 22:08 . 2011-05-18 07:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-01-01 22:08 . 2011-05-29 15:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-05-18 07:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-05-29 15:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-01-02 02:28 . 2011-05-31 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-01-02 02:28 . 2011-05-18 16:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:46 . 2011-05-18 16:02 78224 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2009-07-14 04:46 . 2011-05-31 05:07 78224 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-01-02 02:28 . 2011-05-31 05:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-01-02 02:28 . 2011-05-18 16:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-01-02 02:28 . 2011-05-31 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-01-02 02:28 . 2011-05-18 16:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-01-02 02:28 . 2011-05-31 05:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-01-02 02:28 . 2011-05-18 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-01-02 02:28 . 2011-05-18 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-01-02 02:28 . 2011-05-31 05:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-05-30 22:14 . 2011-05-31 02:52 29310 c:\windows\Installer\{296D8550-CB06-48E4-9A8B-E5034FB64715}\ra3.exe
    + 2011-01-02 01:41 . 2011-05-31 05:06 8788 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2216904268-2540828368-1871616061-1000_UserData.bin
    + 2011-05-27 00:44 . 2011-05-27 00:44 9560 c:\windows\system32\NetworkList\Icons\{E4B4E640-69DE-4B9E-829D-C67FF57512E6}_48.bin
    + 2011-05-27 00:44 . 2011-05-27 00:44 4280 c:\windows\system32\NetworkList\Icons\{E4B4E640-69DE-4B9E-829D-C67FF57512E6}_32.bin
    + 2011-05-27 00:44 . 2011-05-27 00:44 2456 c:\windows\system32\NetworkList\Icons\{E4B4E640-69DE-4B9E-829D-C67FF57512E6}_24.bin
    + 2011-05-27 01:04 . 2011-05-27 01:04 9560 c:\windows\system32\NetworkList\Icons\{1F16D6B6-B164-41B0-BA36-9053CC89A2AA}_48.bin
    + 2011-05-27 01:04 . 2011-05-27 01:04 4280 c:\windows\system32\NetworkList\Icons\{1F16D6B6-B164-41B0-BA36-9053CC89A2AA}_32.bin
    + 2011-05-27 01:04 . 2011-05-27 01:04 2456 c:\windows\system32\NetworkList\Icons\{1F16D6B6-B164-41B0-BA36-9053CC89A2AA}_24.bin
    - 2011-05-18 16:13 . 2011-05-18 16:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-05-31 05:04 . 2011-05-31 05:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-05-31 05:04 . 2011-05-31 05:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-05-18 16:13 . 2011-05-18 16:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-01-03 08:27 . 2011-05-31 05:04 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2011-01-03 08:27 . 2011-05-18 15:59 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 02:36 . 2011-05-18 16:18 632708 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-05-31 05:08 632708 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-05-18 16:18 110342 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2011-05-31 05:08 110342 c:\windows\system32\perfc009.dat
    - 2011-01-01 23:46 . 2010-10-19 15:41 270720 c:\windows\system32\MpSigStub.exe
    + 2011-01-01 23:46 . 2011-02-02 22:11 270720 c:\windows\system32\MpSigStub.exe
    - 2009-07-14 05:30 . 2011-05-11 07:16 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2011-05-27 00:39 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:12 . 2011-05-29 15:07 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:12 . 2011-01-30 19:12 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:01 . 2011-05-31 05:03 234280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-05-18 16:12 234280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2008-08-08 18:11 . 2008-08-08 18:11 232960 c:\windows\Installer\24e2c4.msi
    - 2009-07-14 04:45 . 2011-05-18 16:02 3834178 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45 . 2011-05-31 05:06 3834178 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2008-10-10 14:56 . 2008-10-10 14:56 4108288 c:\windows\Installer\7dac44c.msi
    - 2009-07-14 02:34 . 2011-05-18 15:37 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2011-05-31 05:17 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    2010-12-01 16:27 2735200 ----a-w- c:\program files (x86)\ZoneAlarm_Security\tbZone.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 2245120]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2005-05-25 7168]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-04-23 136616]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-29 96896]
    S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 33528]
    S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 822264]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 ALSysIO;ALSysIO;c:\users\Brandon\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-04-23 52352]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 1123320]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://xfinity.comcast.net/?&cid=mtmh05262011
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ic1h1xud.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG10\Firefox4
    FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
    FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - c:\program files (x86)\RegTweaker\key.dll
    Wow6432Node-HKLM-Run-ISTray - c:\program files (x86)\PC Tools Security\pctsGui.exe
    WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2216904268-2540828368-1871616061-1000\Software\SecuROM\License information*]
    "datasecu"=hex:8a,bc,a6,db,c2,2e,56,10,e1,2e,70,68,57,c1,6d,a2,ac,a3,04,b5,98,
    ec,c4,c7,b4,c0,52,cd,1c,8a,2e,38,4f,40,ab,7c,15,24,4e,1e,13,43,87,7e,b5,09,\
    "rkeysecu"=hex:31,01,63,79,75,f5,8b,34,eb,de,2e,74,f4,ad,49,cf
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-05-31 01:24:52
    ComboFix-quarantined-files.txt 2011-05-31 05:24
    ComboFix2.txt 2011-05-18 16:22
    .
    Pre-Run: 815,444,930,560 bytes free
    Post-Run: 821,880,569,856 bytes free
    .
    - - End Of File - - C48938FB5BEE8F1BEEC9423882602E6E
     
