Inactive Windows 7, can't access directories (aka explorer), control panel

jamezuva · Oct 1, 2011

Hi, got a new computer about a month ago and immediately installed Avast as anti-virus. Also have been using Peerblock. Haven't visited any sketchy websites or opened any suspicious e-mails/programs as far as I remember.

Last night, I noticed my network icon in the bottom right showed a red "X" even though I am still able to use the internet. I then noticed I would get an error whenever I tried to click the icon to access my directories under explorer or access the control panel. The error message in each instance is "Windows cannot access the specified device path or file. You may not have the appropiate permission to access the item."

I am the only user on the computer so am the Administrator. I have 2 Harddrives, both have Windows 7 64-bit installed, the primary being a solid-state drive, and the other being a conventional HD.

I ran a full Avast check which didn't find much, just 1 sketchy mp3 I've had for a long time on one of my external HDs (I have 2 connected total) which didn't solve the problem. Also downloaded and ran Spybot S&D which found 2 things but correcting those didn't solve problem. I've rebooted several times and nothing has changed in terms of my access.

Also, sometimes when I'm trying to install something it'll say that Windows Installer is messed up and I can't even seem to replace that via the files I tried to download off microsoft's website.

I haven't tried booting from my conventional internal HD but I'm afraid that'll get corrupted too so I'm hesitant to yet.

I'm kinda freaking out. Could anything other a virus cause this?

---------------------------------------------------------------------------------
LOG FILES:

MalwareBytes:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7839

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/1/2011 7:01:32 AM
mbam-log-2011-10-01 (07-01-32).txt

Scan type: Quick scan
Objects scanned: 198322
Time elapsed: 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
f:\Users\Jamez\favorites\mp3 downloads - another obscure corrs mp3 site.url (Rogue.Link) -> Quarantined and deleted successfully.

