Windows 7, can't access directories (aka explorer), control panel

Inactive
By jamezuva
Oct 1, 2011
  1. Hi, got a new computer about a month ago and immediately installed Avast as anti-virus. Also have been using Peerblock. Haven't visited any sketchy websites or opened any suspicious e-mails/programs as far as I remember.

    Last night, I noticed my network icon in the bottom right showed a red "X" even though I am still able to use the internet. I then noticed I would get an error whenever I tried to click the icon to access my directories under explorer or access the control panel. The error message in each instance is "Windows cannot access the specified device path or file. You may not have the appropiate permission to access the item."

    I am the only user on the computer so am the Administrator. I have 2 Harddrives, both have Windows 7 64-bit installed, the primary being a solid-state drive, and the other being a conventional HD.

    I ran a full Avast check which didn't find much, just 1 sketchy mp3 I've had for a long time on one of my external HDs (I have 2 connected total) which didn't solve the problem. Also downloaded and ran Spybot S&D which found 2 things but correcting those didn't solve problem. I've rebooted several times and nothing has changed in terms of my access.

    Also, sometimes when I'm trying to install something it'll say that Windows Installer is messed up and I can't even seem to replace that via the files I tried to download off microsoft's website.

    I haven't tried booting from my conventional internal HD but I'm afraid that'll get corrupted too so I'm hesitant to yet.

    I'm kinda freaking out. Could anything other a virus cause this?

    ---------------------------------------------------------------------------------
    LOG FILES:

    MalwareBytes:
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7839

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    10/1/2011 7:01:32 AM
    mbam-log-2011-10-01 (07-01-32).txt

    Scan type: Quick scan
    Objects scanned: 198322
    Time elapsed: 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    f:\Users\Jamez\favorites\mp3 downloads - another obscure corrs mp3 site.url (Rogue.Link) -> Quarantined and deleted successfully.

    ---------------------------------------------------------
    DDS:

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Jamez at 19:48:47 on 2011-10-01
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8168.5815 [GMT -7:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    F:\Program Files\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    F:\Program Files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
    F:\Program Files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
    F:\Program Files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    F:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
    F:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    F:\Program Files\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    F:\Program Files (x86)\PowerDVD11\PowerDVD11\PDVD11Serv.exe
    F:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
    F:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskeng.exe
    F:\Program Files (x86)\PC Tools Utilities\pt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - F:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - F:\Program Files\Avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - F:\Program Files (x86)\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - F:\Program Files\Avast\aswWebRepIE.dll
    uRun: [Google Update] "C:\Users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [PeerBlock] F:\Program Files\PeerBlock\peerblock.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SpybotSD TeaTimer] F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [avast] "F:\Program Files\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [RemoteControl11] F:\Program Files (x86)\PowerDVD11\PowerDVD11\PDVD11Serv.exe
    mRun: [PowerPanel Personal Edition User Interaction] F:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
    mRun: [WinampAgent] "F:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - F:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~2\SPYBOT~1\SDHelper.dll
    Trusted Zone: huntingtonhospital.com\connect
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8D84D58D-8557-4CAB-8E6F-556339F5D9CE} - hxxp://10.217.1.31/hrs/download/Setup.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect.huntingtonhospital.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
    TCP: Interfaces\{D57B7813-8D68-4654-B3BD-89DDABE39123} : DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\Avast\aswWebRepIE.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\Avast\aswWebRepIE.dll
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [avast] "F:\Program Files\Avast\avastUI.exe" /nogui
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun-x64: [RemoteControl11] F:\Program Files (x86)\PowerDVD11\PowerDVD11\PDVD11Serv.exe
    mRun-x64: [PowerPanel Personal Edition User Interaction] F:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
    mRun-x64: [WinampAgent] "F:\Program Files (x86)\Winamp\winampa.exe"
    mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jamez\AppData\Roaming\Mozilla\Firefox\Profiles\wy36biyv.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20110924&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Jamez\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Jamez\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Jamez\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\Jamez\AppData\Roaming\Mozilla\plugins\npicaN.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: F:\Program Files (x86)\bin\new_plugin\npdeployJava1.dll
    FF - plugin: F:\Program Files (x86)\bin\new_plugin\npjp2.dll
    FF - plugin: F:\Program Files\Mozilla Firefox\plugins\npicaN.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);\??\C:\Windows\system32\Drivers\NEOFLTR_650_14951.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_14951.SYS [?]
    R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/19 13:13:44];F:\Program Files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl [2011-8-26 148976]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;F:\Program Files\Avast\AvastSvc.exe [2011-9-9 44768]
    R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;F:\Program Files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-9-19 83240]
    R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;F:\Program Files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-9-19 75048]
    R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;F:\Program Files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-9-19 292136]
    R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    R2 ntk_PowerDVD;ntk_PowerDVD;F:\Program Files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-9-19 75248]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-2 2255464]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-9-30 632800]
    R2 SBSDWSCService;SBSD Security Center Service;F:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-30 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
    R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
    R3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;C:\Windows\system32\DRIVERS\e1q62x64.sys --> C:\Windows\system32\DRIVERS\e1q62x64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 DMDefragService;Performance Toolkit Disk Defrag Service;F:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-9-30 1050592]
    S3 DMRepairService;Performance Toolkit Disk Repair Service;F:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-9-30 1034208]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-9-21 130976]
    S3 pbfilter;pbfilter;F:\Program Files\PeerBlock\pbfilter.sys [2011-9-14 24176]
    S3 PCTDMDefrag;PCTDMDefrag;C:\Windows\System32\drivers\PCTDMDefrag.sys [2011-9-30 108056]
    S3 PCTDSMon;PCTDSMon;\??\C:\Windows\system32\drivers\PCTDSMon.sys --> C:\Windows\system32\drivers\PCTDSMon.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-10-01 14:05:07 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C9BAF77-C4CD-44A9-B3CE-730018C902D2}\offreg.dll
    2011-10-01 06:59:16 -------- d-----w- C:\Users\Jamez\AppData\Roaming\Malwarebytes
    2011-10-01 06:59:12 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-01 06:59:08 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-10-01 06:11:27 -------- d-----w- C:\Users\Jamez\AppData\Roaming\Registry Mechanic
    2011-10-01 06:08:47 -------- d-----w- C:\Program Files\CCleaner
    2011-10-01 06:06:08 -------- d-----w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2011-10-01 06:03:39 -------- d-----w- F:\Users\Jamez\AppData\Local\PackageAware
    2011-10-01 05:58:14 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
    2011-10-01 05:58:13 189880 ----a-w- C:\Windows\System32\drivers\PCTDSMon.sys
    2011-10-01 05:58:13 162328 ----a-w- C:\Windows\System32\drivers\PCTDMDefrag.sys
    2011-10-01 05:58:13 108056 ----a-w- C:\Windows\SysWow64\drivers\PCTDMDefrag.sys
    2011-10-01 05:58:12 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx
    2011-10-01 05:58:12 658432 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
    2011-10-01 05:58:12 506368 ----a-w- C:\Windows\SysWow64\msxml.dll
    2011-10-01 05:58:12 40416 ----a-w- C:\Windows\System32\CleanMFT64.exe
    2011-10-01 05:58:12 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx
    2011-10-01 05:58:12 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx
    2011-10-01 05:58:11 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2011-10-01 05:58:09 -------- d-----w- C:\ProgramData\PC Tools
    2011-10-01 05:45:42 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C9BAF77-C4CD-44A9-B3CE-730018C902D2}\mpengine.dll
    2011-10-01 05:43:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-10-01 04:48:50 -------- d-----w- C:\ProgramData\Citrix
    2011-09-24 06:52:55 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2011-09-23 20:29:33 -------- d-----w- C:\ProgramData\Soulseek
    2011-09-23 17:40:46 -------- d-----w- C:\Users\Jamez\AppData\Roaming\Azureus
    2011-09-22 02:46:41 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-09-22 02:42:32 -------- d-----w- C:\ProgramData\boost_interprocess
    2011-09-22 00:46:04 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenu
    2011-09-22 00:45:55 -------- d-----w- C:\ProgramData\CanonIJ
    2011-09-22 00:41:52 -------- d--h--w- C:\ProgramData\CanonIJScan
    2011-09-22 00:41:32 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter
    2011-09-22 00:41:27 -------- d-----w- C:\ProgramData\CanonIJPLM
    2011-09-22 00:37:34 -------- d-----w- C:\Program Files\Common Files\CANON
    2011-09-22 00:36:33 -------- d-----w- C:\Program Files\Canon
    2011-09-22 00:35:51 151040 ----a-w- C:\Windows\System32\CNMN6UI.DLL
    2011-09-22 00:35:50 251392 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
    2011-09-22 00:34:26 -------- d-----w- C:\Program Files (x86)\Canon
    2011-09-20 20:14:30 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
    2011-09-20 20:14:30 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
    2011-09-20 20:14:30 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
    2011-09-20 20:14:30 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
    2011-09-20 20:14:29 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
    2011-09-20 20:14:29 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
    2011-09-20 20:14:29 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
    2011-09-20 20:14:29 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
    2011-09-20 17:22:36 -------- d-----w- C:\Users\Jamez\AppData\Roaming\XnView
    2011-09-19 20:13:44 -------- d-----w- C:\ProgramData\PDVD
    2011-09-19 20:12:40 -------- d-----w- C:\ProgramData\install_clap
    2011-09-17 01:58:14 -------- d-----w- C:\ProgramData\Media Center Programs
    2011-09-17 01:55:22 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
    2011-09-17 01:14:01 -------- d-----w- C:\Windows\Msagent
    2011-09-15 02:30:28 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2011-09-15 02:30:24 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-09-15 02:30:24 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2011-09-14 01:42:24 -------- d-----w- C:\Program Files (x86)\Common Files\McKesson
    2011-09-12 04:13:57 -------- d-----w- C:\Users\Jamez\AppData\Roaming\NVIDIA
    2011-09-12 04:13:57 -------- d-----w- C:\Users\Jamez\AppData\Roaming\Crayon Physics Deluxe
    2011-09-12 04:03:01 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-09-12 04:03:01 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-09-12 04:03:01 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2011-09-12 04:03:01 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2011-09-12 04:03:01 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-09-12 00:56:24 -------- d-----w- C:\Windows\Downloaded Installations
    2011-09-12 00:46:00 100400 ----a-w- C:\Windows\System32\drivers\NEOFLTR_650_14951.SYS
    2011-09-12 00:45:52 -------- d-----w- C:\Program Files (x86)\Juniper Networks
    2011-09-12 00:45:41 -------- d-----w- C:\Users\Jamez\AppData\Roaming\Juniper Networks
    2011-09-12 00:45:08 -------- d-----w- C:\Users\Jamez\AppData\Roaming\ICAClient
    2011-09-12 00:44:57 73728 ----a-r- C:\Users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
    2011-09-12 00:44:57 73728 ----a-r- C:\Users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
    2011-09-12 00:35:40 -------- d-----w- C:\Windows\SysWow64\Wat
    2011-09-12 00:35:40 -------- d-----w- C:\Windows\System32\Wat
    2011-09-12 00:19:00 92672 ----a-w- C:\Windows\System32\CNC860I.DLL
    2011-09-12 00:19:00 299520 ----a-w- C:\Windows\System32\CNC860L.DLL
    2011-09-12 00:19:00 235008 ----a-w- C:\Windows\System32\CNC860O.DLL
    2011-09-12 00:19:00 17920 ----a-w- C:\Windows\System32\CNHMCA6.DLL
    2011-09-12 00:19:00 1342976 ----a-w- C:\Windows\System32\CNC860C.DLL
    2011-09-10 05:03:05 -------- d-----w- C:\Windows\FLV Player
    2011-09-10 03:33:14 -------- d-----w- C:\Users\Jamez\AppData\Roaming\Origin
    2011-09-10 03:33:08 -------- d-----w- C:\ProgramData\Origin
    2011-09-10 03:33:08 -------- d-----w- C:\ProgramData\Electronic Arts
    2011-09-10 03:33:08 -------- d-----w- C:\Program Files (x86)\Origin Games
    2011-09-10 03:14:01 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2011-09-10 02:41:10 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
    2011-09-10 02:31:37 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2011-09-10 02:31:01 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-09-10 01:36:56 -------- d-----w- C:\Users\Jamez\AppData\Roaming\.purple
    2011-09-10 01:13:56 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-09-10 01:13:56 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-09-10 01:13:51 41184 ----a-w- C:\Windows\avastSS.scr
    2011-09-10 01:13:48 -------- d-----w- C:\ProgramData\AVAST Software
    2011-09-09 23:59:29 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment.Trash
    2011-09-09 23:57:52 -------- d-----w- C:\ProgramData\Blizzard Entertainment
    2011-09-09 23:57:52 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2011-09-09 23:25:16 -------- d-----w- C:\Windows\SysWow64\URTTEMP
    2011-09-09 22:50:03 3072 ----a-w- C:\Windows\System32\CNCFLjUS.DLL
    2011-09-09 22:49:58 82944 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9N.DLL
    2011-09-09 22:49:58 28160 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9N.DLL
    2011-09-09 22:49:55 290816 ----a-w- C:\Windows\System32\CNMLM9N.DLL
    2011-09-09 21:09:47 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-03 00:39:48 -------- d-----w- C:\Program Files (x86)\Marvell
    2011-09-03 00:38:49 314568 ----a-r- C:\Windows\System32\PROUnstl.exe
    2011-09-03 00:38:25 68264 ----a-w- C:\Windows\System32\e1qmsg.dll
    2011-09-03 00:38:25 303280 ----a-w- C:\Windows\System32\drivers\e1q62x64.sys
    2011-09-03 00:38:23 91840 ----a-w- C:\Windows\System32\NicInstQ.dll
    2011-09-03 00:38:15 68264 ----a-w- C:\Windows\System32\e1cmsg.dll
    2011-09-03 00:38:15 36472 ----a-w- C:\Windows\System32\NicCo36.dll
    2011-09-03 00:38:15 313520 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
    2011-09-03 00:38:14 91840 ----a-w- C:\Windows\System32\NicInstC.dll
    2011-09-03 00:38:00 -------- d-sh--w- C:\Windows\Installer
    2011-09-03 00:35:52 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
    2011-09-03 00:35:43 -------- d-----w- C:\Intel
    2011-09-02 20:40:34 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2011-09-02 20:40:22 -------- d-----w- C:\NVIDIA
    .
    ==================== Find3M ====================
    .
    2011-09-10 05:28:15 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2011-09-10 05:27:48 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-09-10 05:27:48 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-09-10 05:17:14 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
    2011-09-09 23:24:30 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe
    2011-08-03 10:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    .
    ============= FINISH: 19:49:02.28 ===============

