Solved Psvrr.exe removal help

[branson]

I have read someone elses thread before I came to this site . it seems very helpful and I plan on staying , i can learn a few things on here ... besides that , i recently have been having issues with popups out the wazoo , and came to find that the culprit (or so it seems) is psvrr.exe . after following many solutions i am still having trouble and am wondering whether or not it's completely removed or if its something else now . (i didnt notice the thread saying "not to follow other persons solutions" until i joined the site)

best regards,
brandon

 

[Bobbye]

Welcome to TechSpot, Brandon. I'll help find and hopefully remove the malware, but I need information to do that: You should not following directions or information given to someone else. Although we may use the same programs for some, both the results and what we do with them are different and based only on that system and it's problem.

By way of description, all you're telling me is that you're having popups. As far as psvrr.ex3 "being the culprit" of your problem, I don't know that. Much depends on where a file is located and not just the name alone.

Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
====================================================
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

 

[branson]

Thanks for the help , very appreciated . DDS did not work , maybe it didn't find anything . It scanned , but nothing happened afterwards . GMER also returned nothing after scanning , empty log . But here are the logs:

|=========================================|

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6613

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/20/2011 2:18:03 AM
mbam-log-2011-05-20 (02-18-03).txt

Scan type: Quick scan
Objects scanned: 164577
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

|=========================================|




Avira AntiVir Personal
Report file date: Friday, May 20, 2011 02:24

Scanning for 2749028 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : Brandon
Computer name : HOMECOMPUTER

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/1/2011 21:07:43
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2011 21:07:57
LUKE.DLL : 10.0.3.2 104296 Bytes 4/1/2011 21:07:53
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:15:47
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 20:15:47
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 06:07:19
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 06:07:19
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 06:07:19
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 06:07:19
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 06:07:20
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 06:07:20
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 06:07:20
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 06:07:20
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 06:07:20
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 06:07:20
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 06:07:22
VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 06:07:23
VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 06:07:23
VBASE016.VDF : 7.11.6.150 146944 Bytes 4/18/2011 06:07:24
VBASE017.VDF : 7.11.6.192 138240 Bytes 4/20/2011 06:07:25
VBASE018.VDF : 7.11.6.237 156160 Bytes 4/22/2011 06:07:27
VBASE019.VDF : 7.11.7.45 427520 Bytes 4/27/2011 06:07:30
VBASE020.VDF : 7.11.7.64 192000 Bytes 4/28/2011 06:07:33
VBASE021.VDF : 7.11.7.97 182272 Bytes 5/2/2011 06:07:35
VBASE022.VDF : 7.11.7.127 467968 Bytes 5/4/2011 06:07:43
VBASE023.VDF : 7.11.7.183 185856 Bytes 5/9/2011 06:07:46
VBASE024.VDF : 7.11.7.218 133120 Bytes 5/11/2011 06:07:47
VBASE025.VDF : 7.11.7.234 139776 Bytes 5/11/2011 06:07:48
VBASE026.VDF : 7.11.8.16 147456 Bytes 5/13/2011 06:07:49
VBASE027.VDF : 7.11.8.46 169472 Bytes 5/17/2011 06:07:51
VBASE028.VDF : 7.11.8.47 2048 Bytes 5/17/2011 06:07:51
VBASE029.VDF : 7.11.8.48 2048 Bytes 5/17/2011 06:07:52
VBASE030.VDF : 7.11.8.49 2048 Bytes 5/17/2011 06:07:52
VBASE031.VDF : 7.11.8.76 89600 Bytes 5/20/2011 06:07:53
Engineversion : 8.2.4.242
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/28/2011 20:15:27
AESCRIPT.DLL : 8.1.3.64 1606011 Bytes 5/20/2011 06:08:11
AESCN.DLL : 8.1.7.2 127349 Bytes 3/28/2011 20:15:27
AESBX.DLL : 8.1.3.2 254324 Bytes 3/28/2011 20:15:26
AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 16:21:38
AEPACK.DLL : 8.2.6.8 557430 Bytes 5/20/2011 06:08:08
AEOFFICE.DLL : 8.1.1.22 205178 Bytes 5/20/2011 06:08:06
AEHEUR.DLL : 8.1.2.119 3481976 Bytes 5/20/2011 06:08:06
AEHELP.DLL : 8.1.17.2 246135 Bytes 5/20/2011 06:07:57
AEGEN.DLL : 8.1.5.6 401780 Bytes 5/20/2011 06:07:57
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/28/2011 20:15:19
AECORE.DLL : 8.1.20.5 196983 Bytes 5/20/2011 06:07:55
AEBB.DLL : 8.1.1.0 53618 Bytes 3/28/2011 20:15:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/28/2011 20:15:31
AVPREF.DLL : 10.0.0.0 44904 Bytes 4/1/2011 21:07:42
AVREP.DLL : 10.0.0.10 174120 Bytes 5/20/2011 06:08:12
AVREG.DLL : 10.0.3.2 53096 Bytes 4/1/2011 21:07:42
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/1/2011 21:07:43
AVARKT.DLL : 10.0.22.6 231784 Bytes 4/1/2011 21:07:38
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 4/1/2011 21:07:41
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/28/2011 20:15:30
NETNT.DLL : 10.0.0.0 11624 Bytes 3/28/2011 20:15:39
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 4/1/2011 21:07:58
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/28/2011 20:15:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,

