TechSpot

Random CPU usage spikes, horrible FPS lag in-game

Inactive
By defy
Aug 19, 2010
  1. So basically I'm looking to avoid the hassle of reformatting my computer. The best way I can explain it is that something is causing serious lag for my whole system. My in-game fps lag is getting ridiculous, regardless of what game i'm attempting to play (Some of them ran perfectly fine a few months ago). I've been trying to figure this out on my own for several weeks now but I have had no luck. I've also noticed some similar threads but I find them quite hard to follow so I was hoping someone could help me directly with my problem. I'm quite certain that there is some sort of virus or malware currently affecting my computer, I just need some help getting rid of it! Thanks!
     
  2. Broni

    Broni Malware Annihilator Posts: 47,080   +258

    Do you have those issues only when playing games?
     
  3. defy

    defy TS Rookie Topic Starter Posts: 26

    Not necessarily, it's just much easier to notice in-game. However, it feels as if my computer has been getting slower by the day.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,080   +258

  5. defy

    defy TS Rookie Topic Starter Posts: 26

    Ok, I've completed all the steps..here are the logs:

    MBAM Log

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4458

    Windows 6.0.6000
    Internet Explorer 7.0.6000.16982

    21/08/2010 3:30:35 PM
    mbam-log-2010-08-21 (15-30-35).txt

    Scan type: Quick scan
    Objects scanned: 149015
    Time elapsed: 9 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{a8f777cc-c6af-447b-a611-10a9ba15a229} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a8f777cc-c6af-447b-a611-10a9ba15a229} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8f777cc-c6af-447b-a611-10a9ba15a229} (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Windows\asdlcomnet.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Windows\inf\asynceql.inf (Malware.Trace) -> Quarantined and deleted successfully.

    GMER LOG ....I had some problems with this one so i ran it in safe mode..I might have screwed this one up by accident though so let me know if i should do it over.

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-21 16:03:00
    Windows 6.0.6000
    Running: vi9b0xq0.exe; Driver: C:\Users\Felix\AppData\Local\Temp\ugroypod.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x8E 0x30 0x48 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xE0 0x6E 0xEE ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x72 0x08 0xBD 0x92 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x3B 0xF3 0x7F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xE0 0x6E 0xEE ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x72 0x08 0xBD 0x92 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x3B 0xF3 0x7F ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xE0 0x6E 0xEE ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x72 0x08 0xBD 0x92 ...

    ---- EOF - GMER 1.0.15 ----
     
  6. defy

    defy TS Rookie Topic Starter Posts: 26

    DDS LOG


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Felix at 16:07:13.80 on 21/08/2010
    Internet Explorer: 7.0.6000.16982
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2044.1089 [GMT -4:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    svchost.exe 4
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    svchost.exe 4
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bell\Internet Service Advisor\BISA.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Felix\Desktop\foobar2000\foobar2000.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Bell\Internet Service Advisor\BISAComHandler.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Felix\Downloads\dds.scr
    C:\Windows\system32\conime.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.ask.com?o=14196&l=dis
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Shareware.Pro-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
    mURLSearchHooks: Shareware.Pro-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Shareware.Pro-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    TB: Shareware.Pro-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
    mRun: [BISA.exe] "c:\program files\bell\internet service advisor\BISA.exe" /AUTORUN
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [<NO NAME>]
    mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\felix\appdata\roaming\mozilla\firefox\profiles\f7jn383c.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - plugin: c:\program files\bell\internet service advisor\nprpspa.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - plugin: c:\users\felix\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\felix\appdata\roaming\mozilla\firefox\profiles\f7jn383c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: XULRunner: {C32D836F-E8D4-4E30-9686-0EBA82CE46E1} - c:\users\felix\appdata\local\{C32D836F-E8D4-4E30-9686-0EBA82CE46E1}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-21 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-21 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-21 60936]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    R2 ServicepointService;ServicepointService;c:\program files\bell\internet service advisor\ServicepointService.exe [2010-4-13 689392]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
    R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
    R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

    =============== Created Last 30 ================

    2010-08-21 19:19:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-21 19:19:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-21 18:56:52 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-08-21 18:56:46 0 d-----w- c:\programdata\Avira
    2010-08-21 18:56:46 0 d-----w- c:\program files\Avira
    2010-08-13 22:26:18 0 d-----w- c:\programdata\Blizzard Entertainment
    2010-08-13 22:26:17 0 d-----w- c:\program files\StarCraft II
    2010-08-07 18:21:38 103139 ----a-w- c:\users\felix\theboys.jpg
    2010-08-07 05:57:07 0 d-----w- c:\program files\Microsoft Xbox 360 Accessories
    2010-08-07 05:55:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
    2010-08-07 05:54:43 55808 ----a-w- c:\windows\system32\drivers\xusb21.sys
    2010-08-04 21:21:30 78848 ---ha-w- c:\windows\system32\cbywxu.dll.vir
    2010-08-04 20:57:47 0 d---a-w- c:\programdata\TEMP
    2010-08-04 20:57:27 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-08-04 20:57:27 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-08-04 20:57:27 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-08-04 20:57:27 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-08-04 20:57:27 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-08-04 20:57:26 0 d-----w- c:\users\felix\appdata\roaming\Simply Super Software
    2010-08-04 20:57:26 0 d-----w- c:\programdata\Simply Super Software
    2010-08-04 20:57:26 0 d-----w- c:\program files\Trojan Remover
    2010-08-03 19:03:25 0 d--h--w- C:\$AVG
    2010-08-03 18:47:37 0 d-----w- c:\programdata\avg9
    2010-08-03 18:47:37 0 d-----w- c:\program files\AVG
    2010-08-02 23:04:33 0 d-----w- c:\users\felix\appdata\roaming\Malwarebytes
    2010-08-02 22:57:45 0 d-----w- c:\programdata\Malwarebytes
    2010-08-02 22:57:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-02 22:39:36 50 ----a-w- c:\windows\wininit.ini
    2010-08-01 19:04:40 34895 ----a-w- c:\programdata\nvModes.dat
    2010-08-01 19:01:15 4332136 ----a-w- c:\windows\system32\NVStWiz.exe
    2010-07-30 22:14:30 0 d-----w- c:\users\felix\appdata\roaming\2K Sports
    2010-07-30 21:55:16 0 d-----w- c:\program files\2K Sports
    2010-07-30 18:20:34 0 d-----w- c:\programdata\KONAMI
    2010-07-30 18:20:34 0 d-----w- c:\program files\KONAMI
    2010-07-29 21:37:55 0 d-----w- c:\users\felix\appdata\roaming\Softplicity
    2010-07-29 21:37:43 0 d-----w- c:\program files\TotalAudioConverter
    2010-07-27 22:32:41 0 d-----w- c:\users\felix\appdata\roaming\ManyCam
    2010-07-26 19:17:02 497664 ----a-w- c:\windows\system32\ac3filter.acm
    2010-07-26 19:15:00 0 d-----w- c:\program files\MediaInfo

    ==================== Find3M ====================

    2010-08-07 05:54:55 86016 ----a-w- c:\windows\inf\infstrng.dat
    2010-08-07 05:54:55 86016 ----a-w- c:\windows\inf\infstor.dat
    2010-08-07 05:54:55 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-07-21 10:54:47 50704 ----a-w- c:\windows\system32\drivers\npf.sys
    2010-07-21 10:54:47 281104 ----a-w- c:\windows\system32\wpcap.dll
    2010-07-21 10:54:47 100880 ----a-w- c:\windows\system32\Packet.dll
    2010-07-21 05:53:14 82432 ---ha-w- c:\windows\system32\hgfccc.dll
    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-30 08:46:37 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-29 20:38:05 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 16:09:33.97 ===============
     
  7. defy

    defy TS Rookie Topic Starter Posts: 26

    Attach Log

    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 28/11/2009 6:24:02 PM
    System Uptime: 21/08/2010 4:03:24 PM (0 hours ago)

    Motherboard: Intel Corporation | | D946GZIS
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | LGA 775 | 2997/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 220.048 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description:
    Device ID: USBSTOR\OTHER&VEN_\7&78FCF9A&0&BROE5F123895&0
    Manufacturer:
    Name:
    PNP Device ID: USBSTOR\OTHER&VEN_\7&78FCF9A&0&BROE5F123895&0
    Service:

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    2007 Microsoft Office Suite Service Pack 2 (SP2)
    AC3Filter (remove only)
    AC3Filter 1.63b
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Adobe Shockwave Player 11.5
    Alien Swarm
    Allods Online 1.0.05.41
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ares 2.1.2
    Ares 3.1.5.3034
    Assassin's Creed II
    Avira AntiVir Personal - Free Antivirus
    Belarc Advisor 8.1
    Bell Internet Check-up
    Bell Internet Service Advisor 3.5.15
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    CDDRV_Installer
    Counter-Strike
    Counter-Strike: Source
    Day of Defeat: Source
    DivX Setup
    erLT
    foobar2000 v1.0.2.1
    FrostWire 4.18.6
    Full Tilt Poker
    gBurner
    Google Chrome
    Half-Life 2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotspot Shield 1.49
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java(TM) 6 Update 17
    JDownloader
    KhalInstallWrapper
    League of Legends
    Left 4 Dead 2
    Left 4 Dead 2 Add-on Support
    LightScribe 1.4.136.1
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    ManyCam 2.4 (remove only)
    Media Player Classic - Home Cinema v. 1.3.1249.0
    MediaInfo 0.7.34
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works 2002 Setup Launcher
    Microsoft Works 6.0
    Microsoft Works Suite Add-in for Microsoft Word
    Microsoft WSE 3.0 Runtime
    Microsoft Xbox 360 Accessories 1.1
    mIRC
    MLB 2K10
    MobileMe Control Panel
    Mozilla Firefox (3.6.8)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Essentials
    Norton Security Scan
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA PhysX
    Octoshape add-in for Adobe Flash Player
    Pando Media Booster
    Peer2Peer-EN Toolbar
    Picasa 3
    PokerStars
    Portal
    PowerDVD
    PowerISO
    Pro Evolution Soccer 2010
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Media Manager
    RPS CRT
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    SopCast 3.2.4
    StarCraft II
    Steam
    System Requirements Lab
    The Sims™ 3
    TotalAudioConverter
    Trojan Remover 6.8.2
    TVUPlayer 2.5.2.2
    Ubisoft Game Launcher
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb977719)
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.17
    Ventrilo Client
    Virtual DJ - Atomix Productions
    Vuze
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Works Suite OS Pack
    Works Synchronization

