Inactive Random CPU usage spikes, horrible FPS lag in-game

[defy]

So basically I'm looking to avoid the hassle of reformatting my computer. The best way I can explain it is that something is causing serious lag for my whole system. My in-game fps lag is getting ridiculous, regardless of what game i'm attempting to play (Some of them ran perfectly fine a few months ago). I've been trying to figure this out on my own for several weeks now but I have had no luck. I've also noticed some similar threads but I find them quite hard to follow so I was hoping someone could help me directly with my problem. I'm quite certain that there is some sort of virus or malware currently affecting my computer, I just need some help getting rid of it! Thanks!

 

[Broni]

Do you have those issues only when playing games?

 

[defy]

Not necessarily, it's just much easier to notice in-game. However, it feels as if my computer has been getting slower by the day.

 

[Broni]

We can check...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[defy]

Ok, I've completed all the steps..here are the logs:

MBAM Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4458

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

21/08/2010 3:30:35 PM
mbam-log-2010-08-21 (15-30-35).txt

Scan type: Quick scan
Objects scanned: 149015
Time elapsed: 9 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a8f777cc-c6af-447b-a611-10a9ba15a229} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a8f777cc-c6af-447b-a611-10a9ba15a229} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8f777cc-c6af-447b-a611-10a9ba15a229} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\asdlcomnet.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\inf\asynceql.inf (Malware.Trace) -> Quarantined and deleted successfully.

GMER LOG ....I had some problems with this one so i ran it in safe mode..I might have screwed this one up by accident though so let me know if i should do it over.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-21 16:03:00
Windows 6.0.6000
Running: vi9b0xq0.exe; Driver: C:\Users\Felix\AppData\Local\Temp\ugroypod.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x8E 0x30 0x48 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xE0 0x6E 0xEE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x72 0x08 0xBD 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x3B 0xF3 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xE0 0x6E 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x72 0x08 0xBD 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x3B 0xF3 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0xE0 0x6E 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x72 0x08 0xBD 0x92 ...

---- EOF - GMER 1.0.15 ----

 

[defy]

DDS LOG


DDS (Ver_10-03-17.01) - NTFSx86
Run by Felix at 16:07:13.80 on 21/08/2010
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2044.1089 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 4
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe 4
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bell\Internet Service Advisor\BISA.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Felix\Desktop\foobar2000\foobar2000.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bell\Internet Service Advisor\BISAComHandler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Felix\Downloads\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Shareware.Pro-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
mURLSearchHooks: Shareware.Pro-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Shareware.Pro-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Shareware.Pro-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [BISA.exe] "c:\program files\bell\internet service advisor\BISA.exe" /AUTORUN
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\felix\appdata\roaming\mozilla\firefox\profiles\f7jn383c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\bell\internet service advisor\nprpspa.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\felix\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\felix\appdata\roaming\mozilla\firefox\profiles\f7jn383c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {C32D836F-E8D4-4E30-9686-0EBA82CE46E1} - c:\users\felix\appdata\local\{C32D836F-E8D4-4E30-9686-0EBA82CE46E1}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-21 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-21 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-21 60936]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 ServicepointService;ServicepointService;c:\program files\bell\internet service advisor\ServicepointService.exe [2010-4-13 689392]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2010-08-21 19:19:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 19:19:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 18:56:52 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-21 18:56:46 0 d-----w- c:\programdata\Avira
2010-08-21 18:56:46 0 d-----w- c:\program files\Avira
2010-08-13 22:26:18 0 d-----w- c:\programdata\Blizzard Entertainment
2010-08-13 22:26:17 0 d-----w- c:\program files\StarCraft II
2010-08-07 18:21:38 103139 ----a-w- c:\users\felix\theboys.jpg
2010-08-07 05:57:07 0 d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-08-07 05:55:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2010-08-07 05:54:43 55808 ----a-w- c:\windows\system32\drivers\xusb21.sys
2010-08-04 21:21:30 78848 ---ha-w- c:\windows\system32\cbywxu.dll.vir
2010-08-04 20:57:47 0 d---a-w- c:\programdata\TEMP
2010-08-04 20:57:27 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-04 20:57:27 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-04 20:57:27 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-04 20:57:27 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-04 20:57:27 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-04 20:57:26 0 d-----w- c:\users\felix\appdata\roaming\Simply Super Software
2010-08-04 20:57:26 0 d-----w- c:\programdata\Simply Super Software
2010-08-04 20:57:26 0 d-----w- c:\program files\Trojan Remover
2010-08-03 19:03:25 0 d--h--w- C:\$AVG
2010-08-03 18:47:37 0 d-----w- c:\programdata\avg9
2010-08-03 18:47:37 0 d-----w- c:\program files\AVG
2010-08-02 23:04:33 0 d-----w- c:\users\felix\appdata\roaming\Malwarebytes
2010-08-02 22:57:45 0 d-----w- c:\programdata\Malwarebytes
2010-08-02 22:57:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 22:39:36 50 ----a-w- c:\windows\wininit.ini
2010-08-01 19:04:40 34895 ----a-w- c:\programdata\nvModes.dat
2010-08-01 19:01:15 4332136 ----a-w- c:\windows\system32\NVStWiz.exe
2010-07-30 22:14:30 0 d-----w- c:\users\felix\appdata\roaming\2K Sports
2010-07-30 21:55:16 0 d-----w- c:\program files\2K Sports
2010-07-30 18:20:34 0 d-----w- c:\programdata\KONAMI
2010-07-30 18:20:34 0 d-----w- c:\program files\KONAMI
2010-07-29 21:37:55 0 d-----w- c:\users\felix\appdata\roaming\Softplicity
2010-07-29 21:37:43 0 d-----w- c:\program files\TotalAudioConverter
2010-07-27 22:32:41 0 d-----w- c:\users\felix\appdata\roaming\ManyCam
2010-07-26 19:17:02 497664 ----a-w- c:\windows\system32\ac3filter.acm
2010-07-26 19:15:00 0 d-----w- c:\program files\MediaInfo

==================== Find3M ====================

2010-08-07 05:54:55 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-07 05:54:55 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-07 05:54:55 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-21 10:54:47 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-07-21 10:54:47 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-07-21 10:54:47 100880 ----a-w- c:\windows\system32\Packet.dll
2010-07-21 05:53:14 82432 ---ha-w- c:\windows\system32\hgfccc.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-11-30 08:46:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-29 20:38:05 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:09:33.97 ===============

 

[defy]

Attach Log

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 28/11/2009 6:24:02 PM
System Uptime: 21/08/2010 4:03:24 PM (0 hours ago)

Motherboard: Intel Corporation | | D946GZIS
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | LGA 775 | 2997/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 220.048 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description:
Device ID: USBSTOR\OTHER&VEN_\7&78FCF9A&0&BROE5F123895&0
Manufacturer:
Name:
PNP Device ID: USBSTOR\OTHER&VEN_\7&78FCF9A&0&BROE5F123895&0
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
AC3Filter (remove only)
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11.5
Alien Swarm
Allods Online 1.0.05.41
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.2
Ares 3.1.5.3034
Assassin's Creed II
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 8.1
Bell Internet Check-up
Bell Internet Service Advisor 3.5.15
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
CDDRV_Installer
Counter-Strike
Counter-Strike: Source
Day of Defeat: Source
DivX Setup
erLT
foobar2000 v1.0.2.1
FrostWire 4.18.6
Full Tilt Poker
gBurner
Google Chrome
Half-Life 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 1.49
IDT Audio
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 17
JDownloader
KhalInstallWrapper
League of Legends
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
LightScribe 1.4.136.1
Logitech SetPoint
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
Media Player Classic - Home Cinema v. 1.3.1249.0
MediaInfo 0.7.34
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 3.0 Runtime
Microsoft Xbox 360 Accessories 1.1
mIRC
MLB 2K10
MobileMe Control Panel
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
Norton Security Scan
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
Pando Media Booster
Peer2Peer-EN Toolbar
Picasa 3
PokerStars
Portal
PowerDVD
PowerISO
Pro Evolution Soccer 2010
QuickTime
Realtek High Definition Audio Driver
Roxio Media Manager
RPS CRT
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SopCast 3.2.4
StarCraft II
Steam
System Requirements Lab
The Sims™ 3
TotalAudioConverter
Trojan Remover 6.8.2
TVUPlayer 2.5.2.2
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb977719)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
Ventrilo Client
Virtual DJ - Atomix Productions
Vuze
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
Works Suite OS Pack
Works Synchronization