---------------------------------------------------------
DDS:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Jamez at 19:48:47 on 2011-10-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8168.5815 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
F:\Program Files\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
F:\Program Files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
F:\Program Files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
F:\Program Files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
F:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
F:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
F:\Program Files\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
F:\Program Files (x86)\PowerDVD11\PowerDVD11\PDVD11Serv.exe
F:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
F:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
F:\Program Files (x86)\PC Tools Utilities\pt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - F:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - F:\Program Files\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - F:\Program Files (x86)\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - F:\Program Files\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [PeerBlock] F:\Program Files\PeerBlock\peerblock.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avast] "F:\Program Files\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [RemoteControl11] F:\Program Files (x86)\PowerDVD11\PowerDVD11\PDVD11Serv.exe
mRun: [PowerPanel Personal Edition User Interaction] F:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
mRun: [WinampAgent] "F:\Program Files (x86)\Winamp\winampa.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - F:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: huntingtonhospital.com\connect
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8D84D58D-8557-4CAB-8E6F-556339F5D9CE} - hxxp://10.217.1.31/hrs/download/Setup.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect.huntingtonhospital.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
TCP: Interfaces\{D57B7813-8D68-4654-B3BD-89DDABE39123} : DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\Avast\aswWebRepIE.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\Avast\aswWebRepIE.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [avast] "F:\Program Files\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [RemoteControl11] F:\Program Files (x86)\PowerDVD11\PowerDVD11\PDVD11Serv.exe
mRun-x64: [PowerPanel Personal Edition User Interaction] F:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
mRun-x64: [WinampAgent] "F:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jamez\AppData\Roaming\Mozilla\Firefox\Profiles\wy36biyv.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20110924&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Jamez\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jamez\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jamez\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Jamez\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: F:\Program Files (x86)\bin\new_plugin\npdeployJava1.dll
FF - plugin: F:\Program Files (x86)\bin\new_plugin\npjp2.dll
FF - plugin: F:\Program Files\Mozilla Firefox\plugins\npicaN.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);\??\C:\Windows\system32\Drivers\NEOFLTR_650_14951.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_14951.SYS [?]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/19 13:13:44];F:\Program Files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl [2011-8-26 148976]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;F:\Program Files\Avast\AvastSvc.exe [2011-9-9 44768]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;F:\Program Files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-9-19 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;F:\Program Files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-9-19 75048]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;F:\Program Files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-9-19 292136]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 ntk_PowerDVD;ntk_PowerDVD;F:\Program Files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-9-19 75248]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-2 2255464]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-9-30 632800]
R2 SBSDWSCService;SBSD Security Center Service;F:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-30 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;C:\Windows\system32\DRIVERS\e1q62x64.sys --> C:\Windows\system32\DRIVERS\e1q62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 DMDefragService;Performance Toolkit Disk Defrag Service;F:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-9-30 1050592]
S3 DMRepairService;Performance Toolkit Disk Repair Service;F:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-9-30 1034208]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-9-21 130976]
S3 pbfilter;pbfilter;F:\Program Files\PeerBlock\pbfilter.sys [2011-9-14 24176]
S3 PCTDMDefrag;PCTDMDefrag;C:\Windows\System32\drivers\PCTDMDefrag.sys [2011-9-30 108056]
S3 PCTDSMon;PCTDSMon;\??\C:\Windows\system32\drivers\PCTDSMon.sys --> C:\Windows\system32\drivers\PCTDSMon.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-01 14:05:07 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C9BAF77-C4CD-44A9-B3CE-730018C902D2}\offreg.dll
2011-10-01 06:59:16 -------- d-----w- C:\Users\Jamez\AppData\Roaming\Malwarebytes
2011-10-01 06:59:12 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-01 06:59:08 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-01 06:11:27 -------- d-----w- C:\Users\Jamez\AppData\Roaming\Registry Mechanic
2011-10-01 06:08:47 -------- d-----w- C:\Program Files\CCleaner
2011-10-01 06:06:08 -------- d-----w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-01 06:03:39 -------- d-----w- F:\Users\Jamez\AppData\Local\PackageAware
2011-10-01 05:58:14 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2011-10-01 05:58:13 189880 ----a-w- C:\Windows\System32\drivers\PCTDSMon.sys
2011-10-01 05:58:13 162328 ----a-w- C:\Windows\System32\drivers\PCTDMDefrag.sys
2011-10-01 05:58:13 108056 ----a-w- C:\Windows\SysWow64\drivers\PCTDMDefrag.sys
2011-10-01 05:58:12 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx
2011-10-01 05:58:12 658432 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2011-10-01 05:58:12 506368 ----a-w- C:\Windows\SysWow64\msxml.dll
2011-10-01 05:58:12 40416 ----a-w- C:\Windows\System32\CleanMFT64.exe
2011-10-01 05:58:12 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx
2011-10-01 05:58:12 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx
2011-10-01 05:58:11 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-10-01 05:58:09 -------- d-----w- C:\ProgramData\PC Tools
2011-10-01 05:45:42 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C9BAF77-C4CD-44A9-B3CE-730018C902D2}\mpengine.dll
2011-10-01 05:43:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-01 04:48:50 -------- d-----w- C:\ProgramData\Citrix
2011-09-24 06:52:55 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-09-23 20:29:33 -------- d-----w- C:\ProgramData\Soulseek
2011-09-23 17:40:46 -------- d-----w- C:\Users\Jamez\AppData\Roaming\Azureus
2011-09-22 02:46:41 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-09-22 02:42:32 -------- d-----w- C:\ProgramData\boost_interprocess
2011-09-22 00:46:04 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenu
2011-09-22 00:45:55 -------- d-----w- C:\ProgramData\CanonIJ
2011-09-22 00:41:52 -------- d--h--w- C:\ProgramData\CanonIJScan
2011-09-22 00:41:32 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter
2011-09-22 00:41:27 -------- d-----w- C:\ProgramData\CanonIJPLM
2011-09-22 00:37:34 -------- d-----w- C:\Program Files\Common Files\CANON
2011-09-22 00:36:33 -------- d-----w- C:\Program Files\Canon
2011-09-22 00:35:51 151040 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2011-09-22 00:35:50 251392 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2011-09-22 00:34:26 -------- d-----w- C:\Program Files (x86)\Canon
2011-09-20 20:14:30 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-09-20 20:14:30 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-09-20 20:14:30 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2011-09-20 20:14:30 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-09-20 20:14:29 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2011-09-20 20:14:29 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-09-20 20:14:29 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-09-20 20:14:29 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
2011-09-20 17:22:36 -------- d-----w- C:\Users\Jamez\AppData\Roaming\XnView
2011-09-19 20:13:44 -------- d-----w- C:\ProgramData\PDVD
2011-09-19 20:12:40 -------- d-----w- C:\ProgramData\install_clap
2011-09-17 01:58:14 -------- d-----w- C:\ProgramData\Media Center Programs
2011-09-17 01:55:22 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-09-17 01:14:01 -------- d-----w- C:\Windows\Msagent
2011-09-15 02:30:28 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-09-15 02:30:24 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-09-15 02:30:24 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-09-14 01:42:24 -------- d-----w- C:\Program Files (x86)\Common Files\McKesson
2011-09-12 04:13:57 -------- d-----w- C:\Users\Jamez\AppData\Roaming\NVIDIA
2011-09-12 04:13:57 -------- d-----w- C:\Users\Jamez\AppData\Roaming\Crayon Physics Deluxe
2011-09-12 04:03:01 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-09-12 04:03:01 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-09-12 04:03:01 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-09-12 04:03:01 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-09-12 04:03:01 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-09-12 00:56:24 -------- d-----w- C:\Windows\Downloaded Installations
2011-09-12 00:46:00 100400 ----a-w- C:\Windows\System32\drivers\NEOFLTR_650_14951.SYS
2011-09-12 00:45:52 -------- d-----w- C:\Program Files (x86)\Juniper Networks
2011-09-12 00:45:41 -------- d-----w- C:\Users\Jamez\AppData\Roaming\Juniper Networks
2011-09-12 00:45:08 -------- d-----w- C:\Users\Jamez\AppData\Roaming\ICAClient
2011-09-12 00:44:57 73728 ----a-r- C:\Users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
2011-09-12 00:44:57 73728 ----a-r- C:\Users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
2011-09-12 00:35:40 -------- d-----w- C:\Windows\SysWow64\Wat
2011-09-12 00:35:40 -------- d-----w- C:\Windows\System32\Wat
2011-09-12 00:19:00 92672 ----a-w- C:\Windows\System32\CNC860I.DLL
2011-09-12 00:19:00 299520 ----a-w- C:\Windows\System32\CNC860L.DLL
2011-09-12 00:19:00 235008 ----a-w- C:\Windows\System32\CNC860O.DLL
2011-09-12 00:19:00 17920 ----a-w- C:\Windows\System32\CNHMCA6.DLL
2011-09-12 00:19:00 1342976 ----a-w- C:\Windows\System32\CNC860C.DLL
2011-09-10 05:03:05 -------- d-----w- C:\Windows\FLV Player
2011-09-10 03:33:14 -------- d-----w- C:\Users\Jamez\AppData\Roaming\Origin
2011-09-10 03:33:08 -------- d-----w- C:\ProgramData\Origin
2011-09-10 03:33:08 -------- d-----w- C:\ProgramData\Electronic Arts
2011-09-10 03:33:08 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-09-10 03:14:01 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-09-10 02:41:10 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
2011-09-10 02:31:37 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-09-10 02:31:01 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-10 01:36:56 -------- d-----w- C:\Users\Jamez\AppData\Roaming\.purple
2011-09-10 01:13:56 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-09-10 01:13:56 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-10 01:13:51 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-10 01:13:48 -------- d-----w- C:\ProgramData\AVAST Software
2011-09-09 23:59:29 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment.Trash
2011-09-09 23:57:52 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2011-09-09 23:57:52 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2011-09-09 23:25:16 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2011-09-09 22:50:03 3072 ----a-w- C:\Windows\System32\CNCFLjUS.DLL
2011-09-09 22:49:58 82944 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9N.DLL
2011-09-09 22:49:58 28160 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9N.DLL
2011-09-09 22:49:55 290816 ----a-w- C:\Windows\System32\CNMLM9N.DLL
2011-09-09 21:09:47 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-03 00:39:48 -------- d-----w- C:\Program Files (x86)\Marvell
2011-09-03 00:38:49 314568 ----a-r- C:\Windows\System32\PROUnstl.exe
2011-09-03 00:38:25 68264 ----a-w- C:\Windows\System32\e1qmsg.dll
2011-09-03 00:38:25 303280 ----a-w- C:\Windows\System32\drivers\e1q62x64.sys
2011-09-03 00:38:23 91840 ----a-w- C:\Windows\System32\NicInstQ.dll
2011-09-03 00:38:15 68264 ----a-w- C:\Windows\System32\e1cmsg.dll
2011-09-03 00:38:15 36472 ----a-w- C:\Windows\System32\NicCo36.dll
2011-09-03 00:38:15 313520 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
2011-09-03 00:38:14 91840 ----a-w- C:\Windows\System32\NicInstC.dll
2011-09-03 00:38:00 -------- d-sh--w- C:\Windows\Installer
2011-09-03 00:35:52 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2011-09-03 00:35:43 -------- d-----w- C:\Intel
2011-09-02 20:40:34 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-09-02 20:40:22 -------- d-----w- C:\NVIDIA
.
==================== Find3M ====================
.
2011-09-10 05:28:15 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-10 05:27:48 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-09-10 05:27:48 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-09-10 05:17:14 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2011-09-09 23:24:30 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2011-08-03 10:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 19:49:02.28 ===============