    Attach:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/9/2011 2:02:25 PM
    System Uptime: 10/1/2011 7:02:47 AM (12 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | Maximus IV Extreme
    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 60 GiB total, 35.357 GiB free.
    D: is CDROM (UDF)
    E: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.
    F: is FIXED (NTFS) - 1863 GiB total, 1702.415 GiB free.
    G: is Removable
    I: is FIXED (NTFS) - 732 GiB total, 26.304 GiB free.
    K: is FIXED (NTFS) - 633 GiB total, 129.581 GiB free.
    M: is FIXED (FAT32) - 95 GiB total, 2.948 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP34: 9/27/2011 4:28:38 PM - Windows Update
    RP35: 9/28/2011 9:19:20 PM - Windows Update
    RP36: 9/30/2011 9:59:15 PM - Restore Operation
    RP37: 9/30/2011 10:03:49 PM - Windows Update
    RP38: 9/30/2011 10:04:05 PM - Windows Update
    RP39: 9/30/2011 10:14:39 PM - Restore Operation
    RP40: 9/30/2011 10:19:16 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    3DMark 11
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.1)
    avast! Free Antivirus
    Battlefield: Bad Company 2
    BioShock
    Call of Duty: Modern Warfare 2 - Multiplayer
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 2.1
    Canon MX860 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Citrix XenApp Web Plugin
    Crayon Physics Deluxe
    Crysis(R)
    CyberLink PowerDVD 11
    CyberPower PowerPanel Personal Edition 1.3
    Deus Ex Human Revolution Augmented Edition Bonus Content
    Deus Ex: Human Revolution
    FLV Player
    FrostWire 5.1.5
    Futuremark SystemInfo
    GameSpy Comrade
    Google Talk Plugin
    HRS 11 Distributed
    ImgBurn
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 26
    JMicron JMB36X Driver
    Juniper Networks Secure Application Manager
    Juniper Networks Setup Client
    Left 4 Dead 2
    Malwarebytes' Anti-Malware version 1.51.2.1300
    marvell 91xx driver
    Microsoft .NET Framework 1.1
    Microsoft Office 2000 Professional
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 6.0.2 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Origin
    Peggle Nights
    Performance Toolkit 1.0
    Pidgin
    Portal 2
    PunkBuster Services
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    SoulSeek 157 NS 13e
    Spybot - Search & Destroy
    StarCraft II
    Steam
    System Requirements Lab CYRI
    Team Fortress 2
    TrackMania United
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    VLC media player 1.1.11
    Vuze
    Winamp
    XnView 1.98.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/30/2011 11:15:22 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    9/30/2011 11:15:22 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    9/29/2011 6:39:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    9/29/2011 6:39:27 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/28/2011 11:04:47 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 6 time(s).
    9/27/2011 11:03:09 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 5 time(s).
    9/26/2011 10:25:43 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 4 time(s).
    9/25/2011 10:53:00 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 3 time(s).
    9/24/2011 12:22:47 AM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 1 time(s).
    9/24/2011 10:40:59 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 2 time(s).
    .
    ==== End Of File ===========================

    ***When I ran GMER, it didn't find any issues so no log file was created***
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! I'll help sort out the problems.