Start of the scan: Friday, May 20, 2011 02:24

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '73' Module(s) have been scanned
Scan process 'avcenter.exe' - '99' Module(s) have been scanned
Scan process 'plugin-container.exe' - '80' Module(s) have been scanned
Scan process 'firefox.exe' - '127' Module(s) have been scanned
Scan process 'avnotify.exe' - '90' Module(s) have been scanned
Scan process 'avgnt.exe' - '59' Module(s) have been scanned
Scan process 'sched.exe' - '55' Module(s) have been scanned
Scan process 'avgsrmax.exe' - '42' Module(s) have been scanned
Scan process 'jucheck.exe' - '64' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '54' Module(s) have been scanned
Scan process 'AVGIDSAgent.exe' - '66' Module(s) have been scanned
Scan process 'SeaPort.exe' - '75' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '33' Module(s) have been scanned
Scan process 'avgidsmonitor.exe' - '25' Module(s) have been scanned
Scan process 'FGuard.exe' - '37' Module(s) have been scanned
Scan process 'avgtray.exe' - '42' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '72' Module(s) have been scanned
Scan process 'jusched.exe' - '41' Module(s) have been scanned
Scan process 'BDTUpdateService.exe' - '61' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '50' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '55' Module(s) have been scanned
Scan process 'AsSysCtrlService.exe' - '26' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '50' Module(s) have been scanned
Scan process 'AODAssist.exe' - '53' Module(s) have been scanned
Scan process 'SZServer.exe' - '105' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '803' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\53f48ad8-5476d40f
[DETECTION] Contains recognition pattern of the JAVA/Stutter.K.1 Java virus
C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\68b74c9f-65d3628d
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Stutter.X Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Stutter.X Java virus
C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4e5c2020-3a45e706
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AI Java virus
--> bpac/purok.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AI Java virus
C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\47f8b769-44238bb4
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Dldr.OpenS.NBG Java virus
--> glass/boing.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.OpenS.NBG Java virus
C:\Users\Brandon\Desktop\My Stuff\Gaming Folder\GHostOne\WardenBNLS\WardenUpdater.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!

Beginning disinfection:
C:\Users\Brandon\Desktop\My Stuff\Gaming Folder\GHostOne\WardenBNLS\WardenUpdater.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4844b1df.qua'.
C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\47f8b769-44238bb4
[DETECTION] Contains recognition pattern of the JAVA/Dldr.OpenS.NBG Java virus
[NOTE] The file was moved to the quarantine directory under the name '50a79e56.qua'.
C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4e5c2020-3a45e706
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AI Java virus
[NOTE] The file was moved to the quarantine directory under the name '02cfc46c.qua'.
C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\68b74c9f-65d3628d
[DETECTION] Contains recognition pattern of the JAVA/Stutter.X Java virus
[NOTE] The file was moved to the quarantine directory under the name '64cb8b7a.qua'.
C:\Users\Brandon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\53f48ad8-5476d40f
[DETECTION] Contains recognition pattern of the JAVA/Stutter.K.1 Java virus
[NOTE] The file was moved to the quarantine directory under the name '214ba65f.qua'.


End of the scan: Friday, May 20, 2011 03:15
Used time: 40:01 Minute(s)

The scan has been done completely.

24637 Scanned directories
467256 Files were scanned
5 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
467250 Files not concerned
2445 Archives were scanned
1 Warnings
5 Notes

 

[Bobbye]

Please run DDS again. It is not looking for bad entries- the 2 logs will basically show me everything on the system. So there will be a log- 2 of them. You can do a search on the system foe DDS.txt and Attach.txt (don't zip the Attach.txt log. Those are the names of the 2 logs. If you still can't get anything, uninstall what you have now, download and run again.

I didn't need the Avira scan- but it is strange that it is indicating some malware entries, but Mbam is clean. Right now I don't have any information about what's installed and running on the system. I don't know where you got the psvrr.exe name from, nor do I know what you did following someone else's directions.

psvrr.exe is described as a System.Backdoor But to handle it, I need to see your system and what's on it. And it is very possible that whatever other directions you may have followed, have put the system more at risk or possibly corrupted it.

 

[branson]