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/9/2011 2:02:25 PM
System Uptime: 10/1/2011 7:02:47 AM (12 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Maximus IV Extreme
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 35.357 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.
F: is FIXED (NTFS) - 1863 GiB total, 1702.415 GiB free.
G: is Removable
I: is FIXED (NTFS) - 732 GiB total, 26.304 GiB free.
K: is FIXED (NTFS) - 633 GiB total, 129.581 GiB free.
M: is FIXED (FAT32) - 95 GiB total, 2.948 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP34: 9/27/2011 4:28:38 PM - Windows Update
RP35: 9/28/2011 9:19:20 PM - Windows Update
RP36: 9/30/2011 9:59:15 PM - Restore Operation
RP37: 9/30/2011 10:03:49 PM - Windows Update
RP38: 9/30/2011 10:04:05 PM - Windows Update
RP39: 9/30/2011 10:14:39 PM - Restore Operation
RP40: 9/30/2011 10:19:16 PM - Windows Update
.
==== Installed Programs ======================
.
3DMark 11
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
avast! Free Antivirus
Battlefield: Bad Company 2
BioShock
Call of Duty: Modern Warfare 2 - Multiplayer
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 2.1
Canon MX860 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Citrix XenApp Web Plugin
Crayon Physics Deluxe
Crysis(R)
CyberLink PowerDVD 11
CyberPower PowerPanel Personal Edition 1.3
Deus Ex Human Revolution Augmented Edition Bonus Content
Deus Ex: Human Revolution
FLV Player
FrostWire 5.1.5
Futuremark SystemInfo
GameSpy Comrade
Google Talk Plugin
HRS 11 Distributed
ImgBurn
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 26
JMicron JMB36X Driver
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Left 4 Dead 2
Malwarebytes' Anti-Malware version 1.51.2.1300
marvell 91xx driver
Microsoft .NET Framework 1.1
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 6.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Origin
Peggle Nights
Performance Toolkit 1.0
Pidgin
Portal 2
PunkBuster Services
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
SoulSeek 157 NS 13e
Spybot - Search & Destroy
StarCraft II
Steam
System Requirements Lab CYRI
Team Fortress 2
TrackMania United
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.11
Vuze
Winamp
XnView 1.98.2
.
==== Event Viewer Messages From Past Week ========
.
9/30/2011 11:15:22 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/30/2011 11:15:22 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
9/29/2011 6:39:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
9/29/2011 6:39:27 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/28/2011 11:04:47 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 6 time(s).
9/27/2011 11:03:09 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 5 time(s).
9/26/2011 10:25:43 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 4 time(s).
9/25/2011 10:53:00 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 3 time(s).
9/24/2011 12:22:47 AM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 1 time(s).
9/24/2011 10:40:59 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 2 time(s).
.
==== End Of File ===========================