    ==== Event Viewer Messages From Past Week ========

    15/08/2010 9:40:39 PM, Error: EventLog [6008] - The previous system shutdown at 9:03:23 PM on 15/08/2010 was unexpected.
    15/08/2010 4:09:37 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    15/08/2010 3:46:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    15/08/2010 3:46:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
    14/08/2010 6:23:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
    14/08/2010 12:00:55 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
    14/08/2010 10:58:19 AM, Error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
    14/08/2010 10:57:22 AM, Error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    14/08/2010 10:57:11 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    14/08/2010 10:57:05 AM, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
    14/08/2010 10:57:00 AM, Error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    14/08/2010 10:56:46 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    14/08/2010 10:56:34 AM, Error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    14/08/2010 1:18:50 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

    ==== End Of File ===========================
     
  8. Broni

    Broni Malware Annihilator Posts: 47,080   +258

    You did well :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. defy

    defy TS Rookie Topic Starter Posts: 26

    haha alright good.. here are the next logs

    MBR Check


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: (build 6000), 32-bit
    Base Board Manufacturer: Intel Corporation
    BIOS Manufacturer: Intel Corp.
    System Manufacturer:
    System Product Name:
    Logical Drives Mask: 0x0000005c

    Kernel Drivers (total 153):
    0x82000000 \SystemRoot\system32\ntkrnlpa.exe
    0x823A1000 \SystemRoot\system32\hal.dll
    0x802C6000 \SystemRoot\system32\kdcom.dll
    0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8025D000 \SystemRoot\system32\PSHED.dll
    0x80255000 \SystemRoot\system32\BOOTVID.dll
    0x8021A000 \SystemRoot\system32\CLFS.SYS
    0x8051F000 \SystemRoot\system32\CI.dll
    0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80461000 \SystemRoot\system32\drivers\acpi.sys
    0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
    0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
    0x80425000 \SystemRoot\system32\drivers\pci.sys
    0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8040E000 \SystemRoot\system32\drivers\intelide.sys
    0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
    0x807AE000 \SystemRoot\system32\drivers\atapi.sys
    0x80790000 \SystemRoot\system32\drivers\ataport.SYS
    0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8064B000 \SystemRoot\system32\drivers\ndis.sys
    0x80620000 \SystemRoot\system32\drivers\msrpc.sys
    0x81FC7000 \SystemRoot\system32\drivers\NETIO.SYS
    0x81EBF000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x81E55000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x81E1F000 \SystemRoot\system32\drivers\volsnap.sys
    0x80618000 \SystemRoot\System32\Drivers\spldr.sys
    0x80609000 \SystemRoot\System32\drivers\partmgr.sys
    0x81E10000 \SystemRoot\System32\Drivers\mup.sys
    0x87BDB000 \SystemRoot\System32\drivers\ecache.sys
    0x87BCA000 \SystemRoot\system32\drivers\disk.sys
    0x87BA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x80600000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8B950000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8B92C000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8A407000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8BCF4000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x88986000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x8B823000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8A41F000 \SystemRoot\System32\drivers\watchdog.sys
    0x8A56D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8B95B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8A530000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8A522000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8BCAC000 \SystemRoot\system32\DRIVERS\VSTBS23.SYS
    0x8BC82000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8C8FC000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
    0x8C849000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
    0x8A42C000 \SystemRoot\system32\drivers\modem.sys
    0x8BC5A000 \SystemRoot\system32\DRIVERS\e100b325.sys
    0x8A50A000 \SystemRoot\system32\DRIVERS\parport.sys
    0x8B810000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8A5DF000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
    0x8B966000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8BC40000 \SystemRoot\system32\DRIVERS\serial.sys
    0x8A415000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x8BC28000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x889A6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8C81E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8CBC0000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8B971000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x889B8000 \SystemRoot\system32\DRIVERS\ManyCam.sys
    0x8A439000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x88958000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x88594000 \SystemRoot\system32\DRIVERS\HssDrv.sys
    0x8BC11000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8B97C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8CB9D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x87A71000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8C80B000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x888BC000 \SystemRoot\system32\DRIVERS\taphss.sys
    0x888C3000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0x8CAAD000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8B992000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x88994000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8A5F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8A453000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8CA79000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x88504000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8CA14000 \SystemRoot\system32\DRIVERS\stwrt.sys
    0x8CFD3000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x8CFAE000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x8B923000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x88884000 \SystemRoot\System32\Drivers\Null.SYS
    0x8888B000 \SystemRoot\System32\Drivers\Beep.SYS
    0x88892000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8BC05000 \SystemRoot\System32\drivers\vga.sys
    0x8CF8D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x88918000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x88928000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8B99D000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8CA06000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8B93E000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8CE99000 \SystemRoot\System32\drivers\tcpip.sys
    0x8CE80000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8CE6B000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8CE54000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8897C000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8C801000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x8A460000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x8CE02000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x889D0000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
    0x8B908000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x88544000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x888D8000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x888E0000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x888E8000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0x8D152000 \SystemRoot\system32\DRIVERS\xusb21.sys
    0x8D13E000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8D0F7000 \SystemRoot\system32\drivers\afd.sys
    0x8D0C5000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8D0AF000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8D0A1000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8D08E000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x889FA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x8D080000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x8D005000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8D16A000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8D5E9000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8D5C7000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x8A487000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8B9A8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x88940000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x94A00000 \SystemRoot\System32\win32k.sys
    0x8D17E000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8CADA000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x97800000 \SystemRoot\System32\TSDDD.dll
    0x97810000 \SystemRoot\System32\cdd.dll
    0x97C9E000 \SystemRoot\system32\drivers\luafv.sys
    0x97C89000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x99802000 \SystemRoot\system32\drivers\spsys.sys
    0x884C4000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9BD42000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9C2E7000 \SystemRoot\system32\drivers\HTTP.sys
    0x8B947000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x9C226000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9C20D000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9C9E0000 \SystemRoot\system32\drivers\mrxdav.sys
    0x9C9C2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9C989000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9C3AE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9C965000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9C8D4000 \SystemRoot\System32\DRIVERS\srv.sys
    0x88899000 \SystemRoot\system32\DRIVERS\parvdm.sys
    0x9FEA2000 \SystemRoot\system32\drivers\peauth.sys
    0x8D1B0000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x8B9B3000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x98DEB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x98DD9000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0x77040000 \Windows\System32\ntdll.dll

    Processes (total 60):
    0 System Idle Process
    4 System
    456 C:\Windows\System32\smss.exe
    520 csrss.exe
    568 C:\Windows\System32\wininit.exe
    576 csrss.exe
    612 C:\Windows\System32\services.exe
    624 C:\Windows\System32\lsass.exe
    632 C:\Windows\System32\lsm.exe
    660 C:\Windows\System32\winlogon.exe
    812 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\svchost.exe
    888 C:\Windows\System32\nvvsvc.exe
    924 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    1064 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\svchost.exe
    1148 C:\Windows\System32\svchost.exe
    1184 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\stacsv.exe
    1252 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\audiodg.exe
    1368 C:\Windows\System32\SLsvc.exe
    1436 C:\Windows\System32\nvvsvc.exe
    1476 C:\Windows\System32\svchost.exe
    1608 C:\Windows\System32\svchost.exe
    1792 C:\Windows\System32\spoolsv.exe
    1816 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1828 C:\Windows\System32\svchost.exe
    560 C:\Windows\System32\dwm.exe
    908 C:\Windows\System32\taskeng.exe
    712 C:\Windows\explorer.exe
    824 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1600 C:\Program Files\Bell\Internet Service Advisor\BISA.exe
    1580 C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    2056 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2100 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    2116 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    2148 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2192 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2268 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    2296 C:\Program Files\Hotspot Shield\bin\hsswd.exe
    2344 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2380 C:\Program Files\Common Files\Motive\McciCMService.exe
    2416 C:\ComboFix\PEV.cfxxe
    2460 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    2496 C:\Windows\ehome\ehtray.exe
    2508 C:\Program Files\Steam\Steam.exe
    2568 C:\Windows\System32\svchost.exe
    2592 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    2628 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    2888 C:\Windows\ehome\ehmsas.exe
    3544 C:\Program Files\Mozilla Firefox\firefox.exe
    3700 C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
    3716 C:\Windows\System32\svchost.exe
    3784 C:\Windows\System32\svchost.exe
    3832 C:\Windows\System32\SearchIndexer.exe
    4056 WUDFHost.exe
    2832 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2988 C:\Windows\explorer.exe
    3904 C:\Users\Felix\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000

    PhysicalDrive0 Model Number: WDCWD5000AAKS-00TMA0, Rev: 12.01C01
    PhysicalDrive1 Model Number: WDCWD5000AADS-00M2B0, Rev: 01.00A01

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
    SHA1: AE8A2D972741A4CF0A40B2C5E6A6A17665C62B80
    465 GB \\.\PhysicalDrive1 Known-bad MBR code detected (Whistler / Black Internet)!
    SHA1: AE8A2D972741A4CF0A40B2C5E6A6A17665C62B80


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  10. defy

    defy TS Rookie Topic Starter Posts: 26

    COMBOFIX - first got a blue screen of death, then it made me restart (forgot why, but it seemed bad)..worked fine after the restart.