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Is this the mp3 you've' had for ages' just 1 sketchy mp3 I've had for a long time on one of my external HDs'?
    f:\Users\Jamez\favorites\mp3 downloads - another obscure corrs mp3 site.url (Rogue.Link) Mbam quarantine this as it appears to have the rogue link.

    Open your Favorites and delete this please.
    =====================================
    P2P Warning:
    You are using the following file sharing programs:
    FrostWire 5.1.5
    Vuze

    If you want to keep the system clean, I advise you to uninstall both for the following reasons:
    • :
    • Even if you are using a "safe" P2P program, it is only the program that is safe.
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
    ==============================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    Please post the entire log with heading resembling this:
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===========================
    I see some entries that will need to be removed and you have a lot of unnecessary processes running in the background.

    Please leave the 2 log in your next reply.
  3. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    "Is this the mp3 you've' had for ages' just 1 sketchy mp3 I've had for a long time on one of my external HDs'?
    f:\Users\Jamez\favorites\mp3 downloads - another obscure corrs mp3 site.url (Rogue.Link) Mbam quarantine this as it appears to have the rogue link."

    No, that is on my regular internal HD but it was a bookmark imported from one of my external HDs and it was also on my old computer and never gave me this type of problem. I believe Malwarebytes quarantined it.
  4. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    I uninstalled Vuze and Frostbyte (which was a little bit tricky since I can't access the uninstaller from control panel but found out I could browse my directories using Run.exe)

    For reference in the log files below, C:\ is my SSD and main Win 7 boot drive, F:\ is my conventional internal HD which also has Win 7 installed on it but I have never booted from it. E:\ is my reserve drive related to C:\. All the other drive letters are partitions from my 2 external HDs (e.g. K:\)

    Sorry, I'm not sure how to use the headers as you're describing

    ===========================================
    Combofix:

    ComboFix 11-10-02.03 - Jamez 10/02/2011 20:04:42.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8168.5824 [GMT -7:00]
    Running from: f:\firefox temp\Temporary Internet Files\Content.IE5\BNPHAY2A\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    F:\install.exe
    K:\Autorun.inf
    K:\install.exe
    K:\Setup.exe
    M:\autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-02 03:54 . 2011-10-02 03:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-10-01 06:59 . 2011-10-01 06:59 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-01 06:59 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-01 06:08 . 2011-10-01 06:08 -------- d-----w- c:\program files\CCleaner
    2011-10-01 06:06 . 2011-10-01 06:06 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2011-10-01 06:03 . 2011-10-01 06:03 -------- d-----w- f:\users\Jamez\AppData\Local\PackageAware
    2011-10-01 05:58 . 2011-03-15 17:10 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
    2011-10-01 05:58 . 2011-02-05 02:34 162328 ----a-w- c:\windows\system32\drivers\PCTDMDefrag.sys
    2011-10-01 05:58 . 2011-02-05 02:34 189880 ----a-w- c:\windows\system32\drivers\PCTDSMon.sys
    2011-10-01 05:58 . 2011-02-05 02:32 108056 ----a-w- c:\windows\SysWow64\drivers\PCTDMDefrag.sys
    2011-10-01 05:58 . 2011-02-16 15:02 40416 ----a-w- c:\windows\system32\CleanMFT64.exe
    2011-10-01 05:58 . 2008-09-18 04:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
    2011-10-01 05:58 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
    2011-10-01 05:58 . 2008-04-02 22:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
    2011-10-01 05:58 . 2008-04-02 22:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
    2011-10-01 05:58 . 2004-08-04 14:00 506368 ----a-w- c:\windows\SysWow64\msxml.dll
    2011-10-01 05:58 . 2011-10-01 05:58 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2011-10-01 05:58 . 2011-10-01 05:58 -------- d-----w- c:\programdata\PC Tools
    2011-10-01 05:45 . 2011-09-21 16:00 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C9BAF77-C4CD-44A9-B3CE-730018C902D2}\mpengine.dll
    2011-10-01 05:43 . 2011-10-01 06:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-10-01 04:48 . 2011-10-01 04:48 -------- d-----w- c:\programdata\Citrix
    2011-09-24 06:52 . 2011-09-24 06:52 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
    2011-09-23 20:29 . 2011-09-23 20:36 -------- d-----w- c:\programdata\Soulseek
    2011-09-22 02:46 . 2011-09-22 02:46 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2011-09-22 02:42 . 2011-09-22 02:42 -------- d-----w- c:\programdata\boost_interprocess
    2011-09-22 00:45 . 2011-09-22 00:45 -------- d-----w- c:\programdata\CanonIJ
    2011-09-22 00:37 . 2011-09-22 00:37 -------- d-----w- c:\program files\Common Files\CANON
    2011-09-22 00:36 . 2011-09-22 00:36 -------- d-----w- c:\program files\Canon
    2011-09-22 00:35 . 2007-05-14 15:50 151040 ----a-w- c:\windows\system32\CNMN6UI.DLL
    2011-09-22 00:35 . 2007-05-14 15:50 251392 ----a-w- c:\windows\system32\CNMN6PPM.DLL
    2011-09-22 00:34 . 2011-09-22 00:41 -------- d-----w- c:\program files (x86)\Canon
    2011-09-20 20:14 . 2010-02-04 17:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2011-09-20 20:14 . 2010-02-04 17:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
    2011-09-20 20:14 . 2010-02-04 17:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
    2011-09-20 20:14 . 2010-02-04 17:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
    2011-09-20 20:14 . 2010-02-04 17:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2011-09-20 20:14 . 2010-02-04 17:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
    2011-09-20 20:14 . 2010-02-04 17:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
    2011-09-20 20:14 . 2010-02-04 17:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
    2011-09-19 20:14 . 2011-09-19 20:14 -------- d-----w- c:\users\Public\CyberLink
    2011-09-19 20:13 . 2011-09-19 20:15 -------- d-----w- c:\programdata\PDVD
    2011-09-19 20:12 . 2011-09-19 20:13 -------- d-----w- c:\programdata\install_clap
    2011-09-19 20:10 . 2011-09-22 00:29 -------- d-----w- c:\programdata\CyberLink
    2011-09-17 01:58 . 2011-09-17 01:58 -------- d-----w- c:\programdata\Media Center Programs
    2011-09-17 01:55 . 2011-09-17 01:55 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2011-09-17 01:14 . 2011-09-17 01:14 -------- d-----w- c:\windows\Msagent
    2011-09-15 02:30 . 2011-09-15 02:30 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2011-09-15 02:30 . 2011-09-15 02:30 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2011-09-15 02:30 . 2011-09-15 02:30 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-09-15 02:30 . 2011-09-15 02:30 -------- d-----w- c:\program files (x86)\Real
    2011-09-14 01:42 . 2011-09-14 01:42 -------- d-----w- c:\program files (x86)\Common Files\McKesson
    2011-09-14 01:01 . 2011-09-14 01:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2011-09-12 04:06 . 2011-09-12 04:06 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2011-09-12 04:03 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2011-09-12 04:03 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2011-09-12 04:03 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-09-12 04:03 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-09-12 04:03 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-09-12 04:00 . 2011-09-12 04:00 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2011-09-12 00:56 . 2011-09-12 00:56 -------- d-----w- c:\windows\Downloaded Installations
    2011-09-12 00:46 . 2009-12-09 13:28 100400 ----a-w- c:\windows\system32\drivers\NEOFLTR_650_14951.SYS
    2011-09-12 00:45 . 2011-09-12 00:45 -------- d-----w- c:\program files (x86)\Juniper Networks
    2011-09-12 00:35 . 2011-09-12 00:35 -------- d-----w- c:\windows\SysWow64\Wat
    2011-09-12 00:35 . 2011-09-12 00:35 -------- d-----w- c:\windows\system32\Wat
    2011-09-12 00:19 . 2009-06-16 18:37 1342976 ----a-w- c:\windows\system32\CNC860C.DLL
    2011-09-12 00:19 . 2009-06-16 18:36 92672 ----a-w- c:\windows\system32\CNC860I.DLL
    2011-09-12 00:19 . 2009-02-19 20:20 299520 ----a-w- c:\windows\system32\CNC860L.DLL
    2011-09-12 00:19 . 2008-08-26 01:02 17920 ----a-w- c:\windows\system32\CNHMCA6.DLL
    2011-09-12 00:19 . 2008-07-16 16:39 235008 ----a-w- c:\windows\system32\CNC860O.DLL
    2011-09-10 05:03 . 2011-09-10 05:03 -------- d-----w- c:\windows\FLV Player
    2011-09-10 04:46 . 2011-09-10 04:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2011-09-10 03:33 . 2011-09-10 03:33 -------- d-----w- c:\programdata\Origin
    2011-09-10 03:33 . 2011-09-10 03:33 -------- d-----w- c:\programdata\Electronic Arts
    2011-09-10 03:33 . 2011-09-10 03:33 -------- d-----w- c:\program files (x86)\Origin Games
    2011-09-10 03:14 . 2011-10-02 03:11 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2011-09-10 02:41 . 2010-11-09 22:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
    2011-09-10 02:31 . 2011-09-10 02:31 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
    2011-09-10 02:31 . 2011-09-10 02:31 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-09-10 02:31 . 2011-09-10 02:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-09-10 01:13 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-10 01:13 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-10 01:13 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-10 01:13 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-10 01:13 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-10 01:13 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-10 01:13 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-10 01:13 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-10 01:13 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-09-10 01:13 . 2011-09-10 01:13 -------- d-----w- c:\programdata\AVAST Software
    2011-09-09 23:57 . 2011-09-10 00:41 -------- d-----w- c:\programdata\Blizzard Entertainment
    2011-09-09 23:57 . 2011-09-10 00:17 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
    2011-09-09 23:25 . 2011-09-09 23:25 -------- d-----w- c:\windows\SysWow64\URTTEMP
    2011-09-09 22:50 . 2008-09-25 19:20 3072 ----a-w- c:\windows\system32\CNCFLjTH.DLL
    2011-09-09 22:49 . 2011-09-09 22:49 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2011-09-09 22:49 . 2011-09-09 22:49 -------- d--h--w- c:\programdata\CanonBJ
    2011-09-09 22:49 . 2009-04-25 12:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9N.DLL
    2011-09-09 22:49 . 2009-04-25 12:00 28160 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9N.DLL
    2011-09-09 22:49 . 2009-04-25 12:00 290816 ----a-w- c:\windows\system32\CNMLM9N.DLL
    2011-09-09 21:09 . 2011-10-01 05:31 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-09 21:09 . 2011-09-09 21:09 -------- d-----w- c:\windows\SysWow64\Macromed
    2011-09-09 21:02 . 2011-10-01 05:15 -------- d-----w- c:\users\Jamez
    2011-09-09 21:02 . 2011-09-09 21:02 -------- d-----w- C:\Recovery
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-03 11:50 . 2011-09-02 20:41 980072 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-08-03 11:50 . 2011-09-02 20:41 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 61544 ----a-w- c:\windows\system32\nvshext.dll
    2011-08-03 11:50 . 2011-09-02 20:41 6136936 ----a-w- c:\windows\system32\nvcpl.dll
    2011-08-03 11:50 . 2011-09-02 20:41 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-08-03 11:50 . 2011-09-02 20:41 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-08-03 11:50 . 2011-09-02 20:41 7254632 ----a-w- c:\windows\system32\nvcuda.dll
    2011-08-03 11:50 . 2011-09-02 20:41 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-08-03 11:50 . 2011-09-02 20:41 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-08-03 11:50 . 2011-09-02 20:41 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-08-03 11:50 . 2011-09-02 20:41 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2758760 ----a-w- c:\windows\system32\nvapi64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-08-03 11:50 . 2011-09-02 20:41 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-08-03 11:50 . 2011-09-02 20:41 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-08-03 11:50 . 2011-09-02 20:41 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-08-03 11:50 . 2011-09-02 20:41 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-08-03 11:50 . 2011-09-02 20:41 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-08-03 11:50 . 2011-09-02 20:41 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-08-03 11:50 . 2011-09-02 20:41 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-08-03 10:31 . 2011-08-03 10:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2011-07-16 04:26 . 2011-09-12 00:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerBlock"="f:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "SpybotSD TeaTimer"="f:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "avast"="f:\program files\Avast\avastUI.exe" [2011-09-06 3722416]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-09-15 273528]
    "RemoteControl11"="f:\program files (x86)\PowerDVD11\PowerDVD11\PDVD11Serv.exe" [2011-08-24 230696]
    "PowerPanel Personal Edition User Interaction"="f:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-08-03 349632]
    "WinampAgent"="f:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
    "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-02-16 112608]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - f:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R1 SASDIFSV;SASDIFSV;c:\users\Jamez\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
    R1 SASKUTIL;SASKUTIL;c:\users\Jamez\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    R3 DMDefragService;Performance Toolkit Disk Defrag Service;f:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-02-16 1050592]
    R3 DMRepairService;Performance Toolkit Disk Repair Service;f:\program files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-02-16 1034208]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
    R3 pbfilter;pbfilter;f:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
    R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-02-05 162328]
    R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\Drivers\NEOFLTR_650_14951.SYS [x]
    S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/19 13:13];f:\program files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl [2011-08-26 17:53 148976]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;f:\program files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
    S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;f:\program files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-08-26 75048]
    S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;f:\program files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-08-26 292136]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
    S2 ntk_PowerDVD;ntk_PowerDVD;f:\program files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-16 632800]
    S2 SBSDWSCService;SBSD Security Center Service;f:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
    S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
    S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1062377385-2925155813-24115089-1001Core.job
    - c:\users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 21:10]
    .
    2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1062377385-2925155813-24115089-1001UA.job
    - c:\users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 21:10]
    .
    2011-10-03 c:\windows\Tasks\PTSchedule.job
    - f:\program files (x86)\PC Tools Utilities\pt.exe [2011-10-01 15:02]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 134384 ----a-w- f:\program files\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: huntingtonhospital.com\connect
    TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
    DPF: {8D84D58D-8557-4CAB-8E6F-556339F5D9CE} - hxxp://10.217.1.31/hrs/download/Setup.cab
    FF - ProfilePath - c:\users\Jamez\AppData\Roaming\Mozilla\Firefox\Profiles\wy36biyv.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20110924&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
    "ImagePath"="\??\f:\program files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1062377385-2925155813-24115089-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:64,23,39,7f,ab,f0,79,0e,0b,00,c0,7a,f5,9f,c7,9f,1e,b6,73,93,b0,72,da,
    44,28,fa,86,59,08,dd,31,e1,20,98,07,27,7a,a2,77,8c,89,36,27,f9,da,b1,94,26,\
    "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    f:\program files\Avast\AvastSvc.exe
    c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    c:\windows\SysWOW64\PnkBstrA.exe
    f:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-02 20:17:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-03 03:17
    .
    Pre-Run: 37,743,972,352 bytes free
    Post-Run: 37,838,360,576 bytes free
    .
    - - End Of File - - 52C52D19B9358EA7D9ED1CFEED1BD8E5