==== Event Viewer Messages From Past Week ========

15/08/2010 9:40:39 PM, Error: EventLog [6008] - The previous system shutdown at 9:03:23 PM on 15/08/2010 was unexpected.
15/08/2010 4:09:37 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
15/08/2010 3:46:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
15/08/2010 3:46:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
14/08/2010 6:23:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
14/08/2010 12:00:55 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
14/08/2010 10:58:19 AM, Error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
14/08/2010 10:57:22 AM, Error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
14/08/2010 10:57:11 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
14/08/2010 10:57:05 AM, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
14/08/2010 10:57:00 AM, Error: Service Control Manager [7031] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
14/08/2010 10:56:46 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
14/08/2010 10:56:34 AM, Error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
14/08/2010 1:18:50 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

==== End Of File ===========================

 

[Broni]

You did well

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[defy]

haha alright good.. here are the next logs

MBR Check

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Intel Corporation
BIOS Manufacturer: Intel Corp.
System Manufacturer:
System Product Name:
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 153):
0x82000000 \SystemRoot\system32\ntkrnlpa.exe
0x823A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
0x80425000 \SystemRoot\system32\drivers\pci.sys
0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
0x8040E000 \SystemRoot\system32\drivers\intelide.sys
0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
0x807AE000 \SystemRoot\system32\drivers\atapi.sys
0x80790000 \SystemRoot\system32\drivers\ataport.SYS
0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8064B000 \SystemRoot\system32\drivers\ndis.sys
0x80620000 \SystemRoot\system32\drivers\msrpc.sys
0x81FC7000 \SystemRoot\system32\drivers\NETIO.SYS
0x81EBF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x81E55000 \SystemRoot\System32\Drivers\ksecdd.sys
0x81E1F000 \SystemRoot\system32\drivers\volsnap.sys
0x80618000 \SystemRoot\System32\Drivers\spldr.sys
0x80609000 \SystemRoot\System32\drivers\partmgr.sys
0x81E10000 \SystemRoot\System32\Drivers\mup.sys
0x87BDB000 \SystemRoot\System32\drivers\ecache.sys
0x87BCA000 \SystemRoot\system32\drivers\disk.sys
0x87BA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80600000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B950000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B92C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A407000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BCF4000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x88986000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8B823000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A41F000 \SystemRoot\System32\drivers\watchdog.sys
0x8A56D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B95B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A530000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A522000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BCAC000 \SystemRoot\system32\DRIVERS\VSTBS23.SYS
0x8BC82000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C8FC000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x8C849000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x8A42C000 \SystemRoot\system32\drivers\modem.sys
0x8BC5A000 \SystemRoot\system32\DRIVERS\e100b325.sys
0x8A50A000 \SystemRoot\system32\DRIVERS\parport.sys
0x8B810000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A5DF000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0x8B966000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BC40000 \SystemRoot\system32\DRIVERS\serial.sys
0x8A415000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8BC28000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x889A6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C81E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CBC0000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B971000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x889B8000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x8A439000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x88958000 \SystemRoot\System32\Drivers\RootMdm.sys
0x88594000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x8BC11000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B97C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CB9D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x87A71000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C80B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x888BC000 \SystemRoot\system32\DRIVERS\taphss.sys
0x888C3000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8CAAD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B992000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88994000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A5F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A453000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CA79000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88504000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CA14000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x8CFD3000 \SystemRoot\system32\DRIVERS\portcls.sys
0x8CFAE000 \SystemRoot\system32\DRIVERS\drmk.sys
0x8B923000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x88884000 \SystemRoot\System32\Drivers\Null.SYS
0x8888B000 \SystemRoot\System32\Drivers\Beep.SYS
0x88892000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8BC05000 \SystemRoot\System32\drivers\vga.sys
0x8CF8D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x88918000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x88928000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B99D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CA06000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B93E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CE99000 \SystemRoot\System32\drivers\tcpip.sys
0x8CE80000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CE6B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CE54000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8897C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C801000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8A460000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8CE02000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x889D0000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x8B908000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x88544000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x888D8000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x888E0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x888E8000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8D152000 \SystemRoot\system32\DRIVERS\xusb21.sys
0x8D13E000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D0F7000 \SystemRoot\system32\drivers\afd.sys
0x8D0C5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D0AF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D0A1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D08E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x889FA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8D080000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8D005000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D16A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D5E9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D5C7000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8A487000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B9A8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x88940000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x94A00000 \SystemRoot\System32\win32k.sys
0x8D17E000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CADA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97800000 \SystemRoot\System32\TSDDD.dll
0x97810000 \SystemRoot\System32\cdd.dll
0x97C9E000 \SystemRoot\system32\drivers\luafv.sys
0x97C89000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x99802000 \SystemRoot\system32\drivers\spsys.sys
0x884C4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9BD42000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C2E7000 \SystemRoot\system32\drivers\HTTP.sys
0x8B947000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9C226000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C20D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C9E0000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C9C2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C989000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C3AE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C965000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C8D4000 \SystemRoot\System32\DRIVERS\srv.sys
0x88899000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9FEA2000 \SystemRoot\system32\drivers\peauth.sys
0x8D1B0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8B9B3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x98DEB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x98DD9000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x77040000 \Windows\System32\ntdll.dll

Processes (total 60):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
520 csrss.exe
568 C:\Windows\System32\wininit.exe
576 csrss.exe
612 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\winlogon.exe
812 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\nvvsvc.exe
924 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\stacsv.exe
1252 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1368 C:\Windows\System32\SLsvc.exe
1436 C:\Windows\System32\nvvsvc.exe
1476 C:\Windows\System32\svchost.exe
1608 C:\Windows\System32\svchost.exe
1792 C:\Windows\System32\spoolsv.exe
1816 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1828 C:\Windows\System32\svchost.exe
560 C:\Windows\System32\dwm.exe
908 C:\Windows\System32\taskeng.exe
712 C:\Windows\explorer.exe
824 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1600 C:\Program Files\Bell\Internet Service Advisor\BISA.exe
1580 C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
2056 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2100 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
2116 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
2148 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2192 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2268 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
2296 C:\Program Files\Hotspot Shield\bin\hsswd.exe
2344 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2380 C:\Program Files\Common Files\Motive\McciCMService.exe
2416 C:\ComboFix\PEV.cfxxe
2460 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2496 C:\Windows\ehome\ehtray.exe
2508 C:\Program Files\Steam\Steam.exe
2568 C:\Windows\System32\svchost.exe
2592 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
2628 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
2888 C:\Windows\ehome\ehmsas.exe
3544 C:\Program Files\Mozilla Firefox\firefox.exe
3700 C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
3716 C:\Windows\System32\svchost.exe
3784 C:\Windows\System32\svchost.exe
3832 C:\Windows\System32\SearchIndexer.exe
4056 WUDFHost.exe
2832 C:\Program Files\Mozilla Firefox\plugin-container.exe
2988 C:\Windows\explorer.exe
3904 C:\Users\Felix\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000

PhysicalDrive0 Model Number: WDCWD5000AAKS-00TMA0, Rev: 12.01C01
PhysicalDrive1 Model Number: WDCWD5000AADS-00M2B0, Rev: 01.00A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: AE8A2D972741A4CF0A40B2C5E6A6A17665C62B80
465 GB \\.\PhysicalDrive1 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: AE8A2D972741A4CF0A40B2C5E6A6A17665C62B80


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

[defy]

COMBOFIX - first got a blue screen of death, then it made me restart (forgot why, but it seemed bad)..worked fine after the restart.