***When I ran GMER, it didn't find any issues so no log file was created***

Bobbye · Oct 2, 2011

Welcome to TechSpot! I'll help sort out the problems.

My Guidelines: please read and follow:

Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
Read my instructions carefully. If you don't understand or have a problem, ask me.
If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
Follow the order of the tasks I give you. Order is crucial in cleaning process.
File sharing programs should be uninstalled or disabled during the cleaning process..
Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.
Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Is this the mp3 you've' had for ages' just 1 sketchy mp3 I've had for a long time on one of my external HDs'?
f:\Users\Jamez\favorites\mp3 downloads - another obscure corrs mp3 site.url (Rogue.Link) Mbam quarantine this as it appears to have the rogue link.

Open your Favorites and delete this please.
=====================================
P2P Warning:
You are using the following file sharing programs:
FrostWire 5.1.5
Vuze
If you want to keep the system clean, I advise you to uninstall both for the following reasons:

:

Even if you are using a "safe" P2P program, it is only the program that is safe.

As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.

Malware writers use these program to include malicious content.

File sharing is usually unmonitored and there is a danger that your private files might be accessed.

The 'sharing' also includes malware that the shared system has on it.

Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
==============================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe & follow the prompts.

ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

.Close any open browsers.

.Double click combofix.exe

& follow the prompts to run.

When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
==========================================

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the

on your desktop.

Check 'Yes I accept terms of use.'

Click Start button

Accept any security warnings from your browser.

Uncheck 'Remove found threats'

Check 'Scan archives/

Leave remaining settings as is.

Press the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.

When the scan completes, press List of found threats

Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.

Push the Back button

Push Finish

Please post the entire log with heading resembling this:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1

Click to expand...

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===========================
I see some entries that will need to be removed and you have a lot of unnecessary processes running in the background.

Please leave the 2 log in your next reply.

jamezuva · Oct 2, 2011

"Is this the mp3 you've' had for ages' just 1 sketchy mp3 I've had for a long time on one of my external HDs'?
f:\Users\Jamez\favorites\mp3 downloads - another obscure corrs mp3 site.url (Rogue.Link) Mbam quarantine this as it appears to have the rogue link."