    ComboFix 10-08-22.01 - Felix 22/08/2010 18:17:34.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2044.1374 [GMT -4:00]
    Running from: c:\users\Felix\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Felix\AppData\Local\{C32D836F-E8D4-4E30-9686-0EBA82CE46E1}
    c:\users\Felix\AppData\Local\{C32D836F-E8D4-4E30-9686-0EBA82CE46E1}\chrome.manifest
    c:\users\Felix\AppData\Local\{C32D836F-E8D4-4E30-9686-0EBA82CE46E1}\chrome\content\_cfg.js
    c:\users\Felix\AppData\Local\{C32D836F-E8D4-4E30-9686-0EBA82CE46E1}\chrome\content\overlay.xul
    c:\users\Felix\AppData\Local\{C32D836F-E8D4-4E30-9686-0EBA82CE46E1}\install.rdf
    c:\windows\Media\lsass.cpl
    c:\windows\system\mkp.dll
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\drwtsn32.dll
    c:\windows\system32\Packet.dll
    c:\windows\system32\st322000.dll
    c:\windows\system32\wpcap.dll

    Infected copy of c:\windows\system32\drivers\tdx.sys was found and disinfected
    Restored copy from - Kitty had a snack :p


    \\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
    \\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
    .
    \\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
    \\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
    .
    ((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
    .

    2010-08-22 22:29 . 2010-08-22 22:29 -------- d-----w- c:\users\Felix\AppData\Local\temp
    2010-08-22 22:29 . 2010-08-22 22:29 -------- d-----w- c:\users\pizzowned\AppData\Local\temp
    2010-08-22 22:29 . 2010-08-22 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-08-22 22:09 . 2010-08-22 22:09 -------- d-----w- C:\32788R22FWJFW
    2010-08-22 16:15 . 2010-08-22 16:15 -------- d-----w- c:\users\Felix\AppData\Roaming\Avira
    2010-08-21 19:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-21 19:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-21 18:56 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-08-21 18:56 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-08-21 18:56 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-08-21 18:56 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\programdata\Avira
    2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\program files\Avira
    2010-08-13 23:06 . 2010-08-13 23:06 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-08-13 22:26 . 2010-08-13 23:06 -------- d-----w- c:\programdata\Blizzard Entertainment
    2010-08-13 22:26 . 2010-08-17 17:14 -------- d-----w- c:\program files\StarCraft II
    2010-08-07 05:57 . 2010-08-07 05:57 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
    2010-08-07 05:54 . 2007-08-28 09:05 55808 ----a-w- c:\windows\system32\drivers\xusb21.sys
    2010-08-04 21:21 . 2010-08-04 21:21 78848 ---ha-w- c:\windows\system32\cbywxu.dll.vir
    2010-08-04 20:57 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-08-04 20:57 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-08-04 20:57 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-08-04 20:57 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-08-04 20:57 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\program files\Trojan Remover
    2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\users\Felix\AppData\Roaming\Simply Super Software
    2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\programdata\Simply Super Software
    2010-08-03 19:03 . 2010-08-03 19:03 -------- d-----w- C:\$AVG
    2010-08-03 18:47 . 2010-08-04 20:48 -------- d-----w- c:\programdata\avg9
    2010-08-03 18:47 . 2010-08-03 18:47 -------- d-----w- c:\program files\AVG
    2010-08-02 23:04 . 2010-08-02 23:04 -------- d-----w- c:\users\Felix\AppData\Roaming\Malwarebytes
    2010-08-02 22:57 . 2010-08-21 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-02 22:57 . 2010-08-02 22:57 -------- d-----w- c:\programdata\Malwarebytes
    2010-08-01 19:01 . 2010-01-12 01:00 4332136 ----a-w- c:\windows\system32\NVStWiz.exe
    2010-08-01 18:57 . 2010-08-01 18:58 680 ----a-w- c:\users\Felix\AppData\Local\d3d9caps.dat
    2010-07-30 22:14 . 2010-07-30 22:14 -------- d-----w- c:\users\Felix\AppData\Roaming\2K Sports
    2010-07-30 21:55 . 2010-07-30 21:55 -------- d-----w- c:\program files\2K Sports
    2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\programdata\KONAMI
    2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\program files\KONAMI
    2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\users\Felix\AppData\Roaming\Softplicity
    2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\program files\TotalAudioConverter
    2010-07-27 22:32 . 2010-07-27 22:32 117552 ----a-w- c:\users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-07-27 22:32 . 2010-07-27 22:32 -------- d-----w- c:\users\Felix\AppData\Roaming\ManyCam
    2010-07-26 19:15 . 2010-07-26 19:15 -------- d-----w- c:\program files\MediaInfo
    2010-07-26 19:06 . 2010-07-26 19:06 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
    2010-07-26 19:05 . 2010-07-26 19:05 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
    2010-07-26 19:04 . 2010-07-26 19:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-22 22:06 . 2010-08-01 19:04 34895 ----a-w- c:\programdata\nvModes.dat
    2010-08-22 22:06 . 2010-02-04 04:43 -------- d-----w- c:\program files\Steam
    2010-08-22 20:34 . 2010-04-16 23:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-08-22 19:37 . 2010-01-30 05:53 -------- d-----w- c:\users\Felix\AppData\Roaming\FrostWire
    2010-08-21 21:50 . 2010-04-15 17:49 -------- d-----w- c:\users\Felix\AppData\Roaming\foobar2000
    2010-08-20 14:36 . 2010-07-17 18:47 -------- d-----w- c:\program files\JDownloader
    2010-08-18 16:57 . 2010-02-09 21:15 -------- d-----w- c:\programdata\PMB Files
    2010-08-13 22:54 . 2010-06-09 15:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-08-11 18:17 . 2009-11-30 19:52 -------- d-----w- c:\users\Felix\AppData\Roaming\Azureus
    2010-08-10 14:28 . 2010-07-02 19:02 -------- d-----w- c:\program files\Hotspot Shield
    2010-08-07 05:55 . 2010-08-07 05:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
    2010-08-01 19:04 . 2010-02-05 16:24 -------- d-----w- c:\programdata\NVIDIA
    2010-08-01 19:01 . 2009-11-29 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-08-01 19:00 . 2010-02-05 16:22 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-07-27 22:29 . 2010-04-09 23:30 -------- d-----w- c:\programdata\Bell
    2010-07-27 22:27 . 2010-04-18 19:34 -------- d-----w- c:\users\pizzowned\AppData\Roaming\Bell
    2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\users\Felix\AppData\Roaming\Bell
    2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\program files\Bell
    2010-07-26 19:17 . 2010-07-19 19:40 -------- d-----w- c:\program files\AC3Filter
    2010-07-26 19:06 . 2010-05-03 18:27 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-07-26 19:06 . 2010-05-03 18:21 -------- d-----w- c:\programdata\DivX
    2010-07-26 19:06 . 2009-11-29 22:54 -------- d-----w- c:\program files\DivX
    2010-07-26 19:04 . 2010-05-03 18:23 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
    2010-07-26 19:04 . 2010-05-03 18:23 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-07-21 12:29 . 2010-07-12 20:56 0 ----a-w- c:\users\Felix\AppData\Local\Wkivogo.bin
    2010-07-21 05:53 . 2010-07-21 05:53 82432 ---ha-w- c:\windows\system32\hgfccc.dll
    2010-07-20 21:57 . 2010-06-04 15:19 -------- d-----w- c:\users\Felix\AppData\Roaming\HLSW
    2010-07-20 11:40 . 2010-07-20 11:40 0 ----a-w- c:\windows\system32\cd.dat
    2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\users\Felix\AppData\Roaming\Ubisoft
    2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\programdata\Ubisoft
    2010-07-19 20:11 . 2010-07-19 19:58 -------- d-----w- c:\program files\Ubisoft
    2010-07-19 20:11 . 2009-11-29 17:03 -------- d-----w- c:\program files\InstallShield Installation Information
    2010-07-16 21:51 . 2010-04-11 00:57 -------- d-----w- c:\program files\Full Tilt Poker
    2010-07-12 18:24 . 2010-07-12 18:24 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
    2010-07-12 18:24 . 2010-07-12 18:24 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
    2010-07-09 20:48 . 2009-11-29 19:56 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-07-08 03:03 . 2010-07-08 03:03 -------- d-----w- c:\users\pizzowned\AppData\Roaming\DivX
    2010-06-30 16:02 . 2009-12-09 18:19 -------- d-----w- c:\program files\PokerStars
    2010-06-28 03:15 . 2010-04-17 15:01 256 ----a-w- c:\windows\system32\pool.bin
    2010-06-16 20:33 . 2010-06-16 20:33 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
    2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-06-01 17:37 . 2009-11-29 16:28 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-28 19:16 . 2010-05-28 19:16 290816 ----a-w- c:\users\Felix\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
    2010-05-28 19:16 . 2010-05-28 19:16 290816 ----a-w- c:\users\Felix\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
    2010-05-28 19:16 . 2010-05-28 19:16 290816 ----a-w- c:\users\Felix\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
    2010-05-28 19:16 . 2010-05-28 19:16 290816 ----a-w- c:\users\Felix\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
    .
    .
     