ComboFix 10-08-22.01 - Felix 22/08/2010 18:17:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2044.1374 [GMT -4:00]
Running from: c:\users\Felix\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Felix\AppData\Local\{C32D836F-E8D4-4E30-9686-0EBA82CE46E1}
c:\users\Felix\AppData\Local\{C32D836F-E8D4-4E30-9686-0EBA82CE46E1}\chrome.manifest
c:\users\Felix\AppData\Local\{C32D836F-E8D4-4E30-9686-0EBA82CE46E1}\chrome\content\_cfg.js
c:\users\Felix\AppData\Local\{C32D836F-E8D4-4E30-9686-0EBA82CE46E1}\chrome\content\overlay.xul
c:\users\Felix\AppData\Local\{C32D836F-E8D4-4E30-9686-0EBA82CE46E1}\install.rdf
c:\windows\Media\lsass.cpl
c:\windows\system\mkp.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drwtsn32.dll
c:\windows\system32\Packet.dll
c:\windows\system32\st322000.dll
c:\windows\system32\wpcap.dll

Infected copy of c:\windows\system32\drivers\tdx.sys was found and disinfected
Restored copy from - Kitty had a snack


\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-22 22:29 . 2010-08-22 22:29 -------- d-----w- c:\users\Felix\AppData\Local\temp
2010-08-22 22:29 . 2010-08-22 22:29 -------- d-----w- c:\users\pizzowned\AppData\Local\temp
2010-08-22 22:29 . 2010-08-22 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-22 22:09 . 2010-08-22 22:09 -------- d-----w- C:\32788R22FWJFW
2010-08-22 16:15 . 2010-08-22 16:15 -------- d-----w- c:\users\Felix\AppData\Roaming\Avira
2010-08-21 19:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 19:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 18:56 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-21 18:56 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-21 18:56 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-21 18:56 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\programdata\Avira
2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\program files\Avira
2010-08-13 23:06 . 2010-08-13 23:06 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-13 22:26 . 2010-08-13 23:06 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-13 22:26 . 2010-08-17 17:14 -------- d-----w- c:\program files\StarCraft II
2010-08-07 05:57 . 2010-08-07 05:57 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-08-07 05:54 . 2007-08-28 09:05 55808 ----a-w- c:\windows\system32\drivers\xusb21.sys
2010-08-04 21:21 . 2010-08-04 21:21 78848 ---ha-w- c:\windows\system32\cbywxu.dll.vir
2010-08-04 20:57 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-04 20:57 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-04 20:57 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-04 20:57 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-04 20:57 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\program files\Trojan Remover
2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\users\Felix\AppData\Roaming\Simply Super Software
2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\programdata\Simply Super Software
2010-08-03 19:03 . 2010-08-03 19:03 -------- d-----w- C:\$AVG
2010-08-03 18:47 . 2010-08-04 20:48 -------- d-----w- c:\programdata\avg9
2010-08-03 18:47 . 2010-08-03 18:47 -------- d-----w- c:\program files\AVG
2010-08-02 23:04 . 2010-08-02 23:04 -------- d-----w- c:\users\Felix\AppData\Roaming\Malwarebytes
2010-08-02 22:57 . 2010-08-21 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 22:57 . 2010-08-02 22:57 -------- d-----w- c:\programdata\Malwarebytes
2010-08-01 19:01 . 2010-01-12 01:00 4332136 ----a-w- c:\windows\system32\NVStWiz.exe
2010-08-01 18:57 . 2010-08-01 18:58 680 ----a-w- c:\users\Felix\AppData\Local\d3d9caps.dat
2010-07-30 22:14 . 2010-07-30 22:14 -------- d-----w- c:\users\Felix\AppData\Roaming\2K Sports
2010-07-30 21:55 . 2010-07-30 21:55 -------- d-----w- c:\program files\2K Sports
2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\programdata\KONAMI
2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\program files\KONAMI
2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\users\Felix\AppData\Roaming\Softplicity
2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\program files\TotalAudioConverter
2010-07-27 22:32 . 2010-07-27 22:32 117552 ----a-w- c:\users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-27 22:32 . 2010-07-27 22:32 -------- d-----w- c:\users\Felix\AppData\Roaming\ManyCam
2010-07-26 19:15 . 2010-07-26 19:15 -------- d-----w- c:\program files\MediaInfo
2010-07-26 19:06 . 2010-07-26 19:06 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-26 19:05 . 2010-07-26 19:05 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-26 19:04 . 2010-07-26 19:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 22:06 . 2010-08-01 19:04 34895 ----a-w- c:\programdata\nvModes.dat
2010-08-22 22:06 . 2010-02-04 04:43 -------- d-----w- c:\program files\Steam
2010-08-22 20:34 . 2010-04-16 23:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-22 19:37 . 2010-01-30 05:53 -------- d-----w- c:\users\Felix\AppData\Roaming\FrostWire
2010-08-21 21:50 . 2010-04-15 17:49 -------- d-----w- c:\users\Felix\AppData\Roaming\foobar2000
2010-08-20 14:36 . 2010-07-17 18:47 -------- d-----w- c:\program files\JDownloader
2010-08-18 16:57 . 2010-02-09 21:15 -------- d-----w- c:\programdata\PMB Files
2010-08-13 22:54 . 2010-06-09 15:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-11 18:17 . 2009-11-30 19:52 -------- d-----w- c:\users\Felix\AppData\Roaming\Azureus
2010-08-10 14:28 . 2010-07-02 19:02 -------- d-----w- c:\program files\Hotspot Shield
2010-08-07 05:55 . 2010-08-07 05:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2010-08-01 19:04 . 2010-02-05 16:24 -------- d-----w- c:\programdata\NVIDIA
2010-08-01 19:01 . 2009-11-29 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-01 19:00 . 2010-02-05 16:22 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-27 22:29 . 2010-04-09 23:30 -------- d-----w- c:\programdata\Bell
2010-07-27 22:27 . 2010-04-18 19:34 -------- d-----w- c:\users\pizzowned\AppData\Roaming\Bell
2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\users\Felix\AppData\Roaming\Bell
2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\program files\Bell
2010-07-26 19:17 . 2010-07-19 19:40 -------- d-----w- c:\program files\AC3Filter
2010-07-26 19:06 . 2010-05-03 18:27 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-26 19:06 . 2010-05-03 18:21 -------- d-----w- c:\programdata\DivX
2010-07-26 19:06 . 2009-11-29 22:54 -------- d-----w- c:\program files\DivX
2010-07-26 19:04 . 2010-05-03 18:23 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-26 19:04 . 2010-05-03 18:23 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-21 12:29 . 2010-07-12 20:56 0 ----a-w- c:\users\Felix\AppData\Local\Wkivogo.bin
2010-07-21 05:53 . 2010-07-21 05:53 82432 ---ha-w- c:\windows\system32\hgfccc.dll
2010-07-20 21:57 . 2010-06-04 15:19 -------- d-----w- c:\users\Felix\AppData\Roaming\HLSW
2010-07-20 11:40 . 2010-07-20 11:40 0 ----a-w- c:\windows\system32\cd.dat
2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\users\Felix\AppData\Roaming\Ubisoft
2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\programdata\Ubisoft
2010-07-19 20:11 . 2010-07-19 19:58 -------- d-----w- c:\program files\Ubisoft
2010-07-19 20:11 . 2009-11-29 17:03 -------- d-----w- c:\program files\InstallShield Installation Information
2010-07-16 21:51 . 2010-04-11 00:57 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-12 18:24 . 2010-07-12 18:24 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-12 18:24 . 2010-07-12 18:24 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-09 20:48 . 2009-11-29 19:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-08 03:03 . 2010-07-08 03:03 -------- d-----w- c:\users\pizzowned\AppData\Roaming\DivX
2010-06-30 16:02 . 2009-12-09 18:19 -------- d-----w- c:\program files\PokerStars
2010-06-28 03:15 . 2010-04-17 15:01 256 ----a-w- c:\windows\system32\pool.bin
2010-06-16 20:33 . 2010-06-16 20:33 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 17:37 . 2009-11-29 16:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-28 19:16 . 2010-05-28 19:16 290816 ----a-w- c:\users\Felix\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-05-28 19:16 . 2010-05-28 19:16 290816 ----a-w- c:\users\Felix\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-05-28 19:16 . 2010-05-28 19:16 290816 ----a-w- c:\users\Felix\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-05-28 19:16 . 2010-05-28 19:16 290816 ----a-w- c:\users\Felix\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
.
.