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Brandon at 18:51:41 on 2011-05-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2167 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Brandon\Desktop\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll
BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - C:\Program Files (x86)\RegTweaker\key.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PopUpStopperFreeEdition] "C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-20 136360]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-4-23 136616]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2011-4-21 96896]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-5-19 337872]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2011-5-18 6746280]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-5 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2010-11-5 822264]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-11 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AODDriver2;AODDriver2;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-4-23 52352]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-18 984392]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-6 704864]
S3 RTCore64;RTCore64;C:\Program Files (x86)\RMClock\RTCore64.sys [2011-4-21 7168]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-5-19 371472]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-5-19 1117144]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-20 269480]
.
=============== Created Last 30 ================
.
2011-05-20 06:37:04 -------- d-----w- C:\Users\Brandon\AppData\Local\Threat Expert
2011-05-20 06:08:40 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Avira
2011-05-20 06:04:32 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-05-20 06:04:31 -------- d-----w- C:\ProgramData\Avira
2011-05-20 06:04:31 -------- d-----w- C:\Program Files (x86)\Avira
2011-05-19 18:22:06 -------- d-----w- C:\Users\Brandon\AppData\Roaming\vexorian
2011-05-19 15:10:13 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-05-19 15:10:10 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02C9369B-2EE0-4445-898C-679DCD44BD34}\mpengine.dll
2011-05-19 05:07:15 767952 ----a-w- C:\Windows\BDTSupport.dll
2011-05-19 05:07:14 2074576 ----a-w- C:\Windows\PCTBDCore.dll
2011-05-19 05:07:14 1533904 ----a-w- C:\Windows\PCTBDRes.dll
2011-05-19 05:07:14 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2011-05-19 05:05:57 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2011-05-19 05:05:57 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2011-05-19 05:05:55 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2011-05-19 05:05:55 140800 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-05-19 05:05:45 282440 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-05-19 05:05:32 279344 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2011-05-19 05:05:30 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-05-19 05:05:24 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-05-19 05:05:24 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-05-19 05:01:16 -------- d-----w- C:\ProgramData\PC Tools
2011-05-19 04:44:26 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2011-05-19 04:44:26 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2011-05-19 04:21:25 -------- d-----w- C:\Program Files (x86)\Ad-Remover
2011-05-18 23:07:01 -------- d-----w- C:\Users\Brandon\AppData\Roaming\AVG10
2011-05-18 23:02:44 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2011-05-18 23:02:35 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-05-18 23:01:54 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-05-18 23:01:54 -------- d-----w- C:\ProgramData\AVG10
2011-05-18 23:00:57 -------- d-----w- C:\Program Files (x86)\AVG
2011-05-18 16:32:10 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-18 16:15:12 98816 ----a-w- C:\Windows\sed.exe
2011-05-18 15:40:19 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll
2011-05-18 15:40:18 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2011-05-18 15:40:18 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys
2011-05-18 15:40:18 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys
2011-05-18 15:40:18 -------- d-----w- C:\Program Files\Prevx
2011-05-18 15:39:48 -------- d-----w- C:\ProgramData\PrevxCSI
2011-05-18 14:27:45 388096 ----a-r- C:\Users\Brandon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-18 14:27:45 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-18 14:14:24 -------- d-----w- C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
2011-05-18 14:14:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-05-18 14:14:18 -------- d-----w- C:\ProgramData\!SASCORE
2011-05-18 14:14:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-05-18 05:47:29 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-18 05:47:29 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-17 18:22:57 -------- d-----w- C:\Program Files (x86)\Panicware
2011-05-17 15:49:26 546256 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2011-05-17 15:49:26 456144 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2011-05-17 15:49:26 22992 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2011-05-17 15:49:26 132560 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2011-05-17 15:49:24 99792 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2011-05-17 15:49:24 99792 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2011-05-17 15:49:24 67024 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2011-05-17 15:49:24 398800 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2011-05-17 15:49:24 28624 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2011-05-17 15:49:22 738768 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2011-05-17 15:49:22 390608 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2011-05-17 15:49:22 230864 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2011-05-17 03:55:59 -------- d-----w- C:\ProgramData\STOPzilla!
2011-05-17 03:08:21 -------- d-----w- C:\Users\Brandon\AppData\Local\DDMSettings
2011-05-17 03:04:42 -------- d-----w- C:\Program Files\DivX
2011-05-17 03:04:38 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-05-17 02:58:56 -------- d-----w- C:\Program Files (x86)\DivX
2011-05-17 02:57:49 -------- d-----w- C:\ProgramData\DivX
2011-05-11 19:21:49 -------- d-----w- C:\Users\Brandon\AppData\Roaming\IrfanView
2011-05-11 19:21:49 -------- d-----w- C:\Program Files (x86)\IrfanView
2011-05-11 02:45:35 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 02:45:35 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 02:45:35 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 02:45:35 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 02:45:35 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 02:45:35 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 02:45:35 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-11 02:45:33 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 02:45:33 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 02:45:32 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-06 18:20:44 -------- d-----w- C:\Users\Brandon\AppData\Local\AVG Security Toolbar
2011-04-26 21:39:31 2870272 ----a-w- C:\Windows\explorer.exe
2011-04-26 21:39:31 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-26 21:39:25 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-26 21:39:25 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-26 21:37:30 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-04-26 21:37:30 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-04-26 21:37:30 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-04-26 21:37:30 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-04-26 21:37:30 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-04-26 21:37:29 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-04-26 21:37:29 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-04-26 21:37:29 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-04-26 21:37:29 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-04-26 21:37:29 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-04-26 21:37:29 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-04-26 21:36:48 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-26 21:36:48 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-04-21 14:27:11 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2011-04-21 14:27:11 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2011-04-21 14:11:11 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2011-04-21 14:05:42 24576 ----a-w- C:\Windows\SysWow64\AsIO.dll
2011-04-21 14:05:42 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2011-04-21 14:05:14 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-04-21 14:05:14 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-04-21 14:05:14 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-04-21 14:05:14 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-04-21 14:05:13 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-04-21 14:05:12 15416 ----a-w- C:\Windows\System32\drivers\ASACPI.sys
2011-04-21 14:04:53 -------- d-----w- C:\Program Files (x86)\ASUS
2011-04-21 13:46:57 25640 ----a-w- C:\Windows\gdrv.sys
2011-04-21 13:32:25 -------- d-----w- C:\Program Files (x86)\RMClock
.
==================== Find3M ====================
.
.
============= FINISH: 18:52:16.51 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2011 8:40:04 PM
System Uptime: 5/20/2011 12:43:49 PM (6 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4N68T-M-V2
Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2800/214mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 788.188 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AVGIDSDriver
Device ID: ROOT\LEGACY_AVGIDSDRIVER\0000
Manufacturer:
Name: AVGIDSDriver
PNP Device ID: ROOT\LEGACY_AVGIDSDRIVER\0000
Service: AVGIDSDriver
.
Class GUID:
Description:
Device ID: ROOT\*SYSTOOLDEVICE\0000
Manufacturer:
Name:
PNP Device ID: ROOT\*SYSTOOLDEVICE\0000
Service:
.
==== System Restore Points ===================
.
RP64: 5/11/2011 3:00:13 AM - Windows Update
RP65: 5/16/2011 11:55:30 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP66: 5/17/2011 12:20:45 AM - StopZILLA! Restore Point.
RP68: 5/18/2011 3:00:12 AM - Windows Update
RP69: 5/18/2011 10:27:21 AM - Installed HiJackThis
RP70: 5/18/2011 11:28:35 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP71: 5/18/2011 11:35:19 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP72: 5/18/2011 11:55:32 AM - Removed AVG 2011
RP73: 5/18/2011 11:56:53 AM - Removed AVG 2011
RP74: 5/18/2011 7:00:24 PM - Installed AVG 2011
RP75: 5/18/2011 7:01:04 PM - Installed AVG 2011
RP76: 5/19/2011 12:43:54 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP77: 5/19/2011 1:27:55 AM - StopZILLA! Restore Point.
RP78: 5/19/2011 11:09:27 AM - Windows Update
.
==== Installed Programs ======================
.
.
==== Event Viewer Messages From Past Week ========
.
5/20/2011 6:11:51 AM, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/20/2011 12:44:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
5/20/2011 12:44:22 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: Insufficient system resources exist to complete the requested service.
5/20/2011 12:44:22 PM, Error: Service Control Manager [7000] - The AVGIDSDriver service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/20/2011 12:08:04 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/20/2011 1:35:11 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
5/19/2011 3:36:29 PM, Error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The pipe has been ended.
5/19/2011 12:40:53 AM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
5/19/2011 12:24:40 AM, Error: Service Control Manager [7038] - The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/19/2011 12:24:40 AM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not start due to a logon failure.
5/19/2011 12:24:40 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The pipe has been ended.
5/19/2011 12:24:09 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
5/19/2011 12:24:09 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.
5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s).
5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s).
5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The AODService service terminated unexpectedly. It has done this 1 time(s).
5/19/2011 12:23:39 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
5/19/2011 12:23:39 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/19/2011 12:23:39 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/19/2011 12:23:39 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/19/2011 12:23:39 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/19/2011 12:23:39 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/18/2011 3:18:15 AM, Error: Service Control Manager [7023] -
5/18/2011 12:20:55 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/18/2011 12:20:32 PM, Error: Application Popup [1060] - \??\C:\Combo-Fix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/18/2011 1:20:41 AM, Error: Service Control Manager [7000] - The RTCore64 service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
5/17/2011 12:08:03 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
.
==== End Of File ===========================