  11. defy

    defy TS Rookie Topic Starter Posts: 26

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

    [HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
    2010-01-24 08:21 2166296 ----a-w- c:\program files\Peer2Peer-EN\tbPee1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

    [HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

    [HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-11-30 1232896]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2010-01-13 4281584]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-12-04 737280]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
    path=c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
    backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-02-17 23:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
    2010-01-19 15:17 1565696 ----a-w- c:\program files\BellCanada\McciTrayApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-11-29 22:45 135664 ----atw- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
    2010-04-21 08:26 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
    2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
    2010-02-09 21:14 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-03 01:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-11-30 08:21 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
    2006-11-02 09:45 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-05-07 19:38 1238352 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-11-29 22:56 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
    2009-03-12 17:53 483422 ----a-w- c:\program files\IDT\WDM\sttray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2009-11-29 20:10 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
    2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1746604758-1044917362-344122428-1000]
    "EnableNotificationsRef"=dword:00000001

    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-08 3290184]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-08 691696]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
    S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-13 689392]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000Core.job
    - c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

    2010-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000UA.job
    - c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

    2010-08-22 c:\windows\Tasks\Norton Security Scan for Felix.job
    - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-12 05:27]

    2010-08-22 c:\windows\Tasks\User_Feed_Synchronization-{1AAA177D-1F84-4B11-9163-6DDC448CB382}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

    2010-08-07 c:\windows\Tasks\XboxStatTask.job
    - c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe [2009-12-04 00:28]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=14196&l=dis
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
    FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\Veetle\Player\npvlc.dll
    FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
    FF - plugin: c:\users\Felix\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
    MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
    MSConfigStartUp-dddbyysys - cbbccy.dll
    MSConfigStartUp-hgfefeaudio - cbywxu.dll
    MSConfigStartUp-iifghhsys - cbbccy.dll
    MSConfigStartUp-ljkhihaudio - cbywxu.dll
    MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
    MSConfigStartUp-Mjati - c:\users\Felix\AppData\Local\uvoqepij.dll
    MSConfigStartUp-mlmnnksys - pmlkij.dll
    MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
    MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    MSConfigStartUp-Serviço de Rede - c:\windows\system\Downloads_GYN.CPL
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Felix\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-22 18:29
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-08-22 18:32:57
    ComboFix-quarantined-files.txt 2010-08-22 22:32

    Pre-Run: 240,392,253,440 bytes free
    Post-Run: 240,315,092,992 bytes free

    - - End Of File - - 3E7F3D673CA19AC1D96A4837BFC2DC2B
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,080   +258

    You had a nasty Whistler bootkit there.

    Re-run MBRCheck and post fresh log.
     
  13. defy

    defy TS Rookie Topic Starter Posts: 26

    sorry dude..was gone for the week. Here's the new log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: (build 6000), 32-bit
    Base Board Manufacturer: Intel Corporation
    BIOS Manufacturer: Intel Corp.
    System Manufacturer:
    System Product Name:
    Logical Drives Mask: 0x0000005c

    Kernel Drivers (total 154):
    0x82000000 \SystemRoot\system32\ntkrnlpa.exe
    0x823A1000 \SystemRoot\system32\hal.dll
    0x802C6000 \SystemRoot\system32\kdcom.dll
    0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8025D000 \SystemRoot\system32\PSHED.dll
    0x80255000 \SystemRoot\system32\BOOTVID.dll
    0x8021A000 \SystemRoot\system32\CLFS.SYS
    0x8051F000 \SystemRoot\system32\CI.dll
    0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80461000 \SystemRoot\system32\drivers\acpi.sys
    0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
    0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
    0x80425000 \SystemRoot\system32\drivers\pci.sys
    0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8040E000 \SystemRoot\system32\drivers\intelide.sys
    0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
    0x807AE000 \SystemRoot\system32\drivers\atapi.sys
    0x80790000 \SystemRoot\system32\drivers\ataport.SYS
    0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8064B000 \SystemRoot\system32\drivers\ndis.sys
    0x80620000 \SystemRoot\system32\drivers\msrpc.sys
    0x81FC7000 \SystemRoot\system32\drivers\NETIO.SYS
    0x81EBF000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x81E55000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x81E1F000 \SystemRoot\system32\drivers\volsnap.sys
    0x80618000 \SystemRoot\System32\Drivers\spldr.sys
    0x80609000 \SystemRoot\System32\drivers\partmgr.sys
    0x81E10000 \SystemRoot\System32\Drivers\mup.sys
    0x87BDB000 \SystemRoot\System32\drivers\ecache.sys
    0x87BCA000 \SystemRoot\system32\drivers\disk.sys
    0x87BA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x80600000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8A127000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8880B000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8BEF4000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x88419000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x8B613000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8A076000 \SystemRoot\System32\drivers\watchdog.sys
    0x8A064000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8B75B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8A027000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8A019000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8BEAC000 \SystemRoot\system32\DRIVERS\VSTBS23.SYS
    0x8BE82000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8CAFC000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
    0x8CA49000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
    0x8A00C000 \SystemRoot\system32\drivers\modem.sys
    0x8BE5A000 \SystemRoot\system32\DRIVERS\e100b325.sys
    0x8BE42000 \SystemRoot\system32\DRIVERS\parport.sys
    0x8B600000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8A168000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
    0x8B766000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8BE28000 \SystemRoot\system32\DRIVERS\serial.sys
    0x8B6B0000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x8BE10000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x888AC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8CA1E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8CDC0000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8B771000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x888BE000 \SystemRoot\system32\DRIVERS\ManyCam.sys
    0x8A173000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x888F5000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x8CA07000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8B77C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8CD9D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x87A71000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8CD8A000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8886B000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0x8BE01000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8B787000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x88401000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8B6BA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8CD7D000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8CD49000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x88524000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8CCA4000 \SystemRoot\system32\DRIVERS\stwrt.sys
    0x8CC77000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x8CC52000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x8A115000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8883A000 \SystemRoot\System32\Drivers\Null.SYS
    0x88841000 \SystemRoot\System32\Drivers\Beep.SYS
    0x88848000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8A000000 \SystemRoot\System32\drivers\vga.sys
    0x8CC31000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8891D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x88925000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8B792000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8CFF2000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x87A80000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8CF1E000 \SystemRoot\System32\drivers\tcpip.sys
    0x8CF05000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8CEF0000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8CEDC000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8CE95000 \SystemRoot\system32\drivers\afd.sys
    0x8CE63000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8CE4D000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8CE3F000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8CE2C000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x88423000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x8CE1E000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x8D385000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8B6C4000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8CE07000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8D323000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x8D5DC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x88405000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8B6D8000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x8D5F3000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x8D4FA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x8D50C000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8B79D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8890D000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x94200000 \SystemRoot\System32\win32k.sys
    0x8B6F6000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8D2F8000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x97E00000 \SystemRoot\System32\TSDDD.dll
    0x97E10000 \SystemRoot\System32\cdd.dll
    0x98B14000 \SystemRoot\system32\drivers\luafv.sys
    0x98AFF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x9AB32000 \SystemRoot\system32\drivers\spsys.sys
    0x884C4000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9AADF000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9B357000 \SystemRoot\system32\drivers\HTTP.sys
    0x9B2FC000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9B2E3000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9B2C3000 \SystemRoot\system32\drivers\mrxdav.sys
    0x9B2A5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9B26C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9B25A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9B236000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9BD6F000 \SystemRoot\System32\DRIVERS\srv.sys
    0x8A0C4000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x88864000 \SystemRoot\system32\DRIVERS\parvdm.sys
    0xA08F2000 \SystemRoot\system32\drivers\peauth.sys
    0x8B732000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x8B7A8000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA2886000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0xA2874000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0xA5AEA000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x9BC20000 \SystemRoot\system32\DRIVERS\HssDrv.sys
    0x8B7B3000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8885D000 \SystemRoot\system32\DRIVERS\taphss.sys
    0x97E20000 \SystemRoot\System32\ATMFD.DLL
    0xA845A000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
    0xB3664000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB2060000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x88935000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x97630000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xA59F0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0x77540000 \Windows\System32\ntdll.dll

    Processes (total 64):
    0 System Idle Process
    4 System
    520 C:\Windows\System32\smss.exe
    588 csrss.exe
    636 csrss.exe
    644 C:\Windows\System32\wininit.exe
    680 C:\Windows\System32\services.exe
    692 C:\Windows\System32\lsass.exe
    700 C:\Windows\System32\lsm.exe
    744 C:\Windows\System32\winlogon.exe
    916 C:\Windows\System32\svchost.exe
    976 C:\Windows\System32\nvvsvc.exe
    1004 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\svchost.exe
    1172 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\svchost.exe
    1248 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\stacsv.exe
    1328 C:\Windows\System32\audiodg.exe
    1392 C:\Windows\System32\SLsvc.exe
    1432 C:\Windows\System32\svchost.exe
    1548 C:\Windows\System32\nvvsvc.exe
    1632 C:\Windows\System32\svchost.exe
    1828 C:\Windows\System32\spoolsv.exe
    1852 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1864 C:\Windows\System32\svchost.exe
    576 C:\Windows\System32\dwm.exe
    836 C:\Windows\System32\taskeng.exe
    1068 C:\Windows\explorer.exe
    1292 C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    1764 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    904 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2096 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2112 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2176 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2184 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2204 C:\Program Files\Common Files\Motive\McciCMService.exe
    2360 C:\Windows\System32\svchost.exe
    2624 C:\Windows\ehome\ehtray.exe
    2920 C:\Windows\ehome\ehmsas.exe
    3364 C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
    3380 C:\Windows\System32\svchost.exe
    3416 C:\Windows\System32\svchost.exe
    3436 C:\Windows\System32\SearchIndexer.exe
    3640 WUDFHost.exe
    372 C:\Windows\System32\conime.exe
    2608 C:\Windows\System32\taskeng.exe
    3424 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2384 C:\Program Files\Windows Media Player\wmpnetwk.exe
    672 C:\Program Files\Hotspot Shield\bin\hsswd.exe
    2064 C:\Windows\System32\conime.exe
    1376 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    2212 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    4500 C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe
    5784 C:\Program Files\Pando Networks\Media Booster\PMB.exe
    6096 C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe
    6116 C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    4928 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    4968 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    5724 C:\Program Files\Ventrilo\Ventrilo.exe
    2816 C:\Program Files\Steam\Steam.exe
    2488 taskeng.exe
    5888 C:\Program Files\Mozilla Firefox\firefox.exe
    5536 C:\Program Files\Mozilla Firefox\plugin-container.exe
    4808 C:\Users\Felix\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000