    ==============================================================
    ESETScan log


    F:\Firefox Temp\cnet_cpu-z_1_58-setup-en_exe.exe a variant of Win32/InstallCore.C application
    F:\Firefox Temp\cnet_FLVPlayerSetup_exe.exe a variant of Win32/InstallCore.C application
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Well, we have a problem: Combofix had deleted a file on each of the drives:
    Regarding your description here:


    You had an infected bookmark that was on one of your external drives. You imported the bookmark to the F Drive, your 'main internal drive.' Drive K and Drive M are infected. Look like Drive K is a movable drive, maybe Drive M is a partition? I'm not sure if you actually infected each drive with the same malware.

    Mbam quarantined the malware on Drive F.

    The autorun.inf indicates an infected movable drive- usually it's a flash drive, but in your case, you're going to have to tell me more speifically wht they are:
  6. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    Yes, F:\ is my conventional internal HD (not my boot drive; my boot drive is C:\ which is a solid state drive although both C:\ and F:\ have Windows 7 installed)
    I:\ is one of my external HDs with J:\ being another partition of that drive
    K:\ is my other external HDs with L:\ and M:\ being partitions of that drive

    Thanks for helping me out
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You will be disinfect all of the movable drives:
    • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
    • Install and run it.
    • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
    ===========================================
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :
      :Files  
      F:\Firefox Temp\cnet_cpu-z_1_58-setup-en_exe.exe 
      F:\Firefox Temp\cnet_FLVPlayerSetup_exe.exe a 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ============================================
    ]b]Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.[/b]
    Code:
    File::
    Folder::
    c:\users\Default\AppData\Local\temp
    c:\program files (x86)\Common Files\xing shared
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Logs in next reply please.
  8. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    Running into a problem with the first step with Panda.
    It will let me vaccinate K:\ and M:\ and my computer however it won't let me vaccinate J:\ and L:\ as they are not supported drive structures (these are partitions I use for homebrew on my nintendo wii) and it won't let me vaccinate I:\ which is a NTFS format and one of my external HDs (yet K:\ is also NTFS but my other external HD).

    I get an error message saying it's unable to vaccinate and telling me to run chkdsk /f but when I try to use that in command prompt, it tells me I basically don't have the proper privileges to run it (I'm guessing "administrator" even though I am the administrator and I only have one user account in Win 7)
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please go to Panda Support for help with this problem.
  10. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    Asked in the forums and emailed Panda's tech support but didn't get much help there since they don't really support free products. Anyway, I'm currently running a chkdsk on I:\ (found away around the access issue I mentioned earlier) so I'm waiting for that to finish and will see if I can vaccinate it then. Otherwise, I just may format the drive completely or not use the drive with this computer.
  11. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    Finally was able to vaccinate I:\ so now both of my two external HDs are vaccinated.

    Also, btw I purchased Kaspersky Internet Security 2012 in case you want me to install and run that at some point.