 

[Bobbye]

Please recover the rest of the attach.txt log from the DDS scan and paste it in your next reply. Everything below this is blank:

==== Installed Programs ======================

?????????????????????

Your system is truly in terrible shape. You have so much 'security' on it I'm surprised anything can get in!
=============================================
Do not add any more 'security programs, ad blockers, toolbars, etc. We will be removing some you already have, including the rogues, those from unsafe sites, etc.
============================================
Please run this Security Check
Download Security Check by screen317 from HERE or HERE .

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=======================================
Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
  in your next reply.

=========================================
The next scan For you to run, Combofix, will not run with AVG on the system. So AVG can be uniunstalled as directed below. Do not put another AV on the system- you already have one!
=========================================
Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AVG program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

=============================
Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions, if needed.

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

-------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[branson]

I am deeply sorry for having to put this off . I was in the hospital for a little over a week ... I am back now and getting things together at home and will resume this tomorrow . I am sorry if I've tested your patience . Thank you for your time .

Best Regards ,
Brandon

 

[branson]

ComboFix 11-05-30.06 - Brandon 05/31/2011 1:15.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2792 [GMT -4:00]
Running from: c:\users\Brandon\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-31 05:22 . 2011-05-31 05:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-31 02:57 . 2011-05-31 03:00 -------- d-----w- c:\users\Brandon\AppData\Roaming\Red Alert 3
2011-05-27 07:38 . 2011-05-18 16:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{672B91E7-49F5-40F6-88D9-C239EE6C5CF1}\mpengine.dll
2011-05-26 00:35 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-21 02:12 . 2011-05-21 02:12 -------- d-----w- C:\9b30e762ec4faaa359e0423c
2011-05-20 06:37 . 2011-05-20 06:37 -------- d-----w- c:\users\Brandon\AppData\Local\Threat Expert
2011-05-19 18:22 . 2011-05-19 18:24 -------- d-----w- c:\users\Brandon\AppData\Roaming\vexorian
2011-05-19 05:05 . 2011-05-31 05:04 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-05-19 05:01 . 2011-05-31 03:25 -------- d-----w- c:\programdata\PC Tools
2011-05-19 04:21 . 2011-05-31 03:19 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-05-18 23:07 . 2011-05-18 23:07 -------- d-----w- c:\users\Brandon\AppData\Roaming\AVG10
2011-05-18 23:02 . 2011-05-31 05:02 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-05-18 23:00 . 2011-05-18 23:00 -------- d-----w- c:\program files (x86)\AVG
2011-05-18 14:27 . 2011-05-18 14:27 388096 ----a-r- c:\users\Brandon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-18 14:27 . 2011-05-18 14:27 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-18 14:14 . 2011-05-18 14:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-18 14:14 . 2011-05-18 14:14 -------- d-----w- c:\programdata\!SASCORE
2011-05-18 05:47 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-18 05:47 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-17 18:22 . 2011-05-17 18:22 -------- d-----w- c:\program files (x86)\Panicware
2011-05-17 03:55 . 2011-05-31 03:29 -------- d-----w- c:\programdata\STOPzilla!
2011-05-17 03:08 . 2011-05-17 03:08 -------- d-----w- c:\users\Brandon\AppData\Local\DDMSettings
2011-05-17 03:05 . 2011-05-17 03:05 -------- d-----w- c:\users\Brandon\AppData\Roaming\DivX
2011-05-17 03:04 . 2011-05-17 03:04 -------- d-----w- c:\program files\DivX
2011-05-17 03:04 . 2011-05-17 03:04 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-05-17 02:58 . 2011-05-17 03:05 -------- d-----w- c:\program files (x86)\DivX
2011-05-17 02:57 . 2011-05-17 03:05 -------- d-----w- c:\programdata\DivX
2011-05-11 19:21 . 2011-05-11 19:21 -------- d-----w- c:\users\Brandon\AppData\Roaming\IrfanView
2011-05-11 19:21 . 2011-05-11 19:21 -------- d-----w- c:\program files (x86)\IrfanView
2011-05-11 02:45 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 02:45 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 02:45 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 02:45 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 02:45 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 02:45 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 02:45 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 02:45 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 02:45 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 02:45 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-06 18:20 . 2011-05-06 18:20 -------- d-----w- c:\users\Brandon\AppData\Local\AVG Security Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-21 13:46 . 2011-04-21 13:46 25640 ----a-w- c:\windows\gdrv.sys
2011-04-19 04:16 . 2011-04-19 04:14 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-19 04:16 . 2011-04-19 04:14 139264 ----a-w- c:\windows\War3Unin.exe
2011-03-12 12:03 . 2011-04-26 21:39 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:31 . 2011-04-26 21:39 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23 . 2011-04-26 21:37 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:23 . 2011-04-26 21:37 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:23 . 2011-04-26 21:37 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:23 . 2011-04-26 21:37 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:23 . 2011-04-26 21:37 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:22 . 2011-04-26 21:37 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:22 . 2011-04-26 21:37 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:19 . 2011-04-14 03:45 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-14 03:45 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:18 . 2011-04-26 21:37 2566144 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:15 . 2011-04-26 21:37 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:40 . 2011-04-14 03:45 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 03:45 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:39 . 2011-04-26 21:37 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:37 . 2011-04-26 21:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-08 06:14 . 