 

[defy]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2010-01-24 08:21 2166296 ----a-w- c:\program files\Peer2Peer-EN\tbPee1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-11-30 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Steam"="c:\program files\steam\steam.exe" [2010-05-07 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2010-01-13 4281584]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-12-04 737280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-02-17 23:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
2010-01-19 15:17 1565696 ----a-w- c:\program files\BellCanada\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-29 22:45 135664 ----atw- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2010-04-21 08:26 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-02-09 21:14 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 01:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-11-30 08:21 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2006-11-02 09:45 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-07 19:38 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-29 22:56 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-03-12 17:53 483422 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-11-29 20:10 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1746604758-1044917362-344122428-1000]
"EnableNotificationsRef"=dword:00000001

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-08 3290184]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-08 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-13 689392]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]

.
Contents of the 'Scheduled Tasks' folder

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000Core.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000UA.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

2010-08-22 c:\windows\Tasks\Norton Security Scan for Felix.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-12 05:27]

2010-08-22 c:\windows\Tasks\User_Feed_Synchronization-{1AAA177D-1F84-4B11-9163-6DDC448CB382}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

2010-08-07 c:\windows\Tasks\XboxStatTask.job
- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe [2009-12-04 00:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Felix\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-dddbyysys - cbbccy.dll
MSConfigStartUp-hgfefeaudio - cbywxu.dll
MSConfigStartUp-iifghhsys - cbbccy.dll
MSConfigStartUp-ljkhihaudio - cbywxu.dll
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-Mjati - c:\users\Felix\AppData\Local\uvoqepij.dll
MSConfigStartUp-mlmnnksys - pmlkij.dll
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-Serviço de Rede - c:\windows\system\Downloads_GYN.CPL
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Felix\AppData\Roaming\Macromedia\Flash Player\



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-22 18:29
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-22 18:32:57
ComboFix-quarantined-files.txt 2010-08-22 22:32

Pre-Run: 240,392,253,440 bytes free
Post-Run: 240,315,092,992 bytes free

- - End Of File - - 3E7F3D673CA19AC1D96A4837BFC2DC2B

 

[Broni]

You had a nasty Whistler bootkit there.

Re-run MBRCheck and post fresh log.

 

[defy]

sorry dude..was gone for the week. Here's the new log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Intel Corporation
BIOS Manufacturer: Intel Corp.
System Manufacturer:
System Product Name:
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 154):
0x82000000 \SystemRoot\system32\ntkrnlpa.exe
0x823A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x8044A000 \SystemRoot\system32\drivers\volmgr.sys
0x80425000 \SystemRoot\system32\drivers\pci.sys
0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
0x8040E000 \SystemRoot\system32\drivers\intelide.sys
0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
0x807AE000 \SystemRoot\system32\drivers\atapi.sys
0x80790000 \SystemRoot\system32\drivers\ataport.SYS
0x8075F000 \SystemRoot\system32\drivers\fltmgr.sys
0x8074F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8064B000 \SystemRoot\system32\drivers\ndis.sys
0x80620000 \SystemRoot\system32\drivers\msrpc.sys
0x81FC7000 \SystemRoot\system32\drivers\NETIO.SYS
0x81EBF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x81E55000 \SystemRoot\System32\Drivers\ksecdd.sys
0x81E1F000 \SystemRoot\system32\drivers\volsnap.sys
0x80618000 \SystemRoot\System32\Drivers\spldr.sys
0x80609000 \SystemRoot\System32\drivers\partmgr.sys
0x81E10000 \SystemRoot\System32\Drivers\mup.sys
0x87BDB000 \SystemRoot\System32\drivers\ecache.sys
0x87BCA000 \SystemRoot\system32\drivers\disk.sys
0x87BA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80600000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A127000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8880B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BEF4000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x88419000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8B613000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A076000 \SystemRoot\System32\drivers\watchdog.sys
0x8A064000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B75B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A027000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A019000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BEAC000 \SystemRoot\system32\DRIVERS\VSTBS23.SYS
0x8BE82000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CAFC000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x8CA49000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x8A00C000 \SystemRoot\system32\drivers\modem.sys
0x8BE5A000 \SystemRoot\system32\DRIVERS\e100b325.sys
0x8BE42000 \SystemRoot\system32\DRIVERS\parport.sys
0x8B600000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A168000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0x8B766000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BE28000 \SystemRoot\system32\DRIVERS\serial.sys
0x8B6B0000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8BE10000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x888AC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8CA1E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CDC0000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B771000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x888BE000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x8A173000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x888F5000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8CA07000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B77C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CD9D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x87A71000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CD8A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8886B000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8BE01000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B787000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88401000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B6BA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CD7D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CD49000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88524000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CCA4000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x8CC77000 \SystemRoot\system32\DRIVERS\portcls.sys
0x8CC52000 \SystemRoot\system32\DRIVERS\drmk.sys
0x8A115000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8883A000 \SystemRoot\System32\Drivers\Null.SYS
0x88841000 \SystemRoot\System32\Drivers\Beep.SYS
0x88848000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8A000000 \SystemRoot\System32\drivers\vga.sys
0x8CC31000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8891D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x88925000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B792000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CFF2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x87A80000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CF1E000 \SystemRoot\System32\drivers\tcpip.sys
0x8CF05000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CEF0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CEDC000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CE95000 \SystemRoot\system32\drivers\afd.sys
0x8CE63000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CE4D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CE3F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CE2C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x88423000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8CE1E000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8D385000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B6C4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CE07000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D323000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8D5DC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x88405000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B6D8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8D5F3000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8D4FA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D50C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B79D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8890D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x94200000 \SystemRoot\System32\win32k.sys
0x8B6F6000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D2F8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97E00000 \SystemRoot\System32\TSDDD.dll
0x97E10000 \SystemRoot\System32\cdd.dll
0x98B14000 \SystemRoot\system32\drivers\luafv.sys
0x98AFF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9AB32000 \SystemRoot\system32\drivers\spsys.sys
0x884C4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9AADF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B357000 \SystemRoot\system32\drivers\HTTP.sys
0x9B2FC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B2E3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B2C3000 \SystemRoot\system32\drivers\mrxdav.sys
0x9B2A5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B26C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B25A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B236000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9BD6F000 \SystemRoot\System32\DRIVERS\srv.sys
0x8A0C4000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x88864000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA08F2000 \SystemRoot\system32\drivers\peauth.sys
0x8B732000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8B7A8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2886000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA2874000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA5AEA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9BC20000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x8B7B3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8885D000 \SystemRoot\system32\DRIVERS\taphss.sys
0x97E20000 \SystemRoot\System32\ATMFD.DLL
0xA845A000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0xB3664000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB2060000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x88935000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x97630000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA59F0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x77540000 \Windows\System32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
520 C:\Windows\System32\smss.exe
588 csrss.exe
636 csrss.exe
644 C:\Windows\System32\wininit.exe
680 C:\Windows\System32\services.exe
692 C:\Windows\System32\lsass.exe
700 C:\Windows\System32\lsm.exe
744 C:\Windows\System32\winlogon.exe
916 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\nvvsvc.exe
1004 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\stacsv.exe
1328 C:\Windows\System32\audiodg.exe
1392 C:\Windows\System32\SLsvc.exe
1432 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\nvvsvc.exe
1632 C:\Windows\System32\svchost.exe
1828 C:\Windows\System32\spoolsv.exe
1852 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1864 C:\Windows\System32\svchost.exe
576 C:\Windows\System32\dwm.exe
836 C:\Windows\System32\taskeng.exe
1068 C:\Windows\explorer.exe
1292 C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
1764 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
904 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2096 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2112 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2176 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2184 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2204 C:\Program Files\Common Files\Motive\McciCMService.exe
2360 C:\Windows\System32\svchost.exe
2624 C:\Windows\ehome\ehtray.exe
2920 C:\Windows\ehome\ehmsas.exe
3364 C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
3380 C:\Windows\System32\svchost.exe
3416 C:\Windows\System32\svchost.exe
3436 C:\Windows\System32\SearchIndexer.exe
3640 WUDFHost.exe
372 C:\Windows\System32\conime.exe
2608 C:\Windows\System32\taskeng.exe
3424 C:\Program Files\Windows Media Player\wmpnscfg.exe
2384 C:\Program Files\Windows Media Player\wmpnetwk.exe
672 C:\Program Files\Hotspot Shield\bin\hsswd.exe
2064 C:\Windows\System32\conime.exe
1376 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
2212 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
4500 C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe
5784 C:\Program Files\Pando Networks\Media Booster\PMB.exe
6096 C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe
6116 C:\Program Files\Hotspot Shield\bin\openvpntray.exe
4928 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
4968 C:\Program Files\Windows Live\Contacts\wlcomm.exe
5724 C:\Program Files\Ventrilo\Ventrilo.exe
2816 C:\Program Files\Steam\Steam.exe
2488 taskeng.exe
5888 C:\Program Files\Mozilla Firefox\firefox.exe
5536 C:\Program Files\Mozilla Firefox\plugin-container.exe
4808 C:\Users\Felix\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000