    =====================================
    OTMove log:

    All processes killed
    Error: Unable to interpret <:> in the current context!
    ========== FILES ==========
    F:\Firefox Temp\cnet_cpu-z_1_58-setup-en_exe.exe moved successfully.
    File/Folder F:\Firefox Temp\cnet_FLVPlayerSetup_exe.exe a not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default

    User: Default User

    User: Jamez
    ->Flash cache emptied: 10634 bytes

    User: Public

    User: UpdatusUser

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 14982496 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes
    RecycleBin emptied: 55982764 bytes

    Total Files Cleaned = 68.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 10192011_003854

    Files moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  12. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    ComboFix 11-10-19.01 - Jamez 10/19/2011 0:47.3.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8168.6576 [GMT -7:00]
    Running from: f:\users\Jamez\Desktop\ComboFix.exe
    Command switches used :: f:\users\Jamez\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Common Files\xing shared
    c:\program files (x86)\Common Files\xing shared\mpeg encode\xmencmp3.dll
    c:\users\Default\AppData\Local\temp
    M:\AUTORUN.INF . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-19 07:50 . 2011-10-19 07:50 -------- d-----w- f:\users\Jamez\AppData\Local\temp
    2011-10-19 07:50 . 2011-10-19 07:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-10-18 17:27 . 2011-09-21 16:00 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC6FCF5B-8FA1-4266-89B7-17486273BAD3}\mpengine.dll
    2011-10-14 03:23 . 2011-10-14 03:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2011-10-13 02:49 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
    2011-10-13 02:49 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-13 02:49 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-13 02:49 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2011-10-13 02:49 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2011-10-13 02:49 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-13 02:49 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-13 02:49 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-10-13 02:49 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2011-10-10 04:11 . 2011-10-10 04:11 -------- d-----w- c:\programdata\Panda Security
    2011-10-07 00:06 . 2011-10-07 00:06 -------- d-----w- c:\windows\SysWow64\xlive
    2011-10-07 00:06 . 2011-10-07 00:06 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
    2011-10-03 03:36 . 2011-10-03 03:36 -------- d-----w- c:\program files (x86)\ESET
    2011-10-02 03:54 . 2011-10-02 03:54 -------- d-----w- c:\users\Jamez\AppData\Roaming\SUPERAntiSpyware.com
    2011-10-02 03:54 . 2011-10-02 03:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-10-01 06:59 . 2011-10-01 06:59 -------- d-----w- c:\users\Jamez\AppData\Roaming\Malwarebytes
    2011-10-01 06:59 . 2011-10-01 06:59 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-01 06:59 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-01 06:11 . 2011-10-01 06:11 -------- d-----w- c:\users\Jamez\AppData\Roaming\Registry Mechanic
    2011-10-01 06:08 . 2011-10-01 06:08 -------- d-----w- c:\program files\CCleaner
    2011-10-01 06:06 . 2011-10-01 06:06 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2011-10-01 06:03 . 2011-10-01 06:03 -------- d-----w- f:\users\Jamez\AppData\Local\PackageAware
    2011-10-01 05:58 . 2011-03-15 17:10 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
    2011-10-01 05:58 . 2011-02-05 02:32 108056 ----a-w- c:\windows\SysWow64\drivers\PCTDMDefrag.sys
    2011-10-01 05:43 . 2011-10-07 06:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-10-01 04:48 . 2011-10-11 05:43 -------- d-----w- c:\programdata\Citrix
    2011-10-01 04:48 . 2011-10-01 04:48 -------- d-----w- c:\users\Jamez\AppData\Roaming\Download Manager
    2011-09-24 06:52 . 2011-09-24 06:52 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
    2011-09-24 06:52 . 2011-10-03 14:56 -------- d-----w- c:\users\Jamez\AppData\Roaming\Winamp
    2011-09-23 20:29 . 2011-09-23 20:36 -------- d-----w- c:\programdata\Soulseek
    2011-09-23 17:40 . 2011-10-01 06:10 -------- d-----w- c:\users\Jamez\AppData\Roaming\Azureus
    2011-09-22 02:46 . 2011-09-22 02:46 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2011-09-22 02:42 . 2011-09-22 02:42 -------- d-----w- c:\programdata\boost_interprocess
    2011-09-22 00:45 . 2011-09-22 00:45 -------- d-----w- c:\programdata\CanonIJ
    2011-09-22 00:41 . 2011-09-22 00:41 -------- d-----w- c:\users\Jamez\AppData\Roaming\Canon
    2011-09-22 00:37 . 2011-09-22 00:37 -------- d-----w- c:\program files\Common Files\CANON
    2011-09-22 00:36 . 2011-09-22 00:36 -------- d-----w- c:\program files\Canon
    2011-09-22 00:35 . 2007-05-14 15:50 151040 ----a-w- c:\windows\system32\CNMN6UI.DLL
    2011-09-22 00:35 . 2007-05-14 15:50 251392 ----a-w- c:\windows\system32\CNMN6PPM.DLL
    2011-09-22 00:34 . 2011-09-22 00:41 -------- d-----w- c:\program files (x86)\Canon
    2011-09-22 00:29 . 2011-09-22 00:29 -------- d-----w- c:\users\Jamez\AppData\Local\CyberLink
    2011-09-21 23:56 . 2011-09-21 23:56 -------- d-----w- c:\users\Jamez\AppData\Local\IsolatedStorage
    2011-09-21 23:56 . 2011-09-21 23:56 -------- d-----w- c:\users\Jamez\AppData\Local\Futuremark_Corporation
    2011-09-20 20:34 . 2011-09-23 05:39 -------- d-----w- c:\users\Jamez\AppData\Local\dxhr
    2011-09-20 20:14 . 2010-02-04 17:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2011-09-20 20:14 . 2010-02-04 17:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
    2011-09-20 20:14 . 2010-02-04 17:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
    2011-09-20 20:14 . 2010-02-04 17:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
    2011-09-20 20:14 . 2010-02-04 17:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2011-09-20 20:14 . 2010-02-04 17:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
    2011-09-20 20:14 . 2010-02-04 17:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
    2011-09-20 20:14 . 2010-02-04 17:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
    2011-09-20 20:14 . 2011-09-20 20:14 -------- d-----w- c:\users\Jamez\AppData\Local\28050
    2011-09-20 17:22 . 2011-10-01 05:15 -------- d-----w- c:\users\Jamez\AppData\Roaming\XnView
    2011-09-20 15:33 . 2011-09-20 15:33 -------- d-----w- c:\users\Jamez\AppData\Local\PowerPanel Personal Edition
    2011-09-19 20:14 . 2011-09-19 20:14 -------- d-----w- c:\users\Public\CyberLink
    2011-09-19 20:14 . 2011-09-19 20:14 -------- d-----w- c:\users\Jamez\AppData\Roaming\CyberLink
    2011-09-19 20:13 . 2011-09-19 20:15 -------- d-----w- c:\programdata\PDVD
    2011-09-19 20:13 . 2011-09-19 20:13 -------- d-----w- c:\users\Jamez\AppData\Local\MediaServer
    2011-09-19 20:12 . 2011-09-19 20:13 -------- d-----w- c:\programdata\install_clap
    2011-09-19 20:10 . 2011-09-22 00:29 -------- d-----w- c:\programdata\CyberLink
    2011-09-19 20:04 . 2011-09-23 18:16 -------- d-----w- c:\users\Jamez\AppData\Roaming\vlc
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-01 05:31 . 2011-09-09 21:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-17 01:55 . 2011-09-17 01:55 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2011-09-15 02:30 . 2011-09-15 02:30 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2011-09-15 02:30 . 2011-09-15 02:30 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-09-12 04:06 . 2011-09-12 04:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-09-12 04:06 . 2011-09-12 04:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-09-12 04:06 . 2011-09-12 04:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-09-12 04:06 . 2011-09-12 04:06 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-09-12 04:06 . 2011-09-12 04:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-09-12 04:06 . 2011-09-12 04:06 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-09-12 04:06 . 2011-09-12 04:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-09-12 04:06 . 2011-09-12 04:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-09-12 04:06 . 2011-09-12 04:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-09-12 04:06 . 2011-09-12 04:06 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-09-12 04:06 . 2011-09-12 04:06 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-09-12 04:06 . 2011-09-12 04:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-09-12 04:06 . 2011-09-12 04:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-09-12 04:06 . 2011-09-12 04:06 448512 ----a-w- c:\windows\system32\html.iec
    2011-09-12 04:06 . 2011-09-12 04:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-09-12 04:06 . 2011-09-12 04:06 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-09-12 04:06 . 2011-09-12 04:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-09-12 04:06 . 2011-09-12 04:06 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-09-12 04:06 . 2011-09-12 04:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-09-12 04:06 . 2011-09-12 04:06 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-09-12 04:06 . 2011-09-12 04:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-09-12 04:06 . 2011-09-12 04:06 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-09-12 04:06 . 2011-09-12 04:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-09-12 04:06 . 2011-09-12 04:06 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-09-12 04:06 . 2011-09-12 04:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-09-12 04:06 . 2011-09-12 04:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-09-12 04:06 . 2011-09-12 04:06 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-09-12 04:06 . 2011-09-12 04:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-09-12 04:06 . 2011-09-12 04:06 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-09-12 04:06 . 2011-09-12 04:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-09-12 04:06 . 2011-09-12 04:06 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-09-12 04:06 . 2011-09-12 04:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-09-12 04:06 . 2011-09-12 04:06 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-09-12 04:06 . 2011-09-12 04:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-09-12 04:06 . 2011-09-12 04:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-09-12 04:06 . 2011-09-12 04:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-09-12 00:44 . 2011-09-12 00:44 73728 ----a-r- c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
    2011-09-12 00:44 . 2011-09-12 00:44 73728 ----a-r- c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
    2011-09-10 05:28 . 2011-09-09 23:24 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2011-09-10 05:27 . 2011-09-10 05:17 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-09-10 05:27 . 2011-09-09 23:24 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-09-10 05:17 . 2011-09-10 05:17 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
    2011-09-10 02:30 . 2011-09-10 02:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-09-09 23:24 . 2011-09-09 23:24 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
    2011-09-06 20:45 . 2011-09-10 01:13 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 20:45 . 2011-09-10 01:13 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-09-06 20:45 . 2011-09-10 01:13 254400 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 20:38 . 2011-09-10 01:13 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 20:38 . 2011-09-10 01:13 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 20:36 . 2011-09-10 01:13 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 20:36 . 2011-09-10 01:13 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 20:36 . 2011-09-10 01:13 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-06 20:36 . 2011-09-10 01:13 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-08-03 11:50 . 2011-09-02 20:41 980072 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-08-03 11:50 . 2011-09-02 20:41 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 61544 ----a-w- c:\windows\system32\nvshext.dll
    2011-08-03 11:50 . 2011-09-02 20:41 6136936 ----a-w- c:\windows\system32\nvcpl.dll
    2011-08-03 11:50 . 2011-09-02 20:41 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-08-03 11:50 . 2011-09-02 20:41 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-08-03 11:50 . 2011-09-02 20:41 7254632 ----a-w- c:\windows\system32\nvcuda.dll
    2011-08-03 11:50 . 2011-09-02 20:41 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-08-03 11:50 . 2011-09-02 20:41 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-08-03 11:50 . 2011-09-02 20:41 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-08-03 11:50 . 2011-09-02 20:41 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2758760 ----a-w- c:\windows\system32\nvapi64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-08-03 11:50 . 2011-09-02 20:41 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-08-03 11:50 . 2011-09-02 20:41 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-08-03 11:50 . 2011-09-02 20:41 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-08-03 11:50 . 2011-09-02 20:41 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-08-03 11:50 . 2011-09-02 20:41 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-08-03 11:50 . 2011-09-02 20:41 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-08-03 11:50 . 2011-09-02 20:41 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-08-03 10:31 . 2011-08-03 10:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-10-03_03.16.32 )))))))))))))))))))))))))))))))))))))))))