  9. branson

    branson TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.12
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    ZoneAlarm
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Flash Player Out of Date!
    Adobe Flash Player 10.2.152.32
    Mozilla Firefox (3.6.17) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Zone Labs ZoneAlarm zlclient.exe
    ``````````End of Log````````````
     
  10. branson

    branson TS Rookie Topic Starter

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\users\brandon\desktop\my stuff\gaming folder\aoe ii\crack.zip
    c:\users\brandon\downloads\command.and.conquer.red.alert.3-reloaded\rld-ra3\crack\clownbold.ttg
    c:\users\brandon\downloads\command.and.conquer.red.alert.3-reloaded\rld-ra3\crack\lib_art.map
    c:\users\brandon\downloads\command.and.conquer.red.alert.3-reloaded\rld-ra3\crack\rld-ra3k.exe
    c:\users\brandon\downloads\command.and.conquer.red.alert.3-reloaded\rld-ra3\crack\data\clownbold.ttg
    c:\users\brandon\downloads\command.and.conquer.red.alert.3-reloaded\rld-ra3\crack\data\lib_art.map
    c:\users\brandon\downloads\command.and.conquer.red.alert.3-reloaded\rld-ra3\crack\data\ra3_1.0.game
    c:\users\brandon\downloads\warcraft ii battle net edition\alcohol 120% 1.9.5.3823\crack\serials.txt
    c:\users\brandon\downloads\warcraft iii - the frozen throne\warcraft iii - the frozen throne [disk3] -crack,patch,serial.iso
    c:\users\brandon\downloads\warcraft iii - the frozen throne\crack\blizzard.dll
    c:\users\brandon\downloads\warcraft iii - the frozen throne\crack\reloaded.nfo
    c:\users\brandon\downloads\warcraft iii - the frozen throne\crack\war3.exe
    c:\users\brandon\downloads\warcraft iii - the frozen throne\crack\war3.org
    c:\users\brandon\downloads\warcraft iii - the frozen throne\crack\worldedit.exe
    scanner sequence 3.IE.11
    ----- EOF -----
     