No, that is on my regular internal HD but it was a bookmark imported from one of my external HDs and it was also on my old computer and never gave me this type of problem. I believe Malwarebytes quarantined it.

jamezuva · Oct 3, 2011

I uninstalled Vuze and Frostbyte (which was a little bit tricky since I can't access the uninstaller from control panel but found out I could browse my directories using Run.exe)

For reference in the log files below, C:\ is my SSD and main Win 7 boot drive, F:\ is my conventional internal HD which also has Win 7 installed on it but I have never booted from it. E:\ is my reserve drive related to C:\. All the other drive letters are partitions from my 2 external HDs (e.g. K:\)

Sorry, I'm not sure how to use the headers as you're describing

===========================================
Combofix:

ComboFix 11-10-02.03 - Jamez 10/02/2011 20:04:42.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8168.5824 [GMT -7:00]
Running from: f:\firefox temp\Temporary Internet Files\Content.IE5\BNPHAY2A\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\install.exe
K:\Autorun.inf
K:\install.exe
K:\Setup.exe
M:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-02 03:54 . 2011-10-02 03:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-01 06:59 . 2011-10-01 06:59 -------- d-----w- c:\programdata\Malwarebytes
2011-10-01 06:59 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-01 06:08 . 2011-10-01 06:08 -------- d-----w- c:\program files\CCleaner
2011-10-01 06:06 . 2011-10-01 06:06 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-01 06:03 . 2011-10-01 06:03 -------- d-----w- f:\users\Jamez\AppData\Local\PackageAware
2011-10-01 05:58 . 2011-03-15 17:10 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-10-01 05:58 . 2011-02-05 02:34 162328 ----a-w- c:\windows\system32\drivers\PCTDMDefrag.sys
2011-10-01 05:58 . 2011-02-05 02:34 189880 ----a-w- c:\windows\system32\drivers\PCTDSMon.sys
2011-10-01 05:58 . 2011-02-05 02:32 108056 ----a-w- c:\windows\SysWow64\drivers\PCTDMDefrag.sys
2011-10-01 05:58 . 2011-02-16 15:02 40416 ----a-w- c:\windows\system32\CleanMFT64.exe
2011-10-01 05:58 . 2008-09-18 04:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2011-10-01 05:58 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2011-10-01 05:58 . 2008-04-02 22:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2011-10-01 05:58 . 2008-04-02 22:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2011-10-01 05:58 . 2004-08-04 14:00 506368 ----a-w- c:\windows\SysWow64\msxml.dll
2011-10-01 05:58 . 2011-10-01 05:58 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-10-01 05:58 . 2011-10-01 05:58 -------- d-----w- c:\programdata\PC Tools
2011-10-01 05:45 . 2011-09-21 16:00 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C9BAF77-C4CD-44A9-B3CE-730018C902D2}\mpengine.dll
2011-10-01 05:43 . 2011-10-01 06:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-01 04:48 . 2011-10-01 04:48 -------- d-----w- c:\programdata\Citrix
2011-09-24 06:52 . 2011-09-24 06:52 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-09-23 20:29 . 2011-09-23 20:36 -------- d-----w- c:\programdata\Soulseek
2011-09-22 02:46 . 2011-09-22 02:46 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-09-22 02:42 . 2011-09-22 02:42 -------- d-----w- c:\programdata\boost_interprocess
2011-09-22 00:45 . 2011-09-22 00:45 -------- d-----w- c:\programdata\CanonIJ
2011-09-22 00:37 . 2011-09-22 00:37 -------- d-----w- c:\program files\Common Files\CANON
2011-09-22 00:36 . 2011-09-22 00:36 -------- d-----w- c:\program files\Canon
2011-09-22 00:35 . 2007-05-14 15:50 151040 ----a-w- c:\windows\system32\CNMN6UI.DLL
2011-09-22 00:35 . 2007-05-14 15:50 251392 ----a-w- c:\windows\system32\CNMN6PPM.DLL
2011-09-22 00:34 . 2011-09-22 00:41 -------- d-----w- c:\program files (x86)\Canon
2011-09-20 20:14 . 2010-02-04 17:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-09-20 20:14 . 2010-02-04 17:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-09-20 20:14 . 2010-02-04 17:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-09-20 20:14 . 2010-02-04 17:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-09-20 20:14 . 2010-02-04 17:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-09-20 20:14 . 2010-02-04 17:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-09-20 20:14 . 2010-02-04 17:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-09-20 20:14 . 2010-02-04 17:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-09-19 20:14 . 2011-09-19 20:14 -------- d-----w- c:\users\Public\CyberLink
2011-09-19 20:13 . 2011-09-19 20:15 -------- d-----w- c:\programdata\PDVD
2011-09-19 20:12 . 2011-09-19 20:13 -------- d-----w- c:\programdata\install_clap
2011-09-19 20:10 . 2011-09-22 00:29 -------- d-----w- c:\programdata\CyberLink
2011-09-17 01:58 . 2011-09-17 01:58 -------- d-----w- c:\programdata\Media Center Programs
2011-09-17 01:55 . 2011-09-17 01:55 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-09-17 01:14 . 2011-09-17 01:14 -------- d-----w- c:\windows\Msagent
2011-09-15 02:30 . 2011-09-15 02:30 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-09-15 02:30 . 2011-09-15 02:30 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-09-15 02:30 . 2011-09-15 02:30 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-09-15 02:30 . 2011-09-15 02:30 -------- d-----w- c:\program files (x86)\Real
2011-09-14 01:42 . 2011-09-14 01:42 -------- d-----w- c:\program files (x86)\Common Files\McKesson
2011-09-14 01:01 . 2011-09-14 01:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-09-12 04:06 . 2011-09-12 04:06 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-09-12 04:03 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-09-12 04:03 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-09-12 04:03 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-09-12 04:03 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-09-12 04:03 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-09-12 04:00 . 2011-09-12 04:00 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-09-12 00:56 . 2011-09-12 00:56 -------- d-----w- c:\windows\Downloaded Installations
2011-09-12 00:46 . 2009-12-09 13:28 100400 ----a-w- c:\windows\system32\drivers\NEOFLTR_650_14951.SYS
2011-09-12 00:45 . 2011-09-12 00:45 -------- d-----w- c:\program files (x86)\Juniper Networks
2011-09-12 00:35 . 2011-09-12 00:35 -------- d-----w- c:\windows\SysWow64\Wat
2011-09-12 00:35 . 2011-09-12 00:35 -------- d-----w- c:\windows\system32\Wat
2011-09-12 00:19 . 2009-06-16 18:37 1342976 ----a-w- c:\windows\system32\CNC860C.DLL
2011-09-12 00:19 . 2009-06-16 18:36 92672 ----a-w- c:\windows\system32\CNC860I.DLL
2011-09-12 00:19 . 2009-02-19 20:20 299520 ----a-w- c:\windows\system32\CNC860L.DLL
2011-09-12 00:19 . 2008-08-26 01:02 17920 ----a-w- c:\windows\system32\CNHMCA6.DLL
2011-09-12 00:19 . 2008-07-16 16:39 235008 ----a-w- c:\windows\system32\CNC860O.DLL
2011-09-10 05:03 . 2011-09-10 05:03 -------- d-----w- c:\windows\FLV Player
2011-09-10 04:46 . 2011-09-10 04:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-09-10 03:33 . 2011-09-10 03:33 -------- d-----w- c:\programdata\Origin
2011-09-10 03:33 . 2011-09-10 03:33 -------- d-----w- c:\programdata\Electronic Arts
2011-09-10 03:33 . 2011-09-10 03:33 -------- d-----w- c:\program files (x86)\Origin Games