    Edit: Lengthy SnapShot entries deleted by Bobbye
    .
  13. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    Combofix log continued:

    Edit: Lengthy SnapShot entries deleted be Bobbye
  14. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    Combofix log continued:

    Edit Lengthy SnapShot entries deleted by Bobbye
  15. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    Combofix log continued:

    Edit: Lengthy SnapShot entries deleted by Bobbye
  16. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    Combofix log continued:

    Edit: Lengthy SnapShot entries deleted by Bobbye

    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerBlock"="f:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "SpybotSD TeaTimer"="f:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "avast"="f:\program files\Avast\avastUI.exe" [2011-09-06 3722416]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-09-15 273528]
    "RemoteControl11"="f:\program files (x86)\PowerDVD11\PowerDVD11\PDVD11Serv.exe" [2011-08-24 230696]
    "PowerPanel Personal Edition User Interaction"="f:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-08-03 349632]
    "WinampAgent"="f:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - f:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R1 SASDIFSV;SASDIFSV;c:\users\Jamez\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
    R1 SASKUTIL;SASKUTIL;c:\users\Jamez\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
    R3 pbfilter;pbfilter;f:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\Drivers\NEOFLTR_650_14951.SYS [x]
    S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/19 13:13];f:\program files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl [2011-08-26 17:53 148976]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;f:\program files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
    S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;f:\program files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-08-26 75048]
    S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;f:\program files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-08-26 292136]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
    S2 ntk_PowerDVD;ntk_PowerDVD;f:\program files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
    S2 SBSDWSCService;SBSD Security Center Service;f:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
    S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
    S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1062377385-2925155813-24115089-1001Core.job
    - c:\users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 21:10]
    .
    2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1062377385-2925155813-24115089-1001UA.job
    - c:\users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 21:10]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 134384 ----a-w- f:\program files\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: huntingtonhospita.com\my
    Trusted Zone: huntingtonhospital.com\connect
    TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
    DPF: {8D84D58D-8557-4CAB-8E6F-556339F5D9CE} - hxxp://10.217.1.31/hrs/download/Setup.cab
    FF - ProfilePath - c:\users\Jamez\AppData\Roaming\Mozilla\Firefox\Profiles\wy36biyv.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20110924&q=
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
    "ImagePath"="\??\f:\program files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1062377385-2925155813-24115089-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:64,23,39,7f,ab,f0,79,0e,0b,00,c0,7a,f5,9f,c7,9f,1e,b6,73,93,b0,72,da,
    44,28,fa,86,59,08,dd,31,e1,20,98,07,27,7a,a2,77,8c,89,36,27,f9,da,b1,94,26,\
    "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    f:\program files\Avast\AvastSvc.exe
    c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    c:\windows\SysWOW64\PnkBstrA.exe
    f:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-19 00:52:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-19 07:52
    ComboFix2.txt 2011-10-03 03:31
    ComboFix3.txt 2011-10-03 03:17
    .
    Pre-Run: 38,120,296,448 bytes free
    Post-Run: 37,756,985,344 bytes free
    .
    - - End Of File - - 6D33289AF01066B1A513E807A984B61C
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
    c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
    Folder::
    f:\users\Jamez\AppData\Local\temp
    c:\users\UpdatusUser\AppData\Local\temp
    c:\windows\SysWow64\%APPDATA%
    c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    c:\users\Jamez\AppData\Roaming\Azureus
    c:\programdata\boost_interprocess   
    c:\users\Jamez\AppData\Local\28050
    DDS::
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8D84D58D-8557-4CAB-8E6F-556339F5D9CE} - hxxp://10.217.1.31/hrs/download/Setup.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    
    Extra::
    File::
    Firefox::
    Firefox-: - Profile - c:\users\Jamez\AppData\Roaming\Mozilla\Firefox\Profiles\wy36biyv.default\
    Firefox-: prefs.js - Startup.HomepageURL
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    ==================================
    Recommend uninstall Registry Mechanic. We don't recommend that anyone use a registry cleaner.

    Canon ,Cyberlink, PowerDVD entries don't need to start on boot. Virtually every program downloaded on a new computer will be put on the Startup Menu, when in fact, most don't need to start on boot, then run in the background.