    PhysicalDrive0 Model Number: WDCWD5000AAKS-00TMA0, Rev: 12.01C01
    PhysicalDrive1 Model Number: WDCWD5000AADS-00M2B0, Rev: 01.00A01

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    465 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  14. Broni

    Broni Malware Annihilator Posts: 47,080   +258

    MBRCheck log looks good :)


    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\cbywxu.dll.vir
    
    
    Folder::
    C:\$AVG
    c:\programdata\avg9
    c:\program files\AVG
    c:\program files\Common Files\Symantec Shared
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  15. defy

    defy TS Rookie Topic Starter Posts: 26

    awesome..it didn't ask me to restart, here's the log:

    ComboFix 10-08-27.03 - Felix 28/08/2010 16:18:48.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2044.1393 [GMT -4:00]
    Running from: c:\users\Felix\Desktop\ComboFix.exe
    Command switches used :: c:\users\Felix\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\system32\cbywxu.dll.vir"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\$AVG
    c:\$avg\$VAULT\V_00000001.fil
    c:\$avg\$VAULT\vvfolder.idx
    c:\program files\AVG
    c:\program files\Common Files\Symantec Shared
    c:\programdata\avg9
    c:\programdata\avg9\Chjw\6860f41b60f3ee26\avgcchff.dat
    c:\programdata\avg9\Chjw\6860f41b60f3ee26\avgcchmf.dat
    c:\programdata\avg9\Chjw\cm-3-p.dat
    c:\programdata\avg9\Chjw\cm-4-p.dat
    c:\programdata\avg9\Log\avgchjw.log
    c:\programdata\avg9\Log\avgchjwsrv.log
    c:\windows\system32\cbywxu.dll.vir
    c:\windows\system32\hgfccc.dll

    .
    \\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
    \\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
    .
    ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))
    .

    2010-08-28 20:28 . 2010-08-28 20:28 -------- d-----w- c:\users\Felix\AppData\Local\temp
    2010-08-28 20:28 . 2010-08-28 20:28 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-08-28 20:28 . 2010-08-28 20:28 -------- d-----w- c:\users\pizzowned\AppData\Local\temp
    2010-08-28 20:28 . 2010-08-28 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-08-28 20:16 . 2010-08-28 20:17 -------- d-----w- C:\32788R22FWJFW
    2010-08-25 21:14 . 2010-08-25 21:14 -------- d-----w- c:\users\Felix\AppData\Roaming\LolClient
    2010-08-25 20:56 . 2010-08-25 20:56 -------- d-----w- C:\Riot Games
    2010-08-24 15:46 . 2010-08-24 15:48 -------- d-----w- c:\program files\Hotspot Shield
    2010-08-22 16:15 . 2010-08-22 16:15 -------- d-----w- c:\users\Felix\AppData\Roaming\Avira
    2010-08-21 19:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-21 19:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-21 18:56 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-08-21 18:56 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-08-21 18:56 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-08-21 18:56 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\programdata\Avira
    2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\program files\Avira
    2010-08-13 23:06 . 2010-08-13 23:06 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-08-13 22:26 . 2010-08-13 23:06 -------- d-----w- c:\programdata\Blizzard Entertainment
    2010-08-13 22:26 . 2010-08-17 17:14 -------- d-----w- c:\program files\StarCraft II
    2010-08-07 05:57 . 2010-08-07 05:57 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
    2010-08-07 05:54 . 2007-08-28 09:05 55808 ----a-w- c:\windows\system32\drivers\xusb21.sys
    2010-08-04 20:57 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-08-04 20:57 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-08-04 20:57 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-08-04 20:57 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-08-04 20:57 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\program files\Trojan Remover
    2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\users\Felix\AppData\Roaming\Simply Super Software
    2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\programdata\Simply Super Software
    2010-08-02 23:04 . 2010-08-02 23:04 -------- d-----w- c:\users\Felix\AppData\Roaming\Malwarebytes
    2010-08-02 22:57 . 2010-08-21 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-02 22:57 . 2010-08-02 22:57 -------- d-----w- c:\programdata\Malwarebytes
    2010-08-01 19:01 . 2010-01-12 01:00 4332136 ----a-w- c:\windows\system32\NVStWiz.exe
    2010-08-01 18:57 . 2010-08-01 18:58 680 ----a-w- c:\users\Felix\AppData\Local\d3d9caps.dat
    2010-07-30 22:14 . 2010-07-30 22:14 -------- d-----w- c:\users\Felix\AppData\Roaming\2K Sports
    2010-07-30 21:55 . 2010-07-30 21:55 -------- d-----w- c:\program files\2K Sports
    2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\programdata\KONAMI
    2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\program files\KONAMI
    2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\users\Felix\AppData\Roaming\Softplicity
    2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\program files\TotalAudioConverter

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-28 20:11 . 2010-08-01 19:04 34895 ----a-w- c:\programdata\nvModes.dat
    2010-08-28 01:14 . 2010-02-04 04:43 -------- d-----w- c:\program files\Steam
    2010-08-26 15:37 . 2010-08-28 15:44 1364346 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescript.dll
    2010-08-26 15:37 . 2010-08-28 15:44 2867574 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeheur.dll
    2010-08-26 15:36 . 2010-08-28 15:44 242038 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aehelp.dll
    2010-08-26 15:36 . 2010-08-28 15:44 397684 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aegen.dll
    2010-08-25 20:56 . 2009-11-29 17:03 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-25 20:17 . 2010-02-09 21:15 -------- d-----w- c:\programdata\PMB Files
    2010-08-22 19:37 . 2010-01-30 05:53 -------- d-----w- c:\users\Felix\AppData\Roaming\FrostWire
    2010-08-21 21:50 . 2010-04-15 17:49 -------- d-----w- c:\users\Felix\AppData\Roaming\foobar2000
    2010-08-21 18:59 . 2010-08-28 15:44 254324 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aesbx.dll
    2010-08-21 18:59 . 2010-08-28 15:44 106868 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aevdf.dll
    2010-08-21 18:59 . 2010-08-28 15:44 614772 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aerdl.dll
    2010-08-21 18:59 . 2010-08-28 15:44 127347 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescn.dll
    2010-08-21 18:59 . 2010-08-28 15:44 471412 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aepack.dll
    2010-08-21 18:59 . 2010-08-28 15:44 201081 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeoffice.dll
    2010-08-21 18:59 . 2010-08-28 15:44 393588 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeemu.dll
    2010-08-21 18:59 . 2010-08-28 15:44 53618 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aebb.dll
    2010-08-21 18:59 . 2010-08-28 15:44 192887 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aecore.dll
    2010-08-20 14:36 . 2010-07-17 18:47 -------- d-----w- c:\program files\JDownloader
    2010-08-13 22:54 . 2010-06-09 15:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-08-11 18:17 . 2009-11-30 19:52 -------- d-----w- c:\users\Felix\AppData\Roaming\Azureus
    2010-08-07 05:55 . 2010-08-07 05:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
    2010-08-01 19:04 . 2010-02-05 16:24 -------- d-----w- c:\programdata\NVIDIA
    2010-08-01 19:01 . 2009-11-29 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-08-01 19:00 . 2010-02-05 16:22 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-07-27 22:32 . 2010-07-27 22:32 117552 ----a-w- c:\users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-07-27 22:32 . 2010-07-27 22:32 -------- d-----w- c:\users\Felix\AppData\Roaming\ManyCam
    2010-07-27 22:29 . 2010-04-09 23:30 -------- d-----w- c:\programdata\Bell
    2010-07-27 22:27 . 2010-04-18 19:34 -------- d-----w- c:\users\pizzowned\AppData\Roaming\Bell
    2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\users\Felix\AppData\Roaming\Bell
    2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\program files\Bell
    2010-07-26 19:17 . 2010-07-19 19:40 -------- d-----w- c:\program files\AC3Filter
    2010-07-26 19:15 . 2010-07-26 19:15 -------- d-----w- c:\program files\MediaInfo
    2010-07-26 19:06 . 2010-05-03 18:27 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-07-26 19:06 . 2010-05-03 18:21 -------- d-----w- c:\programdata\DivX
    2010-07-26 19:06 . 2010-07-26 19:06 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-07-26 19:06 . 2009-11-29 22:54 -------- d-----w- c:\program files\DivX
    2010-07-26 19:06 . 2010-07-26 19:06 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
    2010-07-26 19:05 . 2010-07-26 19:05 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
    2010-07-26 19:04 . 2010-07-26 19:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-07-26 19:04 . 2010-05-03 18:23 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
    2010-07-26 19:04 . 2010-05-03 18:23 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-07-21 12:29 . 2010-07-12 20:56 0 ----a-w- c:\users\Felix\AppData\Local\Wkivogo.bin
    2010-07-20 21:57 . 2010-06-04 15:19 -------- d-----w- c:\users\Felix\AppData\Roaming\HLSW
    2010-07-20 11:40 . 2010-07-20 11:40 0 ----a-w- c:\windows\system32\cd.dat
    2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\users\Felix\AppData\Roaming\Ubisoft
    2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\programdata\Ubisoft
    2010-07-19 20:11 . 2010-07-19 19:58 -------- d-----w- c:\program files\Ubisoft
    2010-07-16 21:51 . 2010-04-11 00:57 -------- d-----w- c:\program files\Full Tilt Poker
    2010-07-12 18:24 . 2010-07-12 18:24 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
    2010-07-12 18:24 . 2010-07-12 18:24 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
    2010-07-09 20:48 . 2009-11-29 19:56 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-07-08 03:03 . 2010-07-08 03:03 -------- d-----w- c:\users\pizzowned\AppData\Roaming\DivX
    2010-06-30 16:02 . 2009-12-09 18:19 -------- d-----w- c:\program files\PokerStars
    2010-06-28 03:15 . 2010-04-17 15:01 256 ----a-w- c:\windows\system32\pool.bin
    2010-06-23 02:48 . 2010-06-23 02:48 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
    2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-06-01 17:37 . 2009-11-29 16:28 221568 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