2011-09-10 03:14 . 2011-10-02 03:11 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-09-10 02:41 . 2010-11-09 22:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2011-09-10 02:31 . 2011-09-10 02:31 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-09-10 02:31 . 2011-09-10 02:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-10 02:31 . 2011-09-10 02:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-10 01:13 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-10 01:13 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-10 01:13 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-10 01:13 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-10 01:13 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-10 01:13 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-10 01:13 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-10 01:13 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-10 01:13 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-10 01:13 . 2011-09-10 01:13 -------- d-----w- c:\programdata\AVAST Software
2011-09-09 23:57 . 2011-09-10 00:41 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-09-09 23:57 . 2011-09-10 00:17 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-09-09 23:25 . 2011-09-09 23:25 -------- d-----w- c:\windows\SysWow64\URTTEMP
2011-09-09 22:50 . 2008-09-25 19:20 3072 ----a-w- c:\windows\system32\CNCFLjTH.DLL
2011-09-09 22:49 . 2011-09-09 22:49 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-09-09 22:49 . 2011-09-09 22:49 -------- d--h--w- c:\programdata\CanonBJ
2011-09-09 22:49 . 2009-04-25 12:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9N.DLL
2011-09-09 22:49 . 2009-04-25 12:00 28160 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9N.DLL
2011-09-09 22:49 . 2009-04-25 12:00 290816 ----a-w- c:\windows\system32\CNMLM9N.DLL
2011-09-09 21:09 . 2011-10-01 05:31 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-09 21:09 . 2011-09-09 21:09 -------- d-----w- c:\windows\SysWow64\Macromed
2011-09-09 21:02 . 2011-10-01 05:15 -------- d-----w- c:\users\Jamez
2011-09-09 21:02 . 2011-09-09 21:02 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 11:50 . 2011-09-02 20:41 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-09-02 20:41 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-08-03 11:50 . 2011-09-02 20:41 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2011-09-02 20:41 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-09-02 20:41 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-09-02 20:41 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-09-02 20:41 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 11:50 . 2011-09-02 20:41 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-09-02 20:41 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-09-02 20:41 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-09-02 20:41 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-09-02 20:41 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-09-02 20:41 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2011-09-02 20:41 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-09-02 20:41 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-09-02 20:41 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2011-09-02 20:41 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-09-02 20:41 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-09-02 20:41 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-02 20:41 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-02 20:41 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-09-02 20:41 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-09-02 20:41 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-09-02 20:41 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-09-02 20:41 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-09-02 20:41 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-09-02 20:41 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 10:31 . 2011-08-03 10:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-07-16 04:26 . 2011-09-12 00:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="f:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="f:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"avast"="f:\program files\Avast\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-09-15 273528]
"RemoteControl11"="f:\program files (x86)\PowerDVD11\PowerDVD11\PDVD11Serv.exe" [2011-08-24 230696]
"PowerPanel Personal Edition User Interaction"="f:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-08-03 349632]
"WinampAgent"="f:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-02-16 112608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 SASDIFSV;SASDIFSV;c:\users\Jamez\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Jamez\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 DMDefragService;Performance Toolkit Disk Defrag Service;f:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-02-16 1050592]
R3 DMRepairService;Performance Toolkit Disk Repair Service;f:\program files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-02-16 1034208]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 pbfilter;pbfilter;f:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-02-05 162328]
R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\Drivers\NEOFLTR_650_14951.SYS [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/19 13:13];f:\program files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl [2011-08-26 17:53 148976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;f:\program files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;f:\program files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-08-26 75048]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;f:\program files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-08-26 292136]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 ntk_PowerDVD;ntk_PowerDVD;f:\program files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-16 632800]
S2 SBSDWSCService;SBSD Security Center Service;f:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1062377385-2925155813-24115089-1001Core.job
- c:\users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 21:10]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1062377385-2925155813-24115089-1001UA.job
- c:\users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 21:10]
.
2011-10-03 c:\windows\Tasks\PTSchedule.job
- f:\program files (x86)\PC Tools Utilities\pt.exe [2011-10-01 15:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- f:\program files\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: huntingtonhospital.com\connect
TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
DPF: {8D84D58D-8557-4CAB-8E6F-556339F5D9CE} - hxxp://10.217.1.31/hrs/download/Setup.cab
FF - ProfilePath - c:\users\Jamez\AppData\Roaming\Mozilla\Firefox\Profiles\wy36biyv.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20110924&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\f:\program files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1062377385-2925155813-24115089-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:64,23,39,7f,ab,f0,79,0e,0b,00,c0,7a,f5,9f,c7,9f,1e,b6,73,93,b0,72,da,
44,28,fa,86,59,08,dd,31,e1,20,98,07,27,7a,a2,77,8c,89,36,27,f9,da,b1,94,26,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Avast\AvastSvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
f:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
.
**************************************************************************
.
Completion time: 2011-10-02 20:17:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-03 03:17
.
Pre-Run: 37,743,972,352 bytes free
Post-Run: 37,838,360,576 bytes free
.
- - End Of File - - 52C52D19B9358EA7D9ED1CFEED1BD8E5