    Computer manufacturers pre-load a lot of processes also. At some point, you should take some time to see what's running on the system.
  18. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    ComboFix 11-10-23.02 - Jamez 10/23/2011 14:06:34.4.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8168.6436 [GMT -7:00]
    Running from: f:\users\Jamez\Desktop\ComboFix.exe
    Command switches used :: f:\users\Jamez\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe"
    "c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.bitness.log
    c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.data.log
    c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.elements.log
    c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.weight.log
    c:\programdata\boost_interprocess
    c:\users\Jamez\AppData\Local\28050
    c:\users\Jamez\AppData\Local\28050\eidos\1c8a40b\cache\persistent\BA8C6DA4D591E3B712775DC910D39928FFAFE49D
    c:\users\Jamez\AppData\Roaming\Azureus
    c:\users\Jamez\AppData\Roaming\Azureus\.certs
    c:\users\Jamez\AppData\Roaming\Azureus\.keystore
    c:\users\Jamez\AppData\Roaming\Azureus\.lock
    c:\users\Jamez\AppData\Roaming\Azureus\active\13F554564B4BBDDE70C11E2E87B803ECB3EB0858.dat
    c:\users\Jamez\AppData\Roaming\Azureus\active\5A514766FD9595BBBB4E1E13B1C22880701285CC.dat
    c:\users\Jamez\AppData\Roaming\Azureus\active\8F8D94E8128007364C19D826671E348BC2215FFF.dat
    c:\users\Jamez\AppData\Roaming\Azureus\active\954165A92670B811A91FFA559E2FCF37492D0B83.dat
    c:\users\Jamez\AppData\Roaming\Azureus\active\AD6D746CA63CA86457C8233CB5BB5F117522BB3B.dat
    c:\users\Jamez\AppData\Roaming\Azureus\active\cache.dat
    c:\users\Jamez\AppData\Roaming\Azureus\azureus.config
    c:\users\Jamez\AppData\Roaming\Azureus\azureus.statistics
    c:\users\Jamez\AppData\Roaming\Azureus\banips.config
    c:\users\Jamez\AppData\Roaming\Azureus\devices.config
    c:\users\Jamez\AppData\Roaming\Azureus\dht\addresses.dat
    c:\users\Jamez\AppData\Roaming\Azureus\dht\contacts.dat
    c:\users\Jamez\AppData\Roaming\Azureus\dht\diverse.dat
    c:\users\Jamez\AppData\Roaming\Azureus\dht\general.dat
    c:\users\Jamez\AppData\Roaming\Azureus\dht\version.dat
    c:\users\Jamez\AppData\Roaming\Azureus\downloads.config
    c:\users\Jamez\AppData\Roaming\Azureus\filters.config
    c:\users\Jamez\AppData\Roaming\Azureus\ipfilter.cache
    c:\users\Jamez\AppData\Roaming\Azureus\java.vmoptions
    c:\users\Jamez\AppData\Roaming\Azureus\java.vmoptions.lastgood
    c:\users\Jamez\AppData\Roaming\Azureus\metasearch.config
    c:\users\Jamez\AppData\Roaming\Azureus\net\pm_20115.dat
    c:\users\Jamez\AppData\Roaming\Azureus\net\pm_default.dat
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.jar
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.zip
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.2
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\azutp_0.2.8.jar
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\azutp_0.2.8.zip
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\plugin.properties
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\plugin_install.properties
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\win32\LICENSE
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\win32\msvcr100.dll
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\x64\LICENSE
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\x64\msvcr100.dll
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\x64\utp.dll
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\mlab\mlab_0.1.9.jar
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\mlab\mlab_0.1.9.zip
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\mlab\plugin.properties
    c:\users\Jamez\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
    c:\users\Jamez\AppData\Roaming\Azureus\sidebarauto.config
    c:\users\Jamez\AppData\Roaming\Azureus\subs\1192D5E76B567EEFE446.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subs\242EBEAF73FE475210A1.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subs\277ACC855F44411975B6.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subs\38B243FB0DC547409457.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subs\4E9EEF508CE39C1B9934.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subs\A26B3D8950040D948426.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subs\A29987CF9CA4C6EAEA4D.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subs\A2D5820A1D7E63FCD884.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subs\A807F0B3DD867437152D.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subs\B4440B692D8213F269FD.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subs\EF0D07F8DD38E8F626A2.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subs\EF82A8EFB1D60FB4232E.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subs\F83343E42DB8A2CBDCA0.vuze
    c:\users\Jamez\AppData\Roaming\Azureus\subscriptions.config
    c:\users\Jamez\AppData\Roaming\Azureus\tables.config
    c:\users\Jamez\AppData\Roaming\Azureus\torrents\AZU3155048748588787643.tmp
    c:\users\Jamez\AppData\Roaming\Azureus\torrents\AZU6149147785032475773.tmp
    c:\users\Jamez\AppData\Roaming\Azureus\torrents\AZU8296024192648844091.tmp
    c:\users\Jamez\AppData\Roaming\Azureus\torrents\Vanessa_Carlton-_Rabbits_On_The_Run-_[2011]-_Mp3ViLLe.torrent
    c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
    c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
    c:\users\UpdatusUser\AppData\Local\temp
    c:\windows\SysWow64\%APPDATA%
    c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
    f:\users\Jamez\AppData\Local\temp
    M:\AUTORUN.INF . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-23 21:08 . 2011-10-23 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-22 18:34 . 2011-10-22 18:34 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
    2011-10-21 18:16 . 2011-10-21 18:16 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-10-21 18:16 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{004CC92A-C05A-4D5E-8E7C-950A649A0D49}\mpengine.dll
    2011-10-13 02:49 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
    2011-10-13 02:49 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-13 02:49 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-13 02:49 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2011-10-13 02:49 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2011-10-13 02:49 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-13 02:49 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-13 02:49 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-10-13 02:49 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2011-10-10 04:11 . 2011-10-10 04:11 -------- d-----w- c:\programdata\Panda Security
    2011-10-07 00:06 . 2011-10-07 00:06 -------- d-----w- c:\windows\SysWow64\xlive
    2011-10-07 00:06 . 2011-10-07 00:06 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
    2011-10-03 03:36 . 2011-10-03 03:36 -------- d-----w- c:\program files (x86)\ESET
    2011-10-02 03:54 . 2011-10-02 03:54 -------- d-----w- c:\users\Jamez\AppData\Roaming\SUPERAntiSpyware.com
    2011-10-02 03:54 . 2011-10-02 03:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-10-01 06:59 . 2011-10-01 06:59 -------- d-----w- c:\users\Jamez\AppData\Roaming\Malwarebytes
    2011-10-01 06:59 . 2011-10-01 06:59 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-01 06:59 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-01 06:11 . 2011-10-01 06:11 -------- d-----w- c:\users\Jamez\AppData\Roaming\Registry Mechanic
    2011-10-01 06:08 . 2011-10-01 06:08 -------- d-----w- c:\program files\CCleaner
    2011-10-01 06:03 . 2011-10-01 06:03 -------- d-----w- f:\users\Jamez\AppData\Local\PackageAware
    2011-10-01 05:58 . 2011-03-15 17:10 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
    2011-10-01 05:58 . 2011-02-05 02:32 108056 ----a-w- c:\windows\SysWow64\drivers\PCTDMDefrag.sys
    2011-10-01 05:43 . 2011-10-07 06:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-10-01 04:48 . 2011-10-11 05:43 -------- d-----w- c:\programdata\Citrix
    2011-10-01 04:48 . 2011-10-01 04:48 -------- d-----w- c:\users\Jamez\AppData\Roaming\Download Manager
    2011-09-24 06:52 . 2011-09-24 06:52 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
    2011-09-24 06:52 . 2011-10-03 14:56 -------- d-----w- c:\users\Jamez\AppData\Roaming\Winamp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-22 18:34 . 2011-09-09 23:24 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-10-22 18:34 . 2011-09-09 23:24 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-10-22 18:34 . 2011-09-09 23:24 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2011-10-03 12:06 . 2011-09-10 02:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-10-01 05:31 . 2011-09-09 21:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-17 01:55 . 2011-09-17 01:55 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2011-09-15 02:30 . 2011-09-15 02:30 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2011-09-15 02:30 . 2011-09-15 02:30 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-09-12 04:06 . 2011-09-12 04:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-09-12 04:06 . 2011-09-12 04:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-09-12 04:06 . 2011-09-12 04:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-09-12 04:06 . 2011-09-12 04:06 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-09-12 04:06 . 2011-09-12 04:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-09-12 04:06 . 2011-09-12 04:06 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-09-12 04:06 . 2011-09-12 04:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-09-12 04:06 . 2011-09-12 04:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-09-12 04:06 . 2011-09-12 04:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-09-12 04:06 . 2011-09-12 04:06 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-09-12 04:06 . 2011-09-12 04:06 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-09-12 04:06 . 2011-09-12 04:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-09-12 04:06 . 2011-09-12 04:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-09-12 04:06 . 2011-09-12 04:06 448512 ----a-w- c:\windows\system32\html.iec
    2011-09-12 04:06 . 2011-09-12 04:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-09-12 04:06 . 2011-09-12 04:06 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-09-12 04:06 . 2011-09-12 04:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-09-12 04:06 . 2011-09-12 04:06 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-09-12 04:06 . 2011-09-12 04:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-09-12 04:06 . 2011-09-12 04:06 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-09-12 04:06 . 2011-09-12 04:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-09-12 04:06 . 2011-09-12 04:06 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-09-12 04:06 . 2011-09-12 04:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-09-12 04:06 . 2011-09-12 04:06 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-09-12 04:06 . 2011-09-12 04:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-09-12 04:06 . 2011-09-12 04:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-09-12 04:06 . 2011-09-12 04:06 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-09-12 04:06 . 2011-09-12 04:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-09-12 04:06 . 2011-09-12 04:06 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-09-12 04:06 . 2011-09-12 04:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-09-12 04:06 . 2011-09-12 04:06 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-09-12 04:06 . 2011-09-12 04:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-09-12 04:06 . 2011-09-12 04:06 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-09-12 04:06 . 2011-09-12 04:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-09-12 04:06 . 2011-09-12 04:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-09-12 04:06 . 2011-09-12 04:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-09-10 05:27 . 2011-09-10 05:17 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-09-10 05:17 . 2011-09-10 05:17 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
    2011-09-09 23:24 . 2011-09-09 23:24 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
    2011-09-06 20:45 . 2011-09-10 01:13 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 20:45 . 2011-09-10 01:13 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-09-06 20:45 . 2011-09-10 01:13 254400 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 20:38 . 2011-09-10 01:13 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 20:38 . 2011-09-10 01:13 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 20:36 . 2011-09-10 01:13 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 20:36 . 2011-09-10 01:13 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 20:36 . 2011-09-10 01:13 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-06 20:36 . 2011-09-10 01:13 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-08-03 11:50 . 2011-09-02 20:41 980072 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-08-03 11:50 . 2011-09-02 20:41 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 61544 ----a-w- c:\windows\system32\nvshext.dll
    2011-08-03 11:50 . 2011-09-02 20:41 6136936 ----a-w- c:\windows\system32\nvcpl.dll
    2011-08-03 11:50 . 2011-09-02 20:41 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-08-03 11:50 . 2011-09-02 20:41 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-08-03 11:50 . 2011-09-02 20:41 7254632 ----a-w- c:\windows\system32\nvcuda.dll
    2011-08-03 11:50 . 2011-09-02 20:41 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-08-03 11:50 . 2011-09-02 20:41 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-08-03 11:50 . 2011-09-02 20:41 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-08-03 11:50 . 2011-09-02 20:41 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2758760 ----a-w- c:\windows\system32\nvapi64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-08-03 11:50 . 2011-09-02 20:41 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-08-03 11:50 . 2011-09-02 20:41 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-08-03 11:50 . 2011-09-02 20:41 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-08-03 11:50 . 2011-09-02 20:41 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-08-03 11:50 . 2011-09-02 20:41 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-08-03 11:50 . 2011-09-02 20:41 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-08-03 11:50 . 2011-09-02 20:41 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
    2011-08-03 11:50 . 2011-09-02 20:41 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-08-03 11:50 . 2011-09-02 20:41 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-08-03 10:31 . 2011-08-03 10:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-10-19_07.51.26 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-10-01 06:00 . 2011-10-19 07:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2011-10-01 06:00 . 2011-10-21 18:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 04:54 . 2011-10-19 07:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-10-23 20:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-10-19 07:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-10-23 20:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-10-23 20:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-10-19 07:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-26 19:01 . 2011-10-19 07:56 33870 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-10-19 07:56 37306 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-10-22 18:33 . 2011-10-22 18:33 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2011-09-09 22:51 . 2011-10-19 07:56 4336 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062377385-2925155813-24115089-1001_UserData.bin
    - 2011-10-19 07:51 . 2011-10-19 07:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-10-23 21:09 . 2011-10-23 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-10-21 18:16 . 2011-10-03 12:06 157472 c:\windows\SysWOW64\javaws.exe
    - 2011-09-10 02:31 . 2011-09-10 02:30 157472 c:\windows\SysWOW64\javaws.exe
    + 2011-10-21 18:16 . 2011-10-03 12:06 145184 c:\windows\SysWOW64\javaw.exe
    - 2011-09-10 02:31 . 2011-09-10 02:30 145184 c:\windows\SysWOW64\javaw.exe
    + 2011-10-21 18:16 . 2011-10-03 12:06 145184 c:\windows\SysWOW64\java.exe
    - 2011-09-10 02:31 . 2011-09-10 02:30 145184 c:\windows\SysWOW64\java.exe
    + 2011-09-21 16:34 . 2011-10-23 16:56 277342 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2009-07-14 02:36 . 2011-10-19 07:46 632930 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-10-19 07:59 632930 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-10-19 07:46 110564 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2011-10-19 07:59 110564 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2011-10-19 07:50 247864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-10-23 21:09 247864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-10-21 18:16 . 2011-10-21 18:16 207360 c:\windows\Installer\c8644f2.msi
    - 2011-09-20 20:14 . 2011-09-20 20:14 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-10-22 18:33 . 2011-10-22 18:33 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2011-09-20 20:14 . 2011-09-20 20:14 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2011-09-09 21:57 . 2011-10-23 21:09 32722736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1062377385-2925155813-24115089-1001-8192.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerBlock"="f:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "SpybotSD TeaTimer"="f:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "avast"="f:\program files\Avast\avastUI.exe" [2011-09-06 3722416]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-09-15 273528]
    "RemoteControl11"="f:\program files (x86)\PowerDVD11\PowerDVD11\PDVD11Serv.exe" [2011-08-24 230696]
    "PowerPanel Personal Edition User Interaction"="f:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-08-03 349632]
    "WinampAgent"="f:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - f:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R1 SASDIFSV;SASDIFSV;c:\users\Jamez\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
    R1 SASKUTIL;SASKUTIL;c:\users\Jamez\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
    R3 pbfilter;pbfilter;f:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\Drivers\NEOFLTR_650_14951.SYS [x]
    S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/19 13:13];f:\program files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl [2011-08-26 17:53 148976]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;f:\program files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
    S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;f:\program files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-08-26 75048]
    S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;f:\program files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-08-26 292136]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
    S2 ntk_PowerDVD;ntk_PowerDVD;f:\program files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
    S2 SBSDWSCService;SBSD Security Center Service;f:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
    S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
    S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1062377385-2925155813-24115089-1001Core.job
    - f:\users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 21:10]
    .
    2011-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1062377385-2925155813-24115089-1001UA.job
    - f:\users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 21:10]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 134384 ----a-w- f:\program files\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: huntingtonhospita.com\my
    Trusted Zone: huntingtonhospital.com\connect
    TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
    FF - ProfilePath - c:\users\Jamez\AppData\Roaming\Mozilla\Firefox\Profiles\wy36biyv.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20110924&q=
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
    "ImagePath"="\??\f:\program files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1062377385-2925155813-24115089-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:64,23,39,7f,ab,f0,79,0e,0b,00,c0,7a,f5,9f,c7,9f,1e,b6,73,93,b0,72,da,
    44,28,fa,86,59,08,dd,31,e1,20,98,07,27,7a,a2,77,8c,89,36,27,f9,da,b1,94,26,\
    "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    f:\program files\Avast\AvastSvc.exe
    c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\SysWOW64\PnkBstrB.exe
    f:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-23 14:11:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-23 21:11
    ComboFix2.txt 2011-10-19 07:52
    ComboFix3.txt 2011-10-03 03:31
    ComboFix4.txt 2011-10-03 03:17
    .
    Pre-Run: 38,663,680,000 bytes free
    Post-Run: 38,681,960,448 bytes free
    .
    - - End Of File - - 41BBB5A7D6417A5D0B3C11480847CC81
     