  11. branson

    branson TS Rookie Topic Starter

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385
    Run by Brandon at 1:41:51 on 2011-05-31
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2608 [GMT -4:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
    C:\Program Files\Core Temp\Core Temp.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Brandon\Desktop\dds.scr
    C:\Windows\SysWOW64\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://xfinity.comcast.net/?&cid=mtmh05262011
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - C:\Program Files (x86)\RegTweaker\key.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    BHO-X64: Windows Live Family Safety Browser Helper - No File
    BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO-X64: ZoneAlarm Security Engine Registrar - No File
    TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
    TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ic1h1xud.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - component: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\TrustCheckerMozillaPlugin.dll
    FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ic1h1xud.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko19.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
    FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
    FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-4-23 136616]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2011-4-21 96896]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-5 33528]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2010-11-5 822264]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-11 1153368]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AODDriver2;AODDriver2;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-4-23 52352]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-6 704864]
    S3 RTCore64;RTCore64;C:\Program Files (x86)\RMClock\RTCore64.sys [2011-4-21 7168]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-31 05:14:13 518144 ----a-w- C:\Windows\SWREG.exe
    2011-05-31 05:14:13 256512 ----a-w- C:\Windows\PEV.exe
    2011-05-31 05:14:13 208896 ----a-w- C:\Windows\MBR.exe
    2011-05-31 02:57:12 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Red Alert 3
    2011-05-27 07:38:49 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{672B91E7-49F5-40F6-88D9-C239EE6C5CF1}\mpengine.dll
    2011-05-26 00:35:51 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-05-21 02:12:36 -------- d-----w- C:\9b30e762ec4faaa359e0423c
    2011-05-20 06:37:04 -------- d-----w- C:\Users\Brandon\AppData\Local\Threat Expert
    2011-05-19 18:22:06 -------- d-----w- C:\Users\Brandon\AppData\Roaming\vexorian
    2011-05-19 15:10:13 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-05-19 05:05:24 -------- d-----w- C:\Program Files (x86)\PC Tools Security
    2011-05-19 05:01:16 -------- d-----w- C:\ProgramData\PC Tools
    2011-05-19 04:21:25 -------- d-----w- C:\Program Files (x86)\Ad-Remover
    2011-05-18 23:07:01 -------- d-----w- C:\Users\Brandon\AppData\Roaming\AVG10
    2011-05-18 23:02:44 -------- d-----w- C:\ProgramData\AVG Security Toolbar
    2011-05-18 23:00:57 -------- d-----w- C:\Program Files (x86)\AVG
    2011-05-18 16:15:12 98816 ----a-w- C:\Windows\sed.exe
    2011-05-18 14:27:45 388096 ----a-r- C:\Users\Brandon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-18 14:27:45 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-05-18 14:14:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2011-05-18 14:14:18 -------- d-----w- C:\ProgramData\!SASCORE
    2011-05-18 05:47:29 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-05-18 05:47:29 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-05-17 18:22:57 -------- d-----w- C:\Program Files (x86)\Panicware
    2011-05-17 03:55:59 -------- d-----w- C:\ProgramData\STOPzilla!
    2011-05-17 03:08:21 -------- d-----w- C:\Users\Brandon\AppData\Local\DDMSettings
    2011-05-17 03:04:42 -------- d-----w- C:\Program Files\DivX
    2011-05-17 03:04:38 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
    2011-05-17 02:58:56 -------- d-----w- C:\Program Files (x86)\DivX
    2011-05-17 02:57:49 -------- d-----w- C:\ProgramData\DivX
    2011-05-11 19:21:49 -------- d-----w- C:\Users\Brandon\AppData\Roaming\IrfanView
    2011-05-11 19:21:49 -------- d-----w- C:\Program Files (x86)\IrfanView
    2011-05-11 02:45:35 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-05-11 02:45:35 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2011-05-11 02:45:35 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-05-11 02:45:35 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-05-11 02:45:35 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-05-11 02:45:35 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2011-05-11 02:45:35 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-05-11 02:45:33 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-11 02:45:33 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-11 02:45:32 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-06 18:20:44 -------- d-----w- C:\Users\Brandon\AppData\Local\AVG Security Toolbar
    .
    ==================== Find3M ====================
    .
    2011-04-21 13:46:57 25640 ----a-w- C:\Windows\gdrv.sys
    2011-04-19 04:16:35 2829 ----a-w- C:\Windows\War3Unin.pif
    2011-04-19 04:16:35 139264 ----a-w- C:\Windows\War3Unin.exe
    2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
    2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 1:42:12.02 ===============