==============================================================
ESETScan log

F:\Firefox Temp\cnet_cpu-z_1_58-setup-en_exe.exe a variant of Win32/InstallCore.C application
F:\Firefox Temp\cnet_FLVPlayerSetup_exe.exe a variant of Win32/InstallCore.C application

Bobbye · Oct 6, 2011

Well, we have a problem: Combofix had deleted a file on each of the drives:

F:\install.exe>> "my regular internal HD"
K:\Autorun.inf
K:\install.exe
K:\Setup.exe
M:\autorun.inf

Regarding your description here:

"Is this the mp3 you've' had for ages' just 1 sketchy mp3 I've had for a long time on one of my external HDs'?
f:\Users\Jamez\favorites\mp3 downloads - another obscure corrs mp3 site.url (Rogue.Link) Mbam quarantine this as it appears to have the rogue link."

No, that is on my regular internal HD but it was a bookmark imported from one of my external HDs and it was also on my old computer and never gave me this type of problem. I believe Malwarebytes quarantined it.

You had an infected bookmark that was on one of your external drives. You imported the bookmark to the F Drive, your 'main internal drive.' Drive K and Drive M are infected. Look like Drive K is a movable drive, maybe Drive M is a partition? I'm not sure if you actually infected each drive with the same malware.

Mbam quarantined the malware on Drive F.

The autorun.inf indicates an infected movable drive- usually it's a flash drive, but in your case, you're going to have to tell me more speifically wht they are:

jamezuva · Oct 6, 2011

Bobbye said:
You had an infected bookmark that was on one of your external drives. You imported the bookmark to the F Drive, your 'main internal drive.' Drive K and Drive M are infected. Look like Drive K is a movable drive, maybe Drive M is a partition? I'm not sure if you actually infected each drive with the same malware.