    [HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
    2010-01-24 08:21 2166296 ----a-w- c:\program files\Peer2Peer-EN\tbPee1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

    [HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

    [HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-11-30 1232896]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2010-01-13 4281584]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-12-04 737280]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
    path=c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
    backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-02-17 23:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
    2010-01-19 15:17 1565696 ----a-w- c:\program files\BellCanada\McciTrayApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-11-29 22:45 135664 ----atw- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
    2010-04-21 08:26 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
    2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
    2010-02-09 21:14 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-03 01:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-11-30 08:21 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
    2006-11-02 09:45 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-08-24 15:45 1242448 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-11-29 22:56 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
     
  16. defy

    defy TS Rookie Topic Starter Posts: 26

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
    2009-03-12 17:53 483422 ----a-w- c:\program files\IDT\WDM\sttray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2009-11-29 20:10 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
    2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1746604758-1044917362-344122428-1000]
    "EnableNotificationsRef"=dword:00000001

    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-08 3290184]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-08 691696]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
    S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-13 689392]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000Core.job
    - c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

    2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000UA.job
    - c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

    2010-08-27 c:\windows\Tasks\Norton Security Scan for Felix.job
    - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-12 05:27]

    2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{1AAA177D-1F84-4B11-9163-6DDC448CB382}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=14196&l=dis
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
    FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\Veetle\Player\npvlc.dll
    FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
    FF - plugin: c:\users\Felix\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-28 16:28
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-08-28 16:33:52
    ComboFix-quarantined-files.txt 2010-08-28 20:33
    ComboFix2.txt 2010-08-22 22:32

    Pre-Run: 187,593,797,632 bytes free
    Post-Run: 187,684,098,048 bytes free

    - - End Of File - - 19803184E63FA948AC1B9A11CE037CA8
     
  17. Broni

    Broni Malware Annihilator Posts: 47,080   +258

    Delete your Combofix file, download fresh one, run it and post new log.
     
  18. defy

    defy TS Rookie Topic Starter Posts: 26

    with the CFScript or without?
     
  19. Broni

    Broni Malware Annihilator Posts: 47,080   +258

    Without, straight scan.
     
  20. defy

    defy TS Rookie Topic Starter Posts: 26

    ComboFix 10-08-27.03 - Felix 28/08/2010 19:28:46.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2044.1054 [GMT -4:00]
    Running from: c:\users\Felix\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    \\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
    \\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
    .
    ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))
    .

    2010-08-28 23:38 . 2010-08-28 23:38 -------- d-----w- c:\users\Felix\AppData\Local\temp
    2010-08-28 23:38 . 2010-08-28 23:38 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-08-28 23:38 . 2010-08-28 23:38 -------- d-----w- c:\users\pizzowned\AppData\Local\temp
    2010-08-28 23:38 . 2010-08-28 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-08-28 23:27 . 2010-08-28 23:27 -------- d-----w- C:\32788R22FWJFW
    2010-08-25 21:14 . 2010-08-25 21:14 -------- d-----w- c:\users\Felix\AppData\Roaming\LolClient
    2010-08-25 20:56 . 2010-08-25 20:56 -------- d-----w- C:\Riot Games
    2010-08-24 15:46 . 2010-08-24 15:48 -------- d-----w- c:\program files\Hotspot Shield
    2010-08-22 16:15 . 2010-08-22 16:15 -------- d-----w- c:\users\Felix\AppData\Roaming\Avira
    2010-08-21 19:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-21 19:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-21 18:56 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-08-21 18:56 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-08-21 18:56 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-08-21 18:56 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\programdata\Avira
    2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\program files\Avira
    2010-08-13 23:06 . 2010-08-13 23:06 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-08-13 22:26 . 2010-08-13 23:06 -------- d-----w- c:\programdata\Blizzard Entertainment
    2010-08-13 22:26 . 2010-08-17 17:14 -------- d-----w- c:\program files\StarCraft II
    2010-08-07 05:57 . 2010-08-07 05:57 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
    2010-08-07 05:54 . 2007-08-28 09:05 55808 ----a-w- c:\windows\system32\drivers\xusb21.sys
    2010-08-04 20:57 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-08-04 20:57 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-08-04 20:57 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-08-04 20:57 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-08-04 20:57 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\program files\Trojan Remover
    2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\users\Felix\AppData\Roaming\Simply Super Software
    2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\programdata\Simply Super Software
    2010-08-02 23:04 . 2010-08-02 23:04 -------- d-----w- c:\users\Felix\AppData\Roaming\Malwarebytes
    2010-08-02 22:57 . 2010-08-21 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-02 22:57 . 2010-08-02 22:57 -------- d-----w- c:\programdata\Malwarebytes
    2010-08-01 19:01 . 2010-01-12 01:00 4332136 ----a-w- c:\windows\system32\NVStWiz.exe
    2010-08-01 18:57 . 2010-08-01 18:58 680 ----a-w- c:\users\Felix\AppData\Local\d3d9caps.dat
    2010-07-30 22:14 . 2010-07-30 22:14 -------- d-----w- c:\users\Felix\AppData\Roaming\2K Sports
    2010-07-30 21:55 . 2010-07-30 21:55 -------- d-----w- c:\program files\2K Sports
    2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\programdata\KONAMI
    2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\program files\KONAMI

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-28 23:13 . 2010-04-15 17:49 -------- d-----w- c:\users\Felix\AppData\Roaming\foobar2000
    2010-08-28 20:11 . 2010-08-01 19:04 34895 ----a-w- c:\programdata\nvModes.dat
    2010-08-28 01:14 . 2010-02-04 04:43 -------- d-----w- c:\program files\Steam
    2010-08-26 15:37 . 2010-08-28 15:44 1364346 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescript.dll
    2010-08-26 15:37 . 2010-08-28 15:44 2867574 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeheur.dll
    2010-08-26 15:36 . 2010-08-28 15:44 242038 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aehelp.dll
    2010-08-26 15:36 . 2010-08-28 15:44 397684 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aegen.dll
    2010-08-25 20:56 . 2009-11-29 17:03 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-25 20:17 . 2010-02-09 21:15 -------- d-----w- c:\programdata\PMB Files
    2010-08-22 19:37 . 2010-01-30 05:53 -------- d-----w- c:\users\Felix\AppData\Roaming\FrostWire
    2010-08-21 18:59 . 2010-08-28 15:44 254324 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aesbx.dll
    2010-08-21 18:59 . 2010-08-28 15:44 106868 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aevdf.dll
    2010-08-21 18:59 . 2010-08-28 15:44 614772 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aerdl.dll
    2010-08-21 18:59 . 2010-08-28 15:44 127347 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescn.dll
    2010-08-21 18:59 . 2010-08-28 15:44 471412 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aepack.dll
    2010-08-21 18:59 . 2010-08-28 15:44 201081 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeoffice.dll
    2010-08-21 18:59 . 2010-08-28 15:44 393588 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeemu.dll
    2010-08-21 18:59 . 2010-08-28 15:44 53618 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aebb.dll
    2010-08-21 18:59 . 2010-08-28 15:44 192887 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aecore.dll
    2010-08-20 14:36 . 2010-07-17 18:47 -------- d-----w- c:\program files\JDownloader
    2010-08-13 22:54 . 2010-06-09 15:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-08-11 18:17 . 2009-11-30 19:52 -------- d-----w- c:\users\Felix\AppData\Roaming\Azureus
    2010-08-07 05:55 . 2010-08-07 05:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
    2010-08-01 19:04 . 2010-02-05 16:24 -------- d-----w- c:\programdata\NVIDIA
    2010-08-01 19:01 . 2009-11-29 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-08-01 19:00 . 2010-02-05 16:22 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\users\Felix\AppData\Roaming\Softplicity
    2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\program files\TotalAudioConverter
    2010-07-27 22:32 . 2010-07-27 22:32 117552 ----a-w- c:\users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-07-27 22:32 . 2010-07-27 22:32 -------- d-----w- c:\users\Felix\AppData\Roaming\ManyCam
    2010-07-27 22:29 . 2010-04-09 23:30 -------- d-----w- c:\programdata\Bell
    2010-07-27 22:27 . 2010-04-18 19:34 -------- d-----w- c:\users\pizzowned\AppData\Roaming\Bell
    2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\users\Felix\AppData\Roaming\Bell
    2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\program files\Bell
    2010-07-26 19:17 . 2010-07-19 19:40 -------- d-----w- c:\program files\AC3Filter
    2010-07-26 19:15 . 2010-07-26 19:15 -------- d-----w- c:\program files\MediaInfo
    2010-07-26 19:06 . 2010-05-03 18:27 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-07-26 19:06 . 2010-05-03 18:21 -------- d-----w- c:\programdata\DivX
    2010-07-26 19:06 . 2010-07-26 19:06 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-07-26 19:06 . 2009-11-29 22:54 -------- d-----w- c:\program files\DivX
    2010-07-26 19:06 . 2010-07-26 19:06 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
    2010-07-26 19:05 . 2010-07-26 19:05 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
    2010-07-26 19:04 . 2010-07-26 19:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-07-26 19:04 . 2010-05-03 18:23 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
    2010-07-26 19:04 . 2010-05-03 18:23 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-07-21 12:29 . 2010-07-12 20:56 0 ----a-w- c:\users\Felix\AppData\Local\Wkivogo.bin
    2010-07-20 21:57 . 2010-06-04 15:19 -------- d-----w- c:\users\Felix\AppData\Roaming\HLSW
    2010-07-20 11:40 . 2010-07-20 11:40 0 ----a-w- c:\windows\system32\cd.dat
    2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\users\Felix\AppData\Roaming\Ubisoft
    2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\programdata\Ubisoft
    2010-07-19 20:11 . 2010-07-19 19:58 -------- d-----w- c:\program files\Ubisoft
    2010-07-16 21:51 . 2010-04-11 00:57 -------- d-----w- c:\program files\Full Tilt Poker
    2010-07-12 18:24 . 2010-07-12 18:24 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
    2010-07-12 18:24 . 2010-07-12 18:24 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
    2010-07-09 20:48 . 2009-11-29 19:56 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-07-08 03:03 . 2010-07-08 03:03 -------- d-----w- c:\users\pizzowned\AppData\Roaming\DivX
    2010-06-30 16:02 . 2009-12-09 18:19 -------- d-----w- c:\program files\PokerStars
    2010-06-28 03:15 . 2010-04-17 15:01 256 ----a-w- c:\windows\system32\pool.bin
    2010-06-23 02:48 . 2010-06-23 02:48 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
    2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-06-01 17:37 . 2009-11-29 16:28 221568 ------w- c:\windows\system32\MpSigStub.exe
    .
     