  19. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    Combofix log is pasted above.

    I cannot access control panel (and thus add/remove programs under it) still so I don't know how I can uninstall the previous Java versions but I have the most up-to-date version installed.

    I uninstalled the registry mechanic

    I just deleted the powerdvd directory since I can't add/remove it yet. I tried to change the settings for Canon so it won't automatically run when windows starts.
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    This deletion in Combofix M:\AUTORUN.INF indicates possible flash drive infection. Be sure Drive M is connected.
    • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
    • Install and run it.
    • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.

    I'm going to shut down for the night. Will check Combofix and the other problems in the morning.
  21. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    Yes, I had actually vaccinated my computer, M:\, K:\, and I:\ based on a previous post of yours. I do think you're right though that I infected my computer due to one of my external harddrives.
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Let me clarify a couple of things:
    When you say "my directories" are you referring to the folders on the Local Drive> C?
    And does "explorer" refer to Internet Explorer or Windows Explorer?

    Using Windows Explorer (right click on Start> Explore)> Computer> OS(C)> should show the Directories.
    Using Windows Explorer> Computer> UAC> User accounts> although you are the Administrator, there may be another account. If you are using that (for UAC safety) you may not be logging in to the Administrator's account.

    Have a look at this information: http://www.tech-101.com/support/index.php/topic/47-security-101-2a-lua-vs-admin-accounts/
    =================================
  23. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    Yes, when I refer to "explorer" I'm talking about the folders for all my drives including C:\ via Windows Explorer. I can access Internet Explorer fine.

    When I try to open Windows Explorer or "Computer" in the Start menu or Control Panel or User Accounts, it'll give me the "Windows cannot access specified device, path, or file. You may not have appropriate permissions to access the item." The Windows Installer was also affected and I can no longer run that either. The only way I have been able to access any of my files/folders is to either run command prompt or to use the "browse" function under the "Run" program.

    I only have the one user account on this computer and it has administrator privileges (atleast it did in the past). I'm assuming whatever malware I have basically corrupted this account and locked me out of my administrator privileges.

    I've looked at the link you posted and will try to run my system without admin privileges from here on out once this current problem is resolved.
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Let's give this a try:

    Add "Take Ownership" to Explorer Right-Click Menu in Win 7 or Vista

    DownloadTakeOwnership.zip and save to your desktop.
    • Unzip (extract) the files contained in the zipfile.
    • Double-click the InstallTakeOwnership.reg file and click through the prompts. No reboot necessary.
    [​IMG]

    Here’s what the new right-click menu will look like after installing this registry hack.
    [​IMG]
    (Images courtesy howtogeek)

    This should allow you to do the right click on those parts of the system that are denying you permissions and 'take ownership.'

    Let me know
  25. jamezuva

    jamezuva Newcomer, in training Topic Starter Posts: 19

    Tried running it on all the important directories on C:\ including the Windows, Users, Program Files directories and don't notice any change in my ability to access the problem areas.

    Do you think the process described in this link might help?
    http://windows.microsoft.com/en-US/windows7/Fix-a-corrupted-user-profile

    Maybe it would be easier just to format C:\ and reinstall Windows? I have never formatted the my main drive and reinstalled an OS before though.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.