2011-04-14 03:44 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-14 03:44 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-26 21:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-26 21:39 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-14 03:44 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-14 03:44 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-14 03:44 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-14 03:45 3133440 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-18_16.20.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-05-18 16:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-05-31 05:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-05-18 16:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-31 05:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-31 05:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-18 16:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-28 20:01 . 2011-05-31 05:06 37286 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-31 05:06 35432 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2011-05-27 00:39 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-05-11 07:16 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-01-01 22:08 . 2011-05-29 15:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-01 22:08 . 2011-05-18 07:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-01 22:08 . 2011-05-18 07:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-01 22:08 . 2011-05-29 15:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-18 07:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-29 15:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-02 02:28 . 2011-05-31 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-02 02:28 . 2011-05-18 16:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2011-05-18 16:02 78224 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-05-31 05:07 78224 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-01-02 02:28 . 2011-05-31 05:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-02 02:28 . 2011-05-18 16:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-02 02:28 . 2011-05-31 05:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-02 02:28 . 2011-05-18 16:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-02 02:28 . 2011-05-31 05:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-02 02:28 . 2011-05-18 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-02 02:28 . 2011-05-18 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-02 02:28 . 2011-05-31 05:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-30 22:14 . 2011-05-31 02:52 29310 c:\windows\Installer\{296D8550-CB06-48E4-9A8B-E5034FB64715}\ra3.exe
+ 2011-01-02 01:41 . 2011-05-31 05:06 8788 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2216904268-2540828368-1871616061-1000_UserData.bin
+ 2011-05-27 00:44 . 2011-05-27 00:44 9560 c:\windows\system32\NetworkList\Icons\{E4B4E640-69DE-4B9E-829D-C67FF57512E6}_48.bin
+ 2011-05-27 00:44 . 2011-05-27 00:44 4280 c:\windows\system32\NetworkList\Icons\{E4B4E640-69DE-4B9E-829D-C67FF57512E6}_32.bin
+ 2011-05-27 00:44 . 2011-05-27 00:44 2456 c:\windows\system32\NetworkList\Icons\{E4B4E640-69DE-4B9E-829D-C67FF57512E6}_24.bin
+ 2011-05-27 01:04 . 2011-05-27 01:04 9560 c:\windows\system32\NetworkList\Icons\{1F16D6B6-B164-41B0-BA36-9053CC89A2AA}_48.bin
+ 2011-05-27 01:04 . 2011-05-27 01:04 4280 c:\windows\system32\NetworkList\Icons\{1F16D6B6-B164-41B0-BA36-9053CC89A2AA}_32.bin
+ 2011-05-27 01:04 . 2011-05-27 01:04 2456 c:\windows\system32\NetworkList\Icons\{1F16D6B6-B164-41B0-BA36-9053CC89A2AA}_24.bin
- 2011-05-18 16:13 . 2011-05-18 16:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-31 05:04 . 2011-05-31 05:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-31 05:04 . 2011-05-31 05:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-18 16:13 . 2011-05-18 16:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-03 08:27 . 2011-05-31 05:04 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-01-03 08:27 . 2011-05-18 15:59 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 02:36 . 2011-05-18 16:18 632708 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-05-31 05:08 632708 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-05-18 16:18 110342 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-05-31 05:08 110342 c:\windows\system32\perfc009.dat
- 2011-01-01 23:46 . 2010-10-19 15:41 270720 c:\windows\system32\MpSigStub.exe
+ 2011-01-01 23:46 . 2011-02-02 22:11 270720 c:\windows\system32\MpSigStub.exe
- 2009-07-14 05:30 . 2011-05-11 07:16 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-05-27 00:39 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:12 . 2011-05-29 15:07 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-01-30 19:12 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-05-31 05:03 234280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-05-18 16:12 234280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-08-08 18:11 . 2008-08-08 18:11 232960 c:\windows\Installer\24e2c4.msi
- 2009-07-14 04:45 . 2011-05-18 16:02 3834178 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-05-31 05:06 3834178 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2008-10-10 14:56 . 2008-10-10 14:56 4108288 c:\windows\Installer\7dac44c.msi
- 2009-07-14 02:34 . 2011-05-18 15:37 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-05-31 05:17 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 16:27 2735200 ----a-w- c:\program files (x86)\ZoneAlarm_Security\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 2245120]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2005-05-25 7168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-04-23 136616]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-29 96896]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 822264]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ALSysIO;ALSysIO;c:\users\Brandon\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-04-23 52352]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 1123320]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?&cid=mtmh05262011
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ic1h1xud.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG10\Firefox4
FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - c:\program files (x86)\RegTweaker\key.dll
Wow6432Node-HKLM-Run-ISTray - c:\program files (x86)\PC Tools Security\pctsGui.exe
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2216904268-2540828368-1871616061-1000\Software\SecuROM\License information*]
"datasecu"=hex:8a,bc,a6,db,c2,2e,56,10,e1,2e,70,68,57,c1,6d,a2,ac,a3,04,b5,98,
ec,c4,c7,b4,c0,52,cd,1c,8a,2e,38,4f,40,ab,7c,15,24,4e,1e,13,43,87,7e,b5,09,\
"rkeysecu"=hex:31,01,63,79,75,f5,8b,34,eb,de,2e,74,f4,ad,49,cf
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-31 01:24:52
ComboFix-quarantined-files.txt 2011-05-31 05:24
ComboFix2.txt 2011-05-18 16:22
.
Pre-Run: 815,444,930,560 bytes free
Post-Run: 821,880,569,856 bytes free
.
- - End Of File - - C48938FB5BEE8F1BEEC9423882602E6E