PhysicalDrive0 Model Number: WDCWD5000AAKS-00TMA0, Rev: 12.01C01
PhysicalDrive1 Model Number: WDCWD5000AADS-00M2B0, Rev: 01.00A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
465 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[Broni]

MBRCheck log looks good


1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\cbywxu.dll.vir


Folder::
C:\$AVG
c:\programdata\avg9
c:\program files\AVG
c:\program files\Common Files\Symantec Shared

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[defy]

awesome..it didn't ask me to restart, here's the log:

ComboFix 10-08-27.03 - Felix 28/08/2010 16:18:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2044.1393 [GMT -4:00]
Running from: c:\users\Felix\Desktop\ComboFix.exe
Command switches used :: c:\users\Felix\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\cbywxu.dll.vir"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$AVG
c:\$avg\$VAULT\V_00000001.fil
c:\$avg\$VAULT\vvfolder.idx
c:\program files\AVG
c:\program files\Common Files\Symantec Shared
c:\programdata\avg9
c:\programdata\avg9\Chjw\6860f41b60f3ee26\avgcchff.dat
c:\programdata\avg9\Chjw\6860f41b60f3ee26\avgcchmf.dat
c:\programdata\avg9\Chjw\cm-3-p.dat
c:\programdata\avg9\Chjw\cm-4-p.dat
c:\programdata\avg9\Log\avgchjw.log
c:\programdata\avg9\Log\avgchjwsrv.log
c:\windows\system32\cbywxu.dll.vir
c:\windows\system32\hgfccc.dll

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))
.

2010-08-28 20:28 . 2010-08-28 20:28 -------- d-----w- c:\users\Felix\AppData\Local\temp
2010-08-28 20:28 . 2010-08-28 20:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-28 20:28 . 2010-08-28 20:28 -------- d-----w- c:\users\pizzowned\AppData\Local\temp
2010-08-28 20:28 . 2010-08-28 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-28 20:16 . 2010-08-28 20:17 -------- d-----w- C:\32788R22FWJFW
2010-08-25 21:14 . 2010-08-25 21:14 -------- d-----w- c:\users\Felix\AppData\Roaming\LolClient
2010-08-25 20:56 . 2010-08-25 20:56 -------- d-----w- C:\Riot Games
2010-08-24 15:46 . 2010-08-24 15:48 -------- d-----w- c:\program files\Hotspot Shield
2010-08-22 16:15 . 2010-08-22 16:15 -------- d-----w- c:\users\Felix\AppData\Roaming\Avira
2010-08-21 19:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 19:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 18:56 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-21 18:56 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-21 18:56 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-21 18:56 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\programdata\Avira
2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\program files\Avira
2010-08-13 23:06 . 2010-08-13 23:06 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-13 22:26 . 2010-08-13 23:06 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-13 22:26 . 2010-08-17 17:14 -------- d-----w- c:\program files\StarCraft II
2010-08-07 05:57 . 2010-08-07 05:57 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-08-07 05:54 . 2007-08-28 09:05 55808 ----a-w- c:\windows\system32\drivers\xusb21.sys
2010-08-04 20:57 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-04 20:57 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-04 20:57 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-04 20:57 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-04 20:57 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\program files\Trojan Remover
2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\users\Felix\AppData\Roaming\Simply Super Software
2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\programdata\Simply Super Software
2010-08-02 23:04 . 2010-08-02 23:04 -------- d-----w- c:\users\Felix\AppData\Roaming\Malwarebytes
2010-08-02 22:57 . 2010-08-21 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 22:57 . 2010-08-02 22:57 -------- d-----w- c:\programdata\Malwarebytes
2010-08-01 19:01 . 2010-01-12 01:00 4332136 ----a-w- c:\windows\system32\NVStWiz.exe
2010-08-01 18:57 . 2010-08-01 18:58 680 ----a-w- c:\users\Felix\AppData\Local\d3d9caps.dat
2010-07-30 22:14 . 2010-07-30 22:14 -------- d-----w- c:\users\Felix\AppData\Roaming\2K Sports
2010-07-30 21:55 . 2010-07-30 21:55 -------- d-----w- c:\program files\2K Sports
2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\programdata\KONAMI
2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\program files\KONAMI
2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\users\Felix\AppData\Roaming\Softplicity
2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\program files\TotalAudioConverter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 20:11 . 2010-08-01 19:04 34895 ----a-w- c:\programdata\nvModes.dat
2010-08-28 01:14 . 2010-02-04 04:43 -------- d-----w- c:\program files\Steam
2010-08-26 15:37 . 2010-08-28 15:44 1364346 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescript.dll
2010-08-26 15:37 . 2010-08-28 15:44 2867574 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeheur.dll
2010-08-26 15:36 . 2010-08-28 15:44 242038 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aehelp.dll
2010-08-26 15:36 . 2010-08-28 15:44 397684 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aegen.dll
2010-08-25 20:56 . 2009-11-29 17:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-25 20:17 . 2010-02-09 21:15 -------- d-----w- c:\programdata\PMB Files
2010-08-22 19:37 . 2010-01-30 05:53 -------- d-----w- c:\users\Felix\AppData\Roaming\FrostWire
2010-08-21 21:50 . 2010-04-15 17:49 -------- d-----w- c:\users\Felix\AppData\Roaming\foobar2000
2010-08-21 18:59 . 2010-08-28 15:44 254324 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aesbx.dll
2010-08-21 18:59 . 2010-08-28 15:44 106868 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aevdf.dll
2010-08-21 18:59 . 2010-08-28 15:44 614772 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aerdl.dll
2010-08-21 18:59 . 2010-08-28 15:44 127347 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescn.dll
2010-08-21 18:59 . 2010-08-28 15:44 471412 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aepack.dll
2010-08-21 18:59 . 2010-08-28 15:44 201081 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeoffice.dll
2010-08-21 18:59 . 2010-08-28 15:44 393588 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeemu.dll
2010-08-21 18:59 . 2010-08-28 15:44 53618 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aebb.dll
2010-08-21 18:59 . 2010-08-28 15:44 192887 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aecore.dll
2010-08-20 14:36 . 2010-07-17 18:47 -------- d-----w- c:\program files\JDownloader
2010-08-13 22:54 . 2010-06-09 15:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-11 18:17 . 2009-11-30 19:52 -------- d-----w- c:\users\Felix\AppData\Roaming\Azureus
2010-08-07 05:55 . 2010-08-07 05:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2010-08-01 19:04 . 2010-02-05 16:24 -------- d-----w- c:\programdata\NVIDIA
2010-08-01 19:01 . 2009-11-29 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-01 19:00 . 2010-02-05 16:22 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-27 22:32 . 2010-07-27 22:32 117552 ----a-w- c:\users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-27 22:32 . 2010-07-27 22:32 -------- d-----w- c:\users\Felix\AppData\Roaming\ManyCam
2010-07-27 22:29 . 2010-04-09 23:30 -------- d-----w- c:\programdata\Bell
2010-07-27 22:27 . 2010-04-18 19:34 -------- d-----w- c:\users\pizzowned\AppData\Roaming\Bell
2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\users\Felix\AppData\Roaming\Bell
2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\program files\Bell
2010-07-26 19:17 . 2010-07-19 19:40 -------- d-----w- c:\program files\AC3Filter
2010-07-26 19:15 . 2010-07-26 19:15 -------- d-----w- c:\program files\MediaInfo
2010-07-26 19:06 . 2010-05-03 18:27 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-26 19:06 . 2010-05-03 18:21 -------- d-----w- c:\programdata\DivX
2010-07-26 19:06 . 2010-07-26 19:06 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-26 19:06 . 2009-11-29 22:54 -------- d-----w- c:\program files\DivX
2010-07-26 19:06 . 2010-07-26 19:06 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-26 19:05 . 2010-07-26 19:05 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-26 19:04 . 2010-07-26 19:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-26 19:04 . 2010-05-03 18:23 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-26 19:04 . 2010-05-03 18:23 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-21 12:29 . 2010-07-12 20:56 0 ----a-w- c:\users\Felix\AppData\Local\Wkivogo.bin
2010-07-20 21:57 . 2010-06-04 15:19 -------- d-----w- c:\users\Felix\AppData\Roaming\HLSW
2010-07-20 11:40 . 2010-07-20 11:40 0 ----a-w- c:\windows\system32\cd.dat
2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\users\Felix\AppData\Roaming\Ubisoft
2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\programdata\Ubisoft
2010-07-19 20:11 . 2010-07-19 19:58 -------- d-----w- c:\program files\Ubisoft
2010-07-16 21:51 . 2010-04-11 00:57 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-12 18:24 . 2010-07-12 18:24 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-12 18:24 . 2010-07-12 18:24 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-09 20:48 . 2009-11-29 19:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-08 03:03 . 2010-07-08 03:03 -------- d-----w- c:\users\pizzowned\AppData\Roaming\DivX
2010-06-30 16:02 . 2009-12-09 18:19 -------- d-----w- c:\program files\PokerStars
2010-06-28 03:15 . 2010-04-17 15:01 256 ----a-w- c:\windows\system32\pool.bin
2010-06-23 02:48 . 2010-06-23 02:48 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 17:37 . 2009-11-29 16:28 221568 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2010-01-24 08:21 2166296 ----a-w- c:\program files\Peer2Peer-EN\tbPee1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-11-30 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2010-01-13 4281584]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-12-04 737280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-02-17 23:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
2010-01-19 15:17 1565696 ----a-w- c:\program files\BellCanada\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-29 22:45 135664 ----atw- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2010-04-21 08:26 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-02-09 21:14 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 01:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-11-30 08:21 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2006-11-02 09:45 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-08-24 15:45 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-29 22:56 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