    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/1/2011 8:40:04 PM
    System Uptime: 5/31/2011 1:04:00 AM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4N68T-M-V2
    Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2800/214mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 765.508 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ROOT\*SYSTOOLDEVICE\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\*SYSTOOLDEVICE\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP86: 5/30/2011 5:44:58 PM - Installed Command & Conquer(tm) Red Alert(tm) 3
    RP87: 5/30/2011 6:07:57 PM - Installed Command & Conquer(tm) Red Alert(tm) 3
    RP88: 5/30/2011 6:42:16 PM - Removed Command & Conquer™ Red Alert™ 3
    RP89: 5/30/2011 6:46:48 PM - Installed Command & Conquer(tm) Red Alert(tm) 3
    RP90: 5/30/2011 7:11:27 PM - Removed Command & Conquer™ Red Alert™ 3
    RP91: 5/30/2011 10:30:35 PM - Removed Crysis(R).
    RP92: 5/30/2011 10:33:27 PM - Removed Command & Conquer™ Red Alert™ 3
    RP93: 5/30/2011 10:46:37 PM - Installed Command & Conquer(tm) Red Alert(tm) 3
    RP94: 5/30/2011 11:27:07 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Age of Empires III
    AI Suite
    AIM 7
    AMD OverDrive
    Apple Application Support
    Apple Software Update
    ATI Catalyst Registration
    Call of Duty Modern Warfare 2
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    ccc-core-static
    CCC Help English
    Cold War Crisis Release 1.5
    Command & Conquer The First Decade
    Command & Conquer™ Red Alert™ 3
    DivX Setup
    Download Updater (AOL LLC)
    EA Download Manager
    ffdshow v1.1.3562 [2010-09-07]
    FullRA Plus V3.03
    GameSpy Comrade
    HiJackThis
    iDump (Freeware) Build:31
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 23
    Junk Mail filter update
    Kali II
    Magic ISO Maker v5.5 (build 0281)
    Malwarebytes' Anti-Malware
    Mega Manager
    Microsoft .NET Framework 1.1
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox (3.6.17)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Platform
    Project64 1.6
    PunkBuster Services
    QuickTime
    Red Alert - A Path Beyond -- Cold Fusion (remove only)
    Red Alert - A Path Beyond -- Gamma (remove only)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Spybot - Search & Destroy
    Steam
    The Lord of the Rings FREE Trial
    TurboV
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    VC80CRTRedist - 8.0.50727.4053
    VIA Platform Device Manager
    Visual Studio 2008 x64 Redistributables
    Warcraft III
    Warcraft III: All Products
    Winamp
    Winamp Detector Plug-in
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR 4.00 beta 3 (32-bit)
    Xvid 1.2.1 final uninstall
    ZoneAlarm
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/31/2011 1:22:59 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    5/30/2011 6:24:27 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    5/30/2011 11:28:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.
    5/29/2011 9:55:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
    5/29/2011 9:55:39 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: Insufficient system resources exist to complete the requested service.
    5/29/2011 9:55:39 AM, Error: Service Control Manager [7000] - The AVGIDSDriver service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
    5/29/2011 9:52:34 AM, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    5/27/2011 8:28:57 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    .
    ==== End Of File ===========================
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thank you for your patience. My internet was down, then we had a storm front come through. I am in 'hurry to catch up' mode now.

    A Note for you: The use of serials and cracks to pirate games or data is going to continue to bring malware to the system. At some point, if there is anough malware, the system may become so unstable that you can't boot up.
    ==========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    
    DDS::
    DDS::
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: ZoneAlarm Security Engine Registrar - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
    TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    Folder::
    c:\users\Brandon\AppData\Local\Threat Expert
    c:\program files (x86)\PC Tools Security
    c:\programdata\PC Tools
    Registry::
    RegLock::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    ==========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
     
  13. branson

    branson TS Rookie Topic Starter

    Well , I actually own the games (not that you care too much about that) and I downloaded the cracks because of issues I was having . But anyway , I understand , stuff like that happens , take your time , I can wait as long as you need me to , just give me a heads up as to how long it will take for you to reply . Anything to make life easier on you . I will do the custom script tomorrow as I am going to bed now .

    Goodnight and thanks again,
    Brandon
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Waiting on the new logs.
     
  15. branson

    branson TS Rookie Topic Starter

    I'm sorry , I had a lot of stuff to take care of today . But you seem very patient yourself . But you're probably glad you have one less problem to deal with today
    Sincerely,
    Brandon

    p.s. i appreciate you putting up with the delays , not many people are as patient as you are
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Not to worry! Gives me a chance to catch up on other threads I'm behind on!