 

[branson]

Results of screen317's Security Check version 0.99.12
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ZoneAlarm
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.2.152.32
Mozilla Firefox (3.6.17) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

 

[branson]

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\brandon\desktop\my stuff\gaming folder\aoe ii\crack.zip
c:\users\brandon\downloads\command.and.conquer.red.alert.3-reloaded\rld-ra3\crack\clownbold.ttg
c:\users\brandon\downloads\command.and.conquer.red.alert.3-reloaded\rld-ra3\crack\lib_art.map
c:\users\brandon\downloads\command.and.conquer.red.alert.3-reloaded\rld-ra3\crack\rld-ra3k.exe
c:\users\brandon\downloads\command.and.conquer.red.alert.3-reloaded\rld-ra3\crack\data\clownbold.ttg
c:\users\brandon\downloads\command.and.conquer.red.alert.3-reloaded\rld-ra3\crack\data\lib_art.map
c:\users\brandon\downloads\command.and.conquer.red.alert.3-reloaded\rld-ra3\crack\data\ra3_1.0.game
c:\users\brandon\downloads\warcraft ii battle net edition\alcohol 120% 1.9.5.3823\crack\serials.txt
c:\users\brandon\downloads\warcraft iii - the frozen throne\warcraft iii - the frozen throne [disk3] -crack,patch,serial.iso
c:\users\brandon\downloads\warcraft iii - the frozen throne\crack\blizzard.dll
c:\users\brandon\downloads\warcraft iii - the frozen throne\crack\reloaded.nfo
c:\users\brandon\downloads\warcraft iii - the frozen throne\crack\war3.exe
c:\users\brandon\downloads\warcraft iii - the frozen throne\crack\war3.org
c:\users\brandon\downloads\warcraft iii - the frozen throne\crack\worldedit.exe
scanner sequence 3.IE.11
----- EOF -----

 

[branson]

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Brandon at 1:41:51 on 2011-05-31
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2608 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Brandon\Desktop\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?&cid=mtmh05262011
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - C:\Program Files (x86)\RegTweaker\key.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ic1h1xud.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ic1h1xud.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-4-23 136616]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2011-4-21 96896]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-5 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2010-11-5 822264]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-11 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AODDriver2;AODDriver2;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-4-23 52352]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-6 704864]
S3 RTCore64;RTCore64;C:\Program Files (x86)\RMClock\RTCore64.sys [2011-4-21 7168]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-05-31 05:14:13 518144 ----a-w- C:\Windows\SWREG.exe
2011-05-31 05:14:13 256512 ----a-w- C:\Windows\PEV.exe
2011-05-31 05:14:13 208896 ----a-w- C:\Windows\MBR.exe
2011-05-31 02:57:12 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Red Alert 3
2011-05-27 07:38:49 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{672B91E7-49F5-40F6-88D9-C239EE6C5CF1}\mpengine.dll
2011-05-26 00:35:51 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-21 02:12:36 -------- d-----w- C:\9b30e762ec4faaa359e0423c
2011-05-20 06:37:04 -------- d-----w- C:\Users\Brandon\AppData\Local\Threat Expert
2011-05-19 18:22:06 -------- d-----w- C:\Users\Brandon\AppData\Roaming\vexorian
2011-05-19 15:10:13 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-05-19 05:05:24 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-05-19 05:01:16 -------- d-----w- C:\ProgramData\PC Tools
2011-05-19 04:21:25 -------- d-----w- C:\Program Files (x86)\Ad-Remover
2011-05-18 23:07:01 -------- d-----w- C:\Users\Brandon\AppData\Roaming\AVG10
2011-05-18 23:02:44 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2011-05-18 23:00:57 -------- d-----w- C:\Program Files (x86)\AVG
2011-05-18 16:15:12 98816 ----a-w- C:\Windows\sed.exe
2011-05-18 14:27:45 388096 ----a-r- C:\Users\Brandon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-18 14:27:45 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-18 14:14:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-05-18 14:14:18 -------- d-----w- C:\ProgramData\!SASCORE
2011-05-18 05:47:29 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-18 05:47:29 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-17 18:22:57 -------- d-----w- C:\Program Files (x86)\Panicware
2011-05-17 03:55:59 -------- d-----w- C:\ProgramData\STOPzilla!
2011-05-17 03:08:21 -------- d-----w- C:\Users\Brandon\AppData\Local\DDMSettings
2011-05-17 03:04:42 -------- d-----w- C:\Program Files\DivX
2011-05-17 03:04:38 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-05-17 02:58:56 -------- d-----w- C:\Program Files (x86)\DivX
2011-05-17 02:57:49 -------- d-----w- C:\ProgramData\DivX
2011-05-11 19:21:49 -------- d-----w- C:\Users\Brandon\AppData\Roaming\IrfanView
2011-05-11 19:21:49 -------- d-----w- C:\Program Files (x86)\IrfanView
2011-05-11 02:45:35 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 02:45:35 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 02:45:35 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 02:45:35 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 02:45:35 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 02:45:35 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 02:45:35 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-11 02:45:33 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 02:45:33 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 02:45:32 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-06 18:20:44 -------- d-----w- C:\Users\Brandon\AppData\Local\AVG Security Toolbar
.
==================== Find3M ====================
.
2011-04-21 13:46:57 25640 ----a-w- C:\Windows\gdrv.sys
2011-04-19 04:16:35 2829 ----a-w- C:\Windows\War3Unin.pif
2011-04-19 04:16:35 139264 ----a-w- C:\Windows\War3Unin.exe
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 1:42:12.02 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2011 8:40:04 PM
System Uptime: 5/31/2011 1:04:00 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4N68T-M-V2
Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2800/214mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 765.508 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\*SYSTOOLDEVICE\0000
Manufacturer:
Name:
PNP Device ID: ROOT\*SYSTOOLDEVICE\0000
Service:
.
==== System Restore Points ===================
.
RP86: 5/30/2011 5:44:58 PM - Installed Command & Conquer(tm) Red Alert(tm) 3
RP87: 5/30/2011 6:07:57 PM - Installed Command & Conquer(tm) Red Alert(tm) 3
RP88: 5/30/2011 6:42:16 PM - Removed Command & Conquer™ Red Alert™ 3
RP89: 5/30/2011 6:46:48 PM - Installed Command & Conquer(tm) Red Alert(tm) 3
RP90: 5/30/2011 7:11:27 PM - Removed Command & Conquer™ Red Alert™ 3
RP91: 5/30/2011 10:30:35 PM - Removed Crysis(R).
RP92: 5/30/2011 10:33:27 PM - Removed Command & Conquer™ Red Alert™ 3
RP93: 5/30/2011 10:46:37 PM - Installed Command & Conquer(tm) Red Alert(tm) 3
RP94: 5/30/2011 11:27:07 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Age of Empires III
AI Suite
AIM 7
AMD OverDrive
Apple Application Support
Apple Software Update
ATI Catalyst Registration
Call of Duty Modern Warfare 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Cold War Crisis Release 1.5
Command & Conquer The First Decade
Command & Conquer™ Red Alert™ 3
DivX Setup
Download Updater (AOL LLC)
EA Download Manager
ffdshow v1.1.3562 [2010-09-07]
FullRA Plus V3.03
GameSpy Comrade
HiJackThis
iDump (Freeware) Build:31
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
Kali II
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware
Mega Manager
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.17)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Platform
Project64 1.6
PunkBuster Services
QuickTime
Red Alert - A Path Beyond -- Cold Fusion (remove only)
Red Alert - A Path Beyond -- Gamma (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Spybot - Search & Destroy
Steam
The Lord of the Rings FREE Trial
TurboV
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VC80CRTRedist - 8.0.50727.4053
VIA Platform Device Manager
Visual Studio 2008 x64 Redistributables
Warcraft III
Warcraft III: All Products
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.00 beta 3 (32-bit)
Xvid 1.2.1 final uninstall
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
5/31/2011 1:22:59 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/30/2011 6:24:27 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
5/30/2011 11:28:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.
5/29/2011 9:55:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
5/29/2011 9:55:39 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: Insufficient system resources exist to complete the requested service.
5/29/2011 9:55:39 AM, Error: Service Control Manager [7000] - The AVGIDSDriver service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
5/29/2011 9:52:34 AM, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/27/2011 8:28:57 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================