 

[defy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-03-12 17:53 483422 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-11-29 20:10 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1746604758-1044917362-344122428-1000]
"EnableNotificationsRef"=dword:00000001

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-08 3290184]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-08 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-13 689392]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]

.
Contents of the 'Scheduled Tasks' folder

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000Core.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000UA.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

2010-08-27 c:\windows\Tasks\Norton Security Scan for Felix.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-12 05:27]

2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{1AAA177D-1F84-4B11-9163-6DDC448CB382}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Felix\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 16:28
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-28 16:33:52
ComboFix-quarantined-files.txt 2010-08-28 20:33
ComboFix2.txt 2010-08-22 22:32

Pre-Run: 187,593,797,632 bytes free
Post-Run: 187,684,098,048 bytes free

- - End Of File - - 19803184E63FA948AC1B9A11CE037CA8

 

[Broni]

Delete your Combofix file, download fresh one, run it and post new log.

 

[defy]

with the CFScript or without?

 

[Broni]

Without, straight scan.

 

[defy]

ComboFix 10-08-27.03 - Felix 28/08/2010 19:28:46.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2044.1054 [GMT -4:00]
Running from: c:\users\Felix\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))
.

2010-08-28 23:38 . 2010-08-28 23:38 -------- d-----w- c:\users\Felix\AppData\Local\temp
2010-08-28 23:38 . 2010-08-28 23:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-28 23:38 . 2010-08-28 23:38 -------- d-----w- c:\users\pizzowned\AppData\Local\temp
2010-08-28 23:38 . 2010-08-28 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-28 23:27 . 2010-08-28 23:27 -------- d-----w- C:\32788R22FWJFW
2010-08-25 21:14 . 2010-08-25 21:14 -------- d-----w- c:\users\Felix\AppData\Roaming\LolClient
2010-08-25 20:56 . 2010-08-25 20:56 -------- d-----w- C:\Riot Games
2010-08-24 15:46 . 2010-08-24 15:48 -------- d-----w- c:\program files\Hotspot Shield
2010-08-22 16:15 . 2010-08-22 16:15 -------- d-----w- c:\users\Felix\AppData\Roaming\Avira
2010-08-21 19:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 19:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 18:56 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-21 18:56 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-21 18:56 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-21 18:56 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\programdata\Avira
2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\program files\Avira
2010-08-13 23:06 . 2010-08-13 23:06 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-13 22:26 . 2010-08-13 23:06 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-13 22:26 . 2010-08-17 17:14 -------- d-----w- c:\program files\StarCraft II
2010-08-07 05:57 . 2010-08-07 05:57 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-08-07 05:54 . 2007-08-28 09:05 55808 ----a-w- c:\windows\system32\drivers\xusb21.sys
2010-08-04 20:57 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-04 20:57 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-04 20:57 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-04 20:57 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-04 20:57 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\program files\Trojan Remover
2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\users\Felix\AppData\Roaming\Simply Super Software
2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\programdata\Simply Super Software
2010-08-02 23:04 . 2010-08-02 23:04 -------- d-----w- c:\users\Felix\AppData\Roaming\Malwarebytes
2010-08-02 22:57 . 2010-08-21 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 22:57 . 2010-08-02 22:57 -------- d-----w- c:\programdata\Malwarebytes
2010-08-01 19:01 . 2010-01-12 01:00 4332136 ----a-w- c:\windows\system32\NVStWiz.exe
2010-08-01 18:57 . 2010-08-01 18:58 680 ----a-w- c:\users\Felix\AppData\Local\d3d9caps.dat
2010-07-30 22:14 . 2010-07-30 22:14 -------- d-----w- c:\users\Felix\AppData\Roaming\2K Sports
2010-07-30 21:55 . 2010-07-30 21:55 -------- d-----w- c:\program files\2K Sports
2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\programdata\KONAMI
2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\program files\KONAMI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 23:13 . 2010-04-15 17:49 -------- d-----w- c:\users\Felix\AppData\Roaming\foobar2000
2010-08-28 20:11 . 2010-08-01 19:04 34895 ----a-w- c:\programdata\nvModes.dat
2010-08-28 01:14 . 2010-02-04 04:43 -------- d-----w- c:\program files\Steam
2010-08-26 15:37 . 2010-08-28 15:44 1364346 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescript.dll
2010-08-26 15:37 . 2010-08-28 15:44 2867574 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeheur.dll
2010-08-26 15:36 . 2010-08-28 15:44 242038 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aehelp.dll
2010-08-26 15:36 . 2010-08-28 15:44 397684 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aegen.dll
2010-08-25 20:56 . 2009-11-29 17:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-25 20:17 . 2010-02-09 21:15 -------- d-----w- c:\programdata\PMB Files
2010-08-22 19:37 . 2010-01-30 05:53 -------- d-----w- c:\users\Felix\AppData\Roaming\FrostWire
2010-08-21 18:59 . 2010-08-28 15:44 254324 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aesbx.dll
2010-08-21 18:59 . 2010-08-28 15:44 106868 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aevdf.dll
2010-08-21 18:59 . 2010-08-28 15:44 614772 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aerdl.dll
2010-08-21 18:59 . 2010-08-28 15:44 127347 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescn.dll
2010-08-21 18:59 . 2010-08-28 15:44 471412 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aepack.dll
2010-08-21 18:59 . 2010-08-28 15:44 201081 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeoffice.dll
2010-08-21 18:59 . 2010-08-28 15:44 393588 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeemu.dll
2010-08-21 18:59 . 2010-08-28 15:44 53618 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aebb.dll
2010-08-21 18:59 . 2010-08-28 15:44 192887 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aecore.dll
2010-08-20 14:36 . 2010-07-17 18:47 -------- d-----w- c:\program files\JDownloader
2010-08-13 22:54 . 2010-06-09 15:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-11 18:17 . 2009-11-30 19:52 -------- d-----w- c:\users\Felix\AppData\Roaming\Azureus
2010-08-07 05:55 . 2010-08-07 05:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2010-08-01 19:04 . 2010-02-05 16:24 -------- d-----w- c:\programdata\NVIDIA
2010-08-01 19:01 . 2009-11-29 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-01 19:00 . 2010-02-05 16:22 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\users\Felix\AppData\Roaming\Softplicity
2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\program files\TotalAudioConverter
2010-07-27 22:32 . 2010-07-27 22:32 117552 ----a-w- c:\users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-27 22:32 . 2010-07-27 22:32 -------- d-----w- c:\users\Felix\AppData\Roaming\ManyCam
2010-07-27 22:29 . 2010-04-09 23:30 -------- d-----w- c:\programdata\Bell
2010-07-27 22:27 . 2010-04-18 19:34 -------- d-----w- c:\users\pizzowned\AppData\Roaming\Bell
2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\users\Felix\AppData\Roaming\Bell
2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\program files\Bell
2010-07-26 19:17 . 2010-07-19 19:40 -------- d-----w- c:\program files\AC3Filter
2010-07-26 19:15 . 2010-07-26 19:15 -------- d-----w- c:\program files\MediaInfo
2010-07-26 19:06 . 2010-05-03 18:27 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-26 19:06 . 2010-05-03 18:21 -------- d-----w- c:\programdata\DivX
2010-07-26 19:06 . 2010-07-26 19:06 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-26 19:06 . 2009-11-29 22:54 -------- d-----w- c:\program files\DivX
2010-07-26 19:06 . 2010-07-26 19:06 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-26 19:05 . 2010-07-26 19:05 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-26 19:04 . 2010-07-26 19:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-26 19:04 . 2010-05-03 18:23 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-26 19:04 . 2010-05-03 18:23 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-21 12:29 . 2010-07-12 20:56 0 ----a-w- c:\users\Felix\AppData\Local\Wkivogo.bin
2010-07-20 21:57 . 2010-06-04 15:19 -------- d-----w- c:\users\Felix\AppData\Roaming\HLSW
2010-07-20 11:40 . 2010-07-20 11:40 0 ----a-w- c:\windows\system32\cd.dat
2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\users\Felix\AppData\Roaming\Ubisoft
2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\programdata\Ubisoft
2010-07-19 20:11 . 2010-07-19 19:58 -------- d-----w- c:\program files\Ubisoft
2010-07-16 21:51 . 2010-04-11 00:57 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-12 18:24 . 2010-07-12 18:24 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-12 18:24 . 2010-07-12 18:24 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-09 20:48 . 2009-11-29 19:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-08 03:03 . 2010-07-08 03:03 -------- d-----w- c:\users\pizzowned\AppData\Roaming\DivX
2010-06-30 16:02 . 2009-12-09 18:19 -------- d-----w- c:\program files\PokerStars
2010-06-28 03:15 . 2010-04-17 15:01 256 ----a-w- c:\windows\system32\pool.bin
2010-06-23 02:48 . 2010-06-23 02:48 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 17:37 . 2009-11-29 16:28 221568 ------w- c:\windows\system32\MpSigStub.exe
.