  21. defy

    defy TS Rookie Topic Starter Posts: 26

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

    [HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
    2010-01-24 08:21 2166296 ----a-w- c:\program files\Peer2Peer-EN\tbPee1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

    [HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

    [HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-11-30 1232896]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2010-01-13 4281584]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-12-04 737280]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
    path=c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
    backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-02-17 23:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
    2010-01-19 15:17 1565696 ----a-w- c:\program files\BellCanada\McciTrayApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-11-29 22:45 135664 ----atw- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
    2010-04-21 08:26 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
    2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
    2010-02-09 21:14 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-03 01:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-11-30 08:21 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
    2006-11-02 09:45 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-08-24 15:45 1242448 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-11-29 22:56 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
    2009-03-12 17:53 483422 ----a-w- c:\program files\IDT\WDM\sttray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2009-11-29 20:10 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
    2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1746604758-1044917362-344122428-1000]
    "EnableNotificationsRef"=dword:00000001

    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-08 3290184]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-08 691696]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
    S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-13 689392]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000Core.job
    - c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

    2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000UA.job
    - c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

    2010-08-27 c:\windows\Tasks\Norton Security Scan for Felix.job
    - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-12 05:27]

    2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{1AAA177D-1F84-4B11-9163-6DDC448CB382}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=14196&l=dis
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
    FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\Veetle\Player\npvlc.dll
    FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
    FF - plugin: c:\users\Felix\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-28 19:38
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-08-28 19:45:20
    ComboFix-quarantined-files.txt 2010-08-28 23:45
    ComboFix2.txt 2010-08-28 20:33
    ComboFix3.txt 2010-08-22 22:32

    Pre-Run: 187,632,181,248 bytes free
    Post-Run: 187,598,221,312 bytes free

    - - End Of File - - 4C7235D46EEBCC3277DE586CC3A7D438
     
  22. Broni

    Broni Malware Annihilator Posts: 47,080   +258

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\Felix\AppData\Local\Wkivogo.bin
    c:\windows\system32\cd.dat
    
    DirLook::
    c:\users\Felix\AppData\Roaming\HLSW
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  23. defy

    defy TS Rookie Topic Starter Posts: 26

    ComboFix 10-08-27.03 - Felix 28/08/2010 20:22:19.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2044.979 [GMT -4:00]
    Running from: c:\users\Felix\Desktop\ComboFix.exe
    Command switches used :: c:\users\Felix\Desktop\cfscript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\users\Felix\AppData\Local\Wkivogo.bin"
    "c:\windows\system32\cd.dat"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Felix\AppData\Local\Wkivogo.bin
    c:\windows\system32\cd.dat

    .
    \\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
    \\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
    .
    ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
    .

    2010-08-29 00:30 . 2010-08-29 00:30 -------- d-----w- c:\users\Felix\AppData\Local\temp
    2010-08-29 00:30 . 2010-08-29 00:30 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-08-29 00:30 . 2010-08-29 00:30 -------- d-----w- c:\users\pizzowned\AppData\Local\temp
    2010-08-29 00:30 . 2010-08-29 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-08-29 00:20 . 2010-08-29 00:21 -------- d-----w- C:\32788R22FWJFW
    2010-08-25 21:14 . 2010-08-25 21:14 -------- d-----w- c:\users\Felix\AppData\Roaming\LolClient
    2010-08-25 20:56 . 2010-08-25 20:56 -------- d-----w- C:\Riot Games
    2010-08-24 15:46 . 2010-08-24 15:48 -------- d-----w- c:\program files\Hotspot Shield
    2010-08-22 16:15 . 2010-08-22 16:15 -------- d-----w- c:\users\Felix\AppData\Roaming\Avira
    2010-08-21 19:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-21 19:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-21 18:56 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-08-21 18:56 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-08-21 18:56 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-08-21 18:56 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\programdata\Avira
    2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\program files\Avira
    2010-08-13 23:06 . 2010-08-13 23:06 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-08-13 22:26 . 2010-08-13 23:06 -------- d-----w- c:\programdata\Blizzard Entertainment
    2010-08-13 22:26 . 2010-08-17 17:14 -------- d-----w- c:\program files\StarCraft II
    2010-08-07 05:57 . 2010-08-07 05:57 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
    2010-08-07 05:54 . 2007-08-28 09:05 55808 ----a-w- c:\windows\system32\drivers\xusb21.sys
    2010-08-04 20:57 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-08-04 20:57 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-08-04 20:57 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-08-04 20:57 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-08-04 20:57 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\program files\Trojan Remover
    2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\users\Felix\AppData\Roaming\Simply Super Software
    2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\programdata\Simply Super Software
    2010-08-02 23:04 . 2010-08-02 23:04 -------- d-----w- c:\users\Felix\AppData\Roaming\Malwarebytes
    2010-08-02 22:57 . 2010-08-21 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-02 22:57 . 2010-08-02 22:57 -------- d-----w- c:\programdata\Malwarebytes
    2010-08-01 19:01 . 2010-01-12 01:00 4332136 ----a-w- c:\windows\system32\NVStWiz.exe
    2010-08-01 18:57 . 2010-08-01 18:58 680 ----a-w- c:\users\Felix\AppData\Local\d3d9caps.dat
    2010-07-30 22:14 . 2010-07-30 22:14 -------- d-----w- c:\users\Felix\AppData\Roaming\2K Sports
    2010-07-30 21:55 . 2010-07-30 21:55 -------- d-----w- c:\program files\2K Sports
    2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\programdata\KONAMI
    2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\program files\KONAMI