 

[Bobbye]

Thank you for your patience. My internet was down, then we had a storm front come through. I am in 'hurry to catch up' mode now.

A Note for you: The use of serials and cracks to pirate games or data is going to continue to bring malware to the system. At some point, if there is anough malware, the system may become so unstable that you can't boot up.
==========================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::

DDS::
DDS::
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: ZoneAlarm Security Engine Registrar - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
Folder::
c:\users\Brandon\AppData\Local\Threat Expert
c:\program files (x86)\PC Tools Security
c:\programdata\PC Tools
Registry::
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
==========================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

 

[branson]

Well , I actually own the games (not that you care too much about that) and I downloaded the cracks because of issues I was having . But anyway , I understand , stuff like that happens , take your time , I can wait as long as you need me to , just give me a heads up as to how long it will take for you to reply . Anything to make life easier on you . I will do the custom script tomorrow as I am going to bed now .

Goodnight and thanks again,
Brandon

 

[Bobbye]

Waiting on the new logs.

 

[branson]

I'm sorry , I had a lot of stuff to take care of today . But you seem very patient yourself . But you're probably glad you have one less problem to deal with today
Sincerely,
Brandon

p.s. i appreciate you putting up with the delays , not many people are as patient as you are

 

[Bobbye]

Not to worry! Gives me a chance to catch up on other threads I'm behind on!

Post when ready.

 

[branson]

Did everything you said and it found no infections , but here's my CF Log:


ComboFix 11-06-10.0A - Brandon 06/11/2011 10:03:37.3.6 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2608 [GMT -4:00]
Running from: c:\users\Brandon\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Brandon\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\PC Tools Security
c:\program files (x86)\PC Tools Security\BDT\BDTCloudCache.bin
c:\program files (x86)\ZoneAlarm_Security\tbZone.dll
c:\programdata\PC Tools
c:\programdata\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_en_dl.exe
c:\users\Brandon\AppData\Local\Threat Expert
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 14:08 . 2011-06-11 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 14:00 . 2011-06-11 14:01 -------- d-----w- C:\Combo-Fix
2011-06-11 13:52 . 2011-06-11 13:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-11 13:52 . 2011-05-04 08:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-03 15:04 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-06-03 15:04 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-03 15:04 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2011-06-03 15:04 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2011-06-03 15:04 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-06-03 15:04 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-31 13:37 . 2011-05-31 13:37 -------- d-----w- c:\programdata\ProcessLasso
2011-05-31 13:37 . 2011-05-31 13:38 -------- d-----w- c:\users\Brandon\AppData\Roaming\ProcessLasso
2011-05-31 13:37 . 2011-05-31 13:38 -------- d-----w- c:\program files\Process Lasso
2011-05-31 02:57 . 2011-05-31 03:00 -------- d-----w- c:\users\Brandon\AppData\Roaming\Red Alert 3
2011-05-27 07:38 . 2011-05-18 16:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{672B91E7-49F5-40F6-88D9-C239EE6C5CF1}\mpengine.dll
2011-05-26 00:35 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-21 02:12 . 2011-05-21 02:12 -------- d-----w- C:\9b30e762ec4faaa359e0423c
2011-05-19 18:22 . 2011-05-19 18:24 -------- d-----w- c:\users\Brandon\AppData\Roaming\vexorian
2011-05-19 04:21 . 2011-05-31 03:19 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-05-18 23:07 . 2011-05-18 23:07 -------- d-----w- c:\users\Brandon\AppData\Roaming\AVG10
2011-05-18 23:02 . 2011-06-11 13:53 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-05-18 23:00 . 2011-06-11 13:57 -------- d-----w- c:\program files (x86)\AVG
2011-05-18 14:27 . 2011-05-18 14:27 388096 ----a-r- c:\users\Brandon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-18 14:27 . 2011-05-18 14:27 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-18 14:14 . 2011-05-18 14:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-18 14:14 . 2011-05-18 14:14 -------- d-----w- c:\programdata\!SASCORE
2011-05-18 05:47 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-18 05:47 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-17 18:22 . 2011-05-17 18:22 -------- d-----w- c:\program files (x86)\Panicware
2011-05-17 03:55 . 2011-05-31 03:29 -------- d-----w- c:\programdata\STOPzilla!
2011-05-17 03:08 . 2011-05-17 03:08 -------- d-----w- c:\users\Brandon\AppData\Local\DDMSettings
2011-05-17 03:05 . 2011-06-03 16:34 -------- d-----w- c:\users\Brandon\AppData\Roaming\DivX
2011-05-17 03:04 . 2011-05-17 03:04 -------- d-----w- c:\program files\DivX
2011-05-17 03:04 . 2011-05-17 03:04 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-05-17 02:58 . 2011-05-17 03:05 -------- d-----w- c:\program files (x86)\DivX
2011-05-17 02:57 . 2011-05-17 03:05 -------- d-----w- c:\programdata\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 08:52 . 2011-01-01 23:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-21 13:46 . 2011-04-21 13:46 25640 ----a-w- c:\windows\gdrv.sys
2011-04-19 04:16 . 2011-04-19 04:14 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-19 04:16 . 2011-04-19 04:14 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-09 06:45 . 2011-05-11 02:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 02:45 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 02:45 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-25 03:23 . 2011-05-11 02:45 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:23 . 2011-05-11 02:45 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:23 . 2011-05-11 02:45 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:22 . 2011-05-11 02:45 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:22 . 2011-05-11 02:45 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:22 . 2011-05-11 02:45 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:22 . 2011-05-11 02:45 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 2245120]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2005-05-25 7168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-04-23 136616]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-29 96896]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 822264]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ALSysIO;ALSysIO;c:\users\Brandon\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-04-23 52352]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 1123320]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?&cid=mtmh05262011
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ic1h1xud.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG10\Firefox4
FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ISTray - c:\program files (x86)\PC Tools Security\pctsGui.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2216904268-2540828368-1871616061-1000\Software\SecuROM\License information*]
"datasecu"=hex:8a,bc,a6,db,c2,2e,56,10,e1,2e,70,68,57,c1,6d,a2,ac,a3,04,b5,98,
ec,c4,c7,b4,c0,52,cd,1c,8a,2e,38,4f,40,ab,7c,15,24,4e,1e,13,43,87,7e,b5,09,\
"rkeysecu"=hex:31,01,63,79,75,f5,8b,34,eb,de,2e,74,f4,ad,49,cf
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2011-06-11 10:12:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 14:12
ComboFix2.txt 2011-05-31 05:24
.
Pre-Run: 822,345,711,616 bytes free
Post-Run: 822,013,054,976 bytes free
.
- - End Of File - - 6D398B1D48059371B08360DE749E9CA7

 

[Bobbye]

Are you actually having any problem now> So far I haven't seen anything related to psvrr.exe. I'll remove a couple of files and if problems have been resolved, I'll have you remove the cleaning tools:
==================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\windows\system32\drivers\Diskdump.sys

FileLook::
C:\9b30e762ec4faaa359e0423c

RegNull::
[HKEY_USERS\S-1-5-21-2216904268-2540828368-1871616061-1000\Software\SecuROM\License information*]

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================

 

[branson]

Well my computer has been unusually slow ( still fast but not what it was and its only a few months old ) and froze up a couple times for no reason at all

 

[Bobbye]

Well my computer has been unusually slow ( still fast but not what it was and its only a few months old ) and froze up a couple times for no reason at all

1. For 'slow', take everytihng off of the startup Menu except the antivirus, firewall, touckpad if on laptop and network process if applicable.
2. Consider if the RAM installed is sufficient.
3. When the system freezes, check the time and look in the Event Viewer for corresponding error.
Please refer to this site: http://www.windows7update.com/Windows7-Event-Viewer.html
The system is clean. I saw no evidence of the process in your subject.
=======================================
Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.
  Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  
• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Click on Start> right click on Computer> Properties
• Select System Protection
• Click on the Create button (near bottom)
• Type a name for the Restore Point
• Click on Create again to save the restore point.
  
• Deleting all but the most recent System Protection point in Windows 7
• Click Start> Computer> right click the C Drive and choose Properties> enter.
• Click Disk Cleanup from there.
  
  
• Click Clean up system files
  This restarts Disk Cleanup to run in elevated mode.
• Click the More Options tab
  
  
• Click the Clean up under System Restore and Shadow Copies.
• Click OK.
• You will get a confirmation screen> Just click Delete.
• Click OK on the Disk Cleanup Screen.
• Click Delete Files on the Confirmation screen.

It will run the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin

 

[branson]

Thank you , so were done here I presume ?

 

[Bobbye]

You're welcome. Yes. You system is clean.