 

[defy]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2010-01-24 08:21 2166296 ----a-w- c:\program files\Peer2Peer-EN\tbPee1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-11-30 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2010-01-13 4281584]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-12-04 737280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-02-17 23:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
2010-01-19 15:17 1565696 ----a-w- c:\program files\BellCanada\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-29 22:45 135664 ----atw- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2010-04-21 08:26 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-02-09 21:14 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 01:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-11-30 08:21 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2006-11-02 09:45 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-08-24 15:45 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-29 22:56 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-03-12 17:53 483422 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-11-29 20:10 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1746604758-1044917362-344122428-1000]
"EnableNotificationsRef"=dword:00000001

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-08 3290184]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-08 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-13 689392]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]

.
Contents of the 'Scheduled Tasks' folder

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000Core.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000UA.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

2010-08-27 c:\windows\Tasks\Norton Security Scan for Felix.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-12 05:27]

2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{1AAA177D-1F84-4B11-9163-6DDC448CB382}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Felix\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 19:38
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-28 19:45:20
ComboFix-quarantined-files.txt 2010-08-28 23:45
ComboFix2.txt 2010-08-28 20:33
ComboFix3.txt 2010-08-22 22:32

Pre-Run: 187,632,181,248 bytes free
Post-Run: 187,598,221,312 bytes free

- - End Of File - - 4C7235D46EEBCC3277DE586CC3A7D438

 

[Broni]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\users\Felix\AppData\Local\Wkivogo.bin
c:\windows\system32\cd.dat

DirLook::
c:\users\Felix\AppData\Roaming\HLSW

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[defy]

ComboFix 10-08-27.03 - Felix 28/08/2010 20:22:19.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2044.979 [GMT -4:00]
Running from: c:\users\Felix\Desktop\ComboFix.exe
Command switches used :: c:\users\Felix\Desktop\cfscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Felix\AppData\Local\Wkivogo.bin"
"c:\windows\system32\cd.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Felix\AppData\Local\Wkivogo.bin
c:\windows\system32\cd.dat

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
\\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-29 00:30 . 2010-08-29 00:30 -------- d-----w- c:\users\Felix\AppData\Local\temp
2010-08-29 00:30 . 2010-08-29 00:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-29 00:30 . 2010-08-29 00:30 -------- d-----w- c:\users\pizzowned\AppData\Local\temp
2010-08-29 00:30 . 2010-08-29 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-29 00:20 . 2010-08-29 00:21 -------- d-----w- C:\32788R22FWJFW
2010-08-25 21:14 . 2010-08-25 21:14 -------- d-----w- c:\users\Felix\AppData\Roaming\LolClient
2010-08-25 20:56 . 2010-08-25 20:56 -------- d-----w- C:\Riot Games
2010-08-24 15:46 . 2010-08-24 15:48 -------- d-----w- c:\program files\Hotspot Shield
2010-08-22 16:15 . 2010-08-22 16:15 -------- d-----w- c:\users\Felix\AppData\Roaming\Avira
2010-08-21 19:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 19:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 18:56 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-21 18:56 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-21 18:56 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-21 18:56 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\programdata\Avira
2010-08-21 18:56 . 2010-08-21 18:56 -------- d-----w- c:\program files\Avira
2010-08-13 23:06 . 2010-08-13 23:06 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-13 22:26 . 2010-08-13 23:06 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-13 22:26 . 2010-08-17 17:14 -------- d-----w- c:\program files\StarCraft II
2010-08-07 05:57 . 2010-08-07 05:57 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-08-07 05:54 . 2007-08-28 09:05 55808 ----a-w- c:\windows\system32\drivers\xusb21.sys
2010-08-04 20:57 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-04 20:57 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-04 20:57 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-04 20:57 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-04 20:57 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\program files\Trojan Remover
2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\users\Felix\AppData\Roaming\Simply Super Software
2010-08-04 20:57 . 2010-08-04 20:57 -------- d-----w- c:\programdata\Simply Super Software
2010-08-02 23:04 . 2010-08-02 23:04 -------- d-----w- c:\users\Felix\AppData\Roaming\Malwarebytes
2010-08-02 22:57 . 2010-08-21 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 22:57 . 2010-08-02 22:57 -------- d-----w- c:\programdata\Malwarebytes
2010-08-01 19:01 . 2010-01-12 01:00 4332136 ----a-w- c:\windows\system32\NVStWiz.exe
2010-08-01 18:57 . 2010-08-01 18:58 680 ----a-w- c:\users\Felix\AppData\Local\d3d9caps.dat
2010-07-30 22:14 . 2010-07-30 22:14 -------- d-----w- c:\users\Felix\AppData\Roaming\2K Sports
2010-07-30 21:55 . 2010-07-30 21:55 -------- d-----w- c:\program files\2K Sports
2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\programdata\KONAMI
2010-07-30 18:20 . 2010-07-30 18:20 -------- d-----w- c:\program files\KONAMI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 23:48 . 2010-04-15 17:49 -------- d-----w- c:\users\Felix\AppData\Roaming\foobar2000
2010-08-28 20:11 . 2010-08-01 19:04 34895 ----a-w- c:\programdata\nvModes.dat
2010-08-28 01:14 . 2010-02-04 04:43 -------- d-----w- c:\program files\Steam
2010-08-26 15:37 . 2010-08-28 15:44 1364346 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescript.dll
2010-08-26 15:37 . 2010-08-28 15:44 2867574 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeheur.dll
2010-08-26 15:36 . 2010-08-28 15:44 242038 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aehelp.dll
2010-08-26 15:36 . 2010-08-28 15:44 397684 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aegen.dll
2010-08-25 20:56 . 2009-11-29 17:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-25 20:17 . 2010-02-09 21:15 -------- d-----w- c:\programdata\PMB Files
2010-08-22 19:37 . 2010-01-30 05:53 -------- d-----w- c:\users\Felix\AppData\Roaming\FrostWire
2010-08-21 18:59 . 2010-08-28 15:44 254324 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aesbx.dll
2010-08-21 18:59 . 2010-08-28 15:44 106868 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aevdf.dll
2010-08-21 18:59 . 2010-08-28 15:44 614772 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aerdl.dll
2010-08-21 18:59 . 2010-08-28 15:44 127347 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescn.dll
2010-08-21 18:59 . 2010-08-28 15:44 471412 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aepack.dll
2010-08-21 18:59 . 2010-08-28 15:44 201081 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeoffice.dll
2010-08-21 18:59 . 2010-08-28 15:44 393588 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeemu.dll
2010-08-21 18:59 . 2010-08-28 15:44 53618 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aebb.dll
2010-08-21 18:59 . 2010-08-28 15:44 192887 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aecore.dll
2010-08-20 14:36 . 2010-07-17 18:47 -------- d-----w- c:\program files\JDownloader
2010-08-13 22:54 . 2010-06-09 15:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-11 18:17 . 2009-11-30 19:52 -------- d-----w- c:\users\Felix\AppData\Roaming\Azureus
2010-08-07 05:55 . 2010-08-07 05:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2010-08-01 19:04 . 2010-02-05 16:24 -------- d-----w- c:\programdata\NVIDIA
2010-08-01 19:01 . 2009-11-29 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-01 19:00 . 2010-02-05 16:22 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\users\Felix\AppData\Roaming\Softplicity
2010-07-29 21:37 . 2010-07-29 21:37 -------- d-----w- c:\program files\TotalAudioConverter
2010-07-27 22:32 . 2010-07-27 22:32 117552 ----a-w- c:\users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-27 22:32 . 2010-07-27 22:32 -------- d-----w- c:\users\Felix\AppData\Roaming\ManyCam
2010-07-27 22:29 . 2010-04-09 23:30 -------- d-----w- c:\programdata\Bell
2010-07-27 22:27 . 2010-04-18 19:34 -------- d-----w- c:\users\pizzowned\AppData\Roaming\Bell
2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\users\Felix\AppData\Roaming\Bell
2010-07-27 22:27 . 2010-04-09 23:30 -------- d-----w- c:\program files\Bell
2010-07-26 19:17 . 2010-07-19 19:40 -------- d-----w- c:\program files\AC3Filter
2010-07-26 19:15 . 2010-07-26 19:15 -------- d-----w- c:\program files\MediaInfo
2010-07-26 19:06 . 2010-05-03 18:27 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-26 19:06 . 2010-05-03 18:21 -------- d-----w- c:\programdata\DivX
2010-07-26 19:06 . 2010-07-26 19:06 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-26 19:06 . 2009-11-29 22:54 -------- d-----w- c:\program files\DivX
2010-07-26 19:06 . 2010-07-26 19:06 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-26 19:06 . 2010-07-26 19:06 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-26 19:05 . 2010-07-26 19:05 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-26 19:04 . 2010-07-26 19:04 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-26 19:04 . 2010-05-03 18:23 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-26 19:04 . 2010-05-03 18:23 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-20 21:57 . 2010-06-04 15:19 -------- d-----w- c:\users\Felix\AppData\Roaming\HLSW
2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\users\Felix\AppData\Roaming\Ubisoft
2010-07-19 20:17 . 2010-07-19 20:17 -------- d-----w- c:\programdata\Ubisoft
2010-07-19 20:11 . 2010-07-19 19:58 -------- d-----w- c:\program files\Ubisoft
2010-07-16 21:51 . 2010-04-11 00:57 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-12 18:24 . 2010-07-12 18:24 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-12 18:24 . 2010-07-12 18:24 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-09 20:48 . 2009-11-29 19:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-08 03:03 . 2010-07-08 03:03 -------- d-----w- c:\users\pizzowned\AppData\Roaming\DivX
2010-06-30 16:02 . 2009-12-09 18:19 -------- d-----w- c:\program files\PokerStars
2010-06-28 03:15 . 2010-04-17 15:01 256 ----a-w- c:\windows\system32\pool.bin
2010-06-23 02:48 . 2010-06-23 02:48 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 17:37 . 2009-11-29 16:28 221568 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Felix\AppData\Roaming\HLSW ----