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-28 23:48 . 2010-04-15 17:49 -------- d-----w- c:\users\Felix\AppData\Roaming\foobar2000
    2010-08-28 20:11 . 2010-08-01 19:04 34895 ----a-w- c:\programdata\nvModes.dat
    2010-08-28 01:14 . 2010-02-04 04:43 -------- d-----w- c:\program files\Steam
    2010-08-26 15:37 . 2010-08-28 15:44 1364346 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescript.dll
    2010-08-26 15:37 . 2010-08-28 15:44 2867574 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeheur.dll
    2010-08-26 15:36 . 2010-08-28 15:44 242038 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aehelp.dll
    2010-08-26 15:36 . 2010-08-28 15:44 397684 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aegen.dll
    2010-08-25 20:56 . 2009-11-29 17:03 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-25 20:17 . 2010-02-09 21:15 -------- d-----w- c:\programdata\PMB Files
    2010-08-22 19:37 . 2010-01-30 05:53 -------- d-----w- c:\users\Felix\AppData\Roaming\FrostWire
    2010-08-21 18:59 . 2010-08-28 15:44 254324 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aesbx.dll
    2010-08-21 18:59 . 2010-08-28 15:44 106868 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aevdf.dll
    2010-08-21 18:59 . 2010-08-28 15:44 614772 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aerdl.dll
    2010-08-21 18:59 . 2010-08-28 15:44 127347 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescn.dll
    2010-08-21 18:59 . 2010-08-28 15:44 471412 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aepack.dll
    2010-08-21 18:59 . 2010-08-28 15:44 201081 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeoffice.dll
    2010-08-21 18:59 . 2010-08-28 15:44 393588 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeemu.dll
    2010-08-21 18:59 . 2010-08-28 15:44 53618 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aebb.dll
    2010-08-21 18:59 . 2010-08-28 15:44 192887 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aecore.dll
    2010-08-20 14:36 . 2010-07-17 18:47 -------- d-----w- c:\program files\JDownloader
    2010-08-13 22:54 . 2010-06-09 15:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-08-11 18:17 . 2009-11-30 19:52 -------- d-----w- c:\users\Felix\AppData\Roaming\Azureus
    2010-08-07 05:55 . 2010-08-07 05:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
    2010-08-01 19:04 . 2010-02-05 16:24 -------- d-----w- c:\programdata\NVIDIA
    2010-08-01 19:01 . 2009-11-29 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-08-01 19:00 . 2010-02-05 16:22 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\users\Felix\AppData\Roaming\Softplicity
    2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\program files\TotalAudioConverter
    2010-07-27 22:32 . 2010-07-27 22:32 117552 ----a-w- c:\users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-07-27 22:32 . 2010-07-27 22:32 -------- d-----w- c:\users\Felix\AppData\Roaming\ManyCam
    2010-07-27 22:29 . 2010-04-09 23:30 -------- d-----w- c:\programdata\Bell
    2010-07-27 22:27 . 2010-04-18 19:34 -------- d-----w- c:\users\pizzowned\AppData\Roaming\Bell
    2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\users\Felix\AppData\Roaming\Bell
    2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\program files\Bell
    2010-07-26 19:17 . 2010-07-19 19:40 -------- d-----w- c:\program files\AC3Filter
    2010-07-26 19:15 . 2010-07-26 19:15 -------- d-----w- c:\program files\MediaInfo
    2010-07-26 19:06 . 2010-05-03 18:27 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-07-26 19:06 . 2010-05-03 18:21 -------- d-----w- c:\programdata\DivX
    2010-07-26 19:06 . 2010-07-26 19:06 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-07-26 19:06 . 2009-11-29 22:54 -------- d-----w- c:\program files\DivX
    2010-07-26 19:06 . 2010-07-26 19:06 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
    2010-07-26 19:06 . 2010-07-26 19:06 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
    2010-07-26 19:05 . 2010-07-26 19:05 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
    2010-07-26 19:04 . 2010-07-26 19:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-07-26 19:04 . 2010-05-03 18:23 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
    2010-07-26 19:04 . 2010-05-03 18:23 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-07-20 21:57 . 2010-06-04 15:19 -------- d-----w- c:\users\Felix\AppData\Roaming\HLSW
    2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\users\Felix\AppData\Roaming\Ubisoft
    2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\programdata\Ubisoft
    2010-07-19 20:11 . 2010-07-19 19:58 -------- d-----w- c:\program files\Ubisoft
    2010-07-16 21:51 . 2010-04-11 00:57 -------- d-----w- c:\program files\Full Tilt Poker
    2010-07-12 18:24 . 2010-07-12 18:24 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
    2010-07-12 18:24 . 2010-07-12 18:24 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
    2010-07-09 20:48 . 2009-11-29 19:56 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-07-08 03:03 . 2010-07-08 03:03 -------- d-----w- c:\users\pizzowned\AppData\Roaming\DivX
    2010-06-30 16:02 . 2009-12-09 18:19 -------- d-----w- c:\program files\PokerStars
    2010-06-28 03:15 . 2010-04-17 15:01 256 ----a-w- c:\windows\system32\pool.bin
    2010-06-23 02:48 . 2010-06-23 02:48 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
    2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-06-01 17:37 . 2009-11-29 16:28 221568 ------w- c:\windows\system32\MpSigStub.exe
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\users\Felix\AppData\Roaming\HLSW ----

    2010-06-04 16:48 . 2010-06-04 16:48 123 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\ipspace.dat
    2010-06-04 16:48 . 2010-06-04 16:48 2 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\filter.dat
    2010-06-04 16:48 . 2010-06-04 16:48 46 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\plugin_Simple FTP Client.cfg
    2010-06-04 16:48 . 2010-06-04 16:48 46 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\plugin_Call of Duty Configuration Plugin.cfg
    2010-06-04 16:48 . 2010-06-04 16:48 48 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\plugin_Multi Messenger Plugin.cfg
    2010-06-04 15:22 . 2010-06-04 15:22 89 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\connect.log
    2010-06-04 15:20 . 2010-06-04 16:48 8 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\wonid.db7
    2010-06-04 15:20 . 2010-06-04 15:20 0 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\wonid.db7.backup
    2010-06-04 15:20 . 2010-06-04 16:48 2100 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\serverlist.sl32
    2010-06-04 15:20 . 2010-06-04 15:22 2101 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\serverlist.sl32.backup
    2010-06-04 15:20 . 2010-06-04 15:20 0 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\filesmoved.dat
    2010-06-04 15:20 . 2010-06-04 16:48 26565 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\debug.log
    2010-06-04 15:19 . 2010-06-04 15:22 904 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\lan.sl32.backup
    2010-06-04 15:19 . 2010-06-04 15:22 18650 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\hlsw.sl32.backup


    ((((((((((((((((((((((((((((( SnapShot@2010-08-22_22.29.25 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-11-02 13:05 . 2010-08-24 15:48 63290 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:02 . 2010-08-28 15:44 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2006-11-02 13:02 . 2010-08-22 22:15 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2006-11-02 13:02 . 2010-08-22 22:15 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2006-11-02 13:02 . 2010-08-28 15:44 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-12-01 08:47 . 2010-08-24 22:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-12-01 08:47 . 2010-08-19 22:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-12-01 08:47 . 2010-08-19 22:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-12-01 08:47 . 2010-08-24 22:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-12-01 08:47 . 2010-08-19 22:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-12-01 08:47 . 2010-08-24 22:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-11-29 22:20 . 2010-08-24 15:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-11-29 22:20 . 2010-08-22 22:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-11-29 22:20 . 2010-08-22 22:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-11-29 22:20 . 2010-08-24 15:44 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-11-29 22:20 . 2010-08-22 22:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-11-29 22:20 . 2010-08-24 15:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2006-11-02 10:25 . 2010-08-07 05:54 86016 c:\windows\inf\infstrng.dat
    + 2006-11-02 10:25 . 2010-08-24 15:48 86016 c:\windows\inf\infstrng.dat
    - 2006-11-02 10:25 . 2010-08-07 05:54 51200 c:\windows\inf\infpub.dat
    + 2006-11-02 10:25 . 2010-08-24 15:48 51200 c:\windows\inf\infpub.dat
    + 2009-11-28 23:34 . 2010-08-24 15:48 9606 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1746604758-1044917362-344122428-1000_UserData.bin
    + 2010-08-22 22:14 . 2010-08-24 15:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-08-22 22:14 . 2010-08-22 22:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-08-22 22:14 . 2010-08-22 22:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-08-22 22:14 . 2010-08-24 15:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2006-11-02 10:33 . 2010-08-22 22:22 625810 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2010-08-24 15:50 625810 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2010-08-24 15:50 108966 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2010-08-22 22:22 108966 c:\windows\System32\perfc009.dat
    - 2010-08-21 19:17 . 2010-08-22 22:15 458752 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-08-21 19:17 . 2010-08-28 15:44 458752 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-08-25 21:00 . 2010-08-25 21:00 216576 c:\windows\Installer\65162bd.msi
    .
     
  24. defy

    defy TS Rookie Topic Starter Posts: 26

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

    [HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
    2010-01-24 08:21 2166296 ----a-w- c:\program files\Peer2Peer-EN\tbPee1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

    [HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

    [HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-11-30 1232896]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2010-01-13 4281584]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-12-04 737280]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
    path=c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
    backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-02-17 23:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
    2010-01-19 15:17 1565696 ----a-w- c:\program files\BellCanada\McciTrayApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-11-29 22:45 135664 ----atw- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
    2010-04-21 08:26 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
    2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
    2010-02-09 21:14 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-03 01:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-11-30 08:21 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
    2006-11-02 09:45 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-08-24 15:45 1242448 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-11-29 22:56 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
    2009-03-12 17:53 483422 ----a-w- c:\program files\IDT\WDM\sttray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2009-11-29 20:10 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
    2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1746604758-1044917362-344122428-1000]
    "EnableNotificationsRef"=dword:00000001

    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-08 3290184]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-08 691696]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
    S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-13 689392]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000Core.job
    - c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

    2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000UA.job
    - c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

    2010-08-28 c:\windows\Tasks\Norton Security Scan for Felix.job
    - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-12 05:27]

    2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{1AAA177D-1F84-4B11-9163-6DDC448CB382}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=14196&l=dis
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
    FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\Veetle\Player\npvlc.dll
    FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
    FF - plugin: c:\users\Felix\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-28 20:30
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-08-28 20:36:42
    ComboFix-quarantined-files.txt 2010-08-29 00:36
    ComboFix2.txt 2010-08-28 23:45
    ComboFix3.txt 2010-08-28 20:33
    ComboFix4.txt 2010-08-22 22:32

    Pre-Run: 187,633,471,488 bytes free
    Post-Run: 187,591,397,376 bytes free

    - - End Of File - - 9C98C7A4171F4BBCE12E6A305A3155EC
     
  25. Broni

    Broni Malware Annihilator Posts: 47,080   +258

    Good :)

    How is computer doing at the moment?

    Update MBAM, run "Quick scan" and post new log.

    Then....

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.