    Post when ready.
     
  17. branson

    branson TS Rookie Topic Starter

    Did everything you said and it found no infections , but here's my CF Log:


    ComboFix 11-06-10.0A - Brandon 06/11/2011 10:03:37.3.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2608 [GMT -4:00]
    Running from: c:\users\Brandon\Desktop\Combo-Fix.exe
    Command switches used :: c:\users\Brandon\Desktop\CFScript.txt
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\PC Tools Security
    c:\program files (x86)\PC Tools Security\BDT\BDTCloudCache.bin
    c:\program files (x86)\ZoneAlarm_Security\tbZone.dll
    c:\programdata\PC Tools
    c:\programdata\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_en_dl.exe
    c:\users\Brandon\AppData\Local\Threat Expert
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-11 14:08 . 2011-06-11 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-11 14:00 . 2011-06-11 14:01 -------- d-----w- C:\Combo-Fix
    2011-06-11 13:52 . 2011-06-11 13:52 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-06-11 13:52 . 2011-05-04 08:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-06-03 15:04 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
    2011-06-03 15:04 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-06-03 15:04 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
    2011-06-03 15:04 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
    2011-06-03 15:04 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
    2011-06-03 15:04 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
    2011-05-31 13:37 . 2011-05-31 13:37 -------- d-----w- c:\programdata\ProcessLasso
    2011-05-31 13:37 . 2011-05-31 13:38 -------- d-----w- c:\users\Brandon\AppData\Roaming\ProcessLasso
    2011-05-31 13:37 . 2011-05-31 13:38 -------- d-----w- c:\program files\Process Lasso
    2011-05-31 02:57 . 2011-05-31 03:00 -------- d-----w- c:\users\Brandon\AppData\Roaming\Red Alert 3
    2011-05-27 07:38 . 2011-05-18 16:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{672B91E7-49F5-40F6-88D9-C239EE6C5CF1}\mpengine.dll
    2011-05-26 00:35 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-21 02:12 . 2011-05-21 02:12 -------- d-----w- C:\9b30e762ec4faaa359e0423c
    2011-05-19 18:22 . 2011-05-19 18:24 -------- d-----w- c:\users\Brandon\AppData\Roaming\vexorian
    2011-05-19 04:21 . 2011-05-31 03:19 -------- d-----w- c:\program files (x86)\Ad-Remover
    2011-05-18 23:07 . 2011-05-18 23:07 -------- d-----w- c:\users\Brandon\AppData\Roaming\AVG10
    2011-05-18 23:02 . 2011-06-11 13:53 -------- d-----w- c:\programdata\AVG Security Toolbar
    2011-05-18 23:00 . 2011-06-11 13:57 -------- d-----w- c:\program files (x86)\AVG
    2011-05-18 14:27 . 2011-05-18 14:27 388096 ----a-r- c:\users\Brandon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-18 14:27 . 2011-05-18 14:27 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-05-18 14:14 . 2011-05-18 14:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-05-18 14:14 . 2011-05-18 14:14 -------- d-----w- c:\programdata\!SASCORE
    2011-05-18 05:47 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-18 05:47 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-05-17 18:22 . 2011-05-17 18:22 -------- d-----w- c:\program files (x86)\Panicware
    2011-05-17 03:55 . 2011-05-31 03:29 -------- d-----w- c:\programdata\STOPzilla!
    2011-05-17 03:08 . 2011-05-17 03:08 -------- d-----w- c:\users\Brandon\AppData\Local\DDMSettings
    2011-05-17 03:05 . 2011-06-03 16:34 -------- d-----w- c:\users\Brandon\AppData\Roaming\DivX
    2011-05-17 03:04 . 2011-05-17 03:04 -------- d-----w- c:\program files\DivX
    2011-05-17 03:04 . 2011-05-17 03:04 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
    2011-05-17 02:58 . 2011-05-17 03:05 -------- d-----w- c:\program files (x86)\DivX
    2011-05-17 02:57 . 2011-05-17 03:05 -------- d-----w- c:\programdata\DivX
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-04 08:52 . 2011-01-01 23:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-04-21 13:46 . 2011-04-21 13:46 25640 ----a-w- c:\windows\gdrv.sys
    2011-04-19 04:16 . 2011-04-19 04:14 2829 ----a-w- c:\windows\War3Unin.pif
    2011-04-19 04:16 . 2011-04-19 04:14 139264 ----a-w- c:\windows\War3Unin.exe
    2011-04-09 06:45 . 2011-05-11 02:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 06:13 . 2011-05-11 02:45 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:13 . 2011-05-11 02:45 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-03-25 03:23 . 2011-05-11 02:45 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-03-25 03:23 . 2011-05-11 02:45 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-03-25 03:23 . 2011-05-11 02:45 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-03-25 03:22 . 2011-05-11 02:45 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-03-25 03:22 . 2011-05-11 02:45 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-03-25 03:22 . 2011-05-11 02:45 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-03-25 03:22 . 2011-05-11 02:45 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 2245120]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]
    "ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2005-05-25 7168]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-04-23 136616]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-29 96896]
    S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 33528]
    S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 822264]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 ALSysIO;ALSysIO;c:\users\Brandon\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-04-23 52352]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 1123320]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://xfinity.comcast.net/?&cid=mtmh05262011
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
    FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ic1h1xud.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG10\Firefox4
    FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
    FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-ISTray - c:\program files (x86)\PC Tools Security\pctsGui.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2216904268-2540828368-1871616061-1000\Software\SecuROM\License information*]
    "datasecu"=hex:8a,bc,a6,db,c2,2e,56,10,e1,2e,70,68,57,c1,6d,a2,ac,a3,04,b5,98,
    ec,c4,c7,b4,c0,52,cd,1c,8a,2e,38,4f,40,ab,7c,15,24,4e,1e,13,43,87,7e,b5,09,\
    "rkeysecu"=hex:31,01,63,79,75,f5,8b,34,eb,de,2e,74,f4,ad,49,cf
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-11 10:12:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-11 14:12
    ComboFix2.txt 2011-05-31 05:24
    .
    Pre-Run: 822,345,711,616 bytes free
    Post-Run: 822,013,054,976 bytes free
    .
    - - End Of File - - 6D398B1D48059371B08360DE749E9CA7
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Are you actually having any problem now> So far I haven't seen anything related to psvrr.exe. I'll remove a couple of files and if problems have been resolved, I'll have you remove the cleaning tools:
    ==================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\system32\drivers\Diskdump.sys
    