2010-06-04 16:48 . 2010-06-04 16:48 123 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\ipspace.dat
2010-06-04 16:48 . 2010-06-04 16:48 2 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\filter.dat
2010-06-04 16:48 . 2010-06-04 16:48 46 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\plugin_Simple FTP Client.cfg
2010-06-04 16:48 . 2010-06-04 16:48 46 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\plugin_Call of Duty Configuration Plugin.cfg
2010-06-04 16:48 . 2010-06-04 16:48 48 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\plugin_Multi Messenger Plugin.cfg
2010-06-04 15:22 . 2010-06-04 15:22 89 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\connect.log
2010-06-04 15:20 . 2010-06-04 16:48 8 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\wonid.db7
2010-06-04 15:20 . 2010-06-04 15:20 0 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\wonid.db7.backup
2010-06-04 15:20 . 2010-06-04 16:48 2100 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\serverlist.sl32
2010-06-04 15:20 . 2010-06-04 15:22 2101 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\serverlist.sl32.backup
2010-06-04 15:20 . 2010-06-04 15:20 0 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\filesmoved.dat
2010-06-04 15:20 . 2010-06-04 16:48 26565 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\debug.log
2010-06-04 15:19 . 2010-06-04 15:22 904 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\lan.sl32.backup
2010-06-04 15:19 . 2010-06-04 15:22 18650 ----a-w- c:\users\Felix\AppData\Roaming\HLSW\hlsw.sl32.backup


((((((((((((((((((((((((((((( SnapShot@2010-08-22_22.29.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2010-08-24 15:48 63290 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2010-08-28 15:44 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2010-08-22 22:15 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2010-08-22 22:15 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2010-08-28 15:44 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-01 08:47 . 2010-08-24 22:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 08:47 . 2010-08-19 22:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 08:47 . 2010-08-19 22:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-01 08:47 . 2010-08-24 22:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 08:47 . 2010-08-19 22:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-01 08:47 . 2010-08-24 22:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-29 22:20 . 2010-08-24 15:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-29 22:20 . 2010-08-22 22:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-29 22:20 . 2010-08-22 22:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-29 22:20 . 2010-08-24 15:44 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-29 22:20 . 2010-08-22 22:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-29 22:20 . 2010-08-24 15:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:25 . 2010-08-07 05:54 86016 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2010-08-24 15:48 86016 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2010-08-07 05:54 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2010-08-24 15:48 51200 c:\windows\inf\infpub.dat
+ 2009-11-28 23:34 . 2010-08-24 15:48 9606 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1746604758-1044917362-344122428-1000_UserData.bin
+ 2010-08-22 22:14 . 2010-08-24 15:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-22 22:14 . 2010-08-22 22:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-22 22:14 . 2010-08-22 22:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-22 22:14 . 2010-08-24 15:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2010-08-22 22:22 625810 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-08-24 15:50 625810 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-08-24 15:50 108966 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-08-22 22:22 108966 c:\windows\System32\perfc009.dat
- 2010-08-21 19:17 . 2010-08-22 22:15 458752 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-21 19:17 . 2010-08-28 15:44 458752 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-25 21:00 . 2010-08-25 21:00 216576 c:\windows\Installer\65162bd.msi
.

 

[defy]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2010-01-24 08:21 2166296 ----a-w- c:\program files\Peer2Peer-EN\tbPee1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2010-01-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-11-30 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2010-01-13 4281584]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-12-04 737280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Felix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-02-17 23:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
2010-01-19 15:17 1565696 ----a-w- c:\program files\BellCanada\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-29 22:45 135664 ----atw- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2010-04-21 08:26 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-02-09 21:14 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 01:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-11-30 08:21 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2006-11-02 09:45 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-08-24 15:45 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-29 22:56 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-03-12 17:53 483422 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-11-29 20:10 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1746604758-1044917362-344122428-1000]
"EnableNotificationsRef"=dword:00000001

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-08 3290184]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-08 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-13 689392]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]

.
Contents of the 'Scheduled Tasks' folder

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000Core.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746604758-1044917362-344122428-1000UA.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 22:45]

2010-08-28 c:\windows\Tasks\Norton Security Scan for Felix.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-12 05:27]

2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{1AAA177D-1F84-4B11-9163-6DDC448CB382}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Felix\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\f7jn383c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 20:30
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-28 20:36:42
ComboFix-quarantined-files.txt 2010-08-29 00:36
ComboFix2.txt 2010-08-28 23:45
ComboFix3.txt 2010-08-28 20:33
ComboFix4.txt 2010-08-22 22:32

Pre-Run: 187,633,471,488 bytes free
Post-Run: 187,591,397,376 bytes free

- - End Of File - - 9C98C7A4171F4BBCE12E6A305A3155EC

 

[Broni]

Good

How is computer doing at the moment?

Update MBAM, run "Quick scan" and post new log.

Then....

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.