    FileLook::
    C:\9b30e762ec4faaa359e0423c
    
    RegNull::
    [HKEY_USERS\S-1-5-21-2216904268-2540828368-1871616061-1000\Software\SecuROM\License information*]
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
     
  19. branson

    branson TS Rookie Topic Starter

    Well my computer has been unusually slow ( still fast but not what it was and its only a few months old ) and froze up a couple times for no reason at all
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    1. For 'slow', take everytihng off of the startup Menu except the antivirus, firewall, touckpad if on laptop and network process if applicable.
    2. Consider if the RAM installed is sufficient.
    3. When the system freezes, check the time and look in the Event Viewer for corresponding error.
    Please refer to this site: http://www.windows7update.com/Windows7-Event-Viewer.html
    The system is clean. I saw no evidence of the process in your subject.
    =======================================
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Click on Start> right click on Computer> Properties
    • Select System Protection
    • Click on the Create button (near bottom)
    • Type a name for the Restore Point
    • Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
    • Click Start> Computer> right click the C Drive and choose Properties> enter.
    • Click Disk Cleanup from there.
      [​IMG]
    • Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
    • Click the More Options tab
      [​IMG]
    • Click the Clean up under System Restore and Shadow Copies.
    • Click OK.
    • You will get a confirmation screen> Just click Delete.
    • Click OK on the Disk Cleanup Screen.
    • Click Delete Files on the Confirmation screen.
    [​IMG]
    It will run the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin
     
  21. branson

    branson TS Rookie Topic Starter

    Thank you , so were done here I presume ?
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. Yes. You system is clean.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...