Mbam quarantined the malware on Drive F.

The autorun.inf indicates an infected movable drive- usually it's a flash drive, but in your case, you're going to have to tell me more speifically wht they are:

Yes, F:\ is my conventional internal HD (not my boot drive; my boot drive is C:\ which is a solid state drive although both C:\ and F:\ have Windows 7 installed)
I:\ is one of my external HDs with J:\ being another partition of that drive
K:\ is my other external HDs with L:\ and M:\ being partitions of that drive

Thanks for helping me out

Bobbye · Oct 9, 2011

You will be disinfect all of the movable drives:

Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
Install and run it.
Plug in USB drive and click on Vaccinate USB and Vaccinate computer.

===========================================
Please download OTMovit by Old Timer and save to your desktop.

Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

:
:Files  
F:\Firefox Temp\cnet_cpu-z_1_58-setup-en_exe.exe 
F:\Firefox Temp\cnet_FLVPlayerSetup_exe.exe a 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
============================================
]b]Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.[/b]

Code:

File::
Folder::
c:\users\Default\AppData\Local\temp
c:\program files (x86)\Common Files\xing shared

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Logs in next reply please.

jamezuva · Oct 13, 2011

Running into a problem with the first step with Panda.
It will let me vaccinate K:\ and M:\ and my computer however it won't let me vaccinate J:\ and L:\ as they are not supported drive structures (these are partitions I use for homebrew on my nintendo wii) and it won't let me vaccinate I:\ which is a NTFS format and one of my external HDs (yet K:\ is also NTFS but my other external HD).

I get an error message saying it's unable to vaccinate and telling me to run chkdsk /f but when I try to use that in command prompt, it tells me I basically don't have the proper privileges to run it (I'm guessing "administrator" even though I am the administrator and I only have one user account in Win 7)

Bobbye · Oct 13, 2011

C: is FIXED (NTFS) - 60 GiB total, 35.357 GiB free.>> SSD>> Panda
D: is CDROM (UDF)
E: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.>Reserve for C
F: is FIXED (NTFS) - 1863 GiB total, 1702.415 GiB free.Internal HD>> Panda
G: is Removable????? What is this?
I: is FIXED (NTFS) - 732 GiB total, 26.304 GiB free.> External> No Panda
K: is FIXED (NTFS) - 633 GiB total, 129.581 GiB free.> Partition> Panda
M: is FIXED (FAT32) - 95 GiB total, 2.948 GiB free.>> Panda

Both hard drives, external and internal, C & F have been immunized

J&L aren't listed> these are partitions

Please go to Panda Support for help with this problem.

jamezuva · Oct 18, 2011

Asked in the forums and emailed Panda's tech support but didn't get much help there since they don't really support free products. Anyway, I'm currently running a chkdsk on I:\ (found away around the access issue I mentioned earlier) so I'm waiting for that to finish and will see if I can vaccinate it then. Otherwise, I just may format the drive completely or not use the drive with this computer.

jamezuva · Oct 19, 2011

Finally was able to vaccinate I:\ so now both of my two external HDs are vaccinated.

Also, btw I purchased Kaspersky Internet Security 2012 in case you want me to install and run that at some point.

=====================================
OTMove log:

All processes killed
Error: Unable to interpret <:> in the current context!
========== FILES ==========
F:\Firefox Temp\cnet_cpu-z_1_58-setup-en_exe.exe moved successfully.
File/Folder F:\Firefox Temp\cnet_FLVPlayerSetup_exe.exe a not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

User: Default User

User: Jamez
->Flash cache emptied: 10634 bytes

User: Public

User: UpdatusUser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14982496 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes
RecycleBin emptied: 55982764 bytes

Total Files Cleaned = 68.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 10192011_003854

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

jamezuva · Oct 19, 2011

ComboFix 11-10-19.01 - Jamez 10/19/2011 0:47.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8168.6576 [GMT -7:00]
Running from: f:\users\Jamez\Desktop\ComboFix.exe
Command switches used :: f:\users\Jamez\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\xing shared
c:\program files (x86)\Common Files\xing shared\mpeg encode\xmencmp3.dll
c:\users\Default\AppData\Local\temp
M:\AUTORUN.INF . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 07:50 . 2011-10-19 07:50 -------- d-----w- f:\users\Jamez\AppData\Local\temp
2011-10-19 07:50 . 2011-10-19 07:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-18 17:27 . 2011-09-21 16:00 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC6FCF5B-8FA1-4266-89B7-17486273BAD3}\mpengine.dll
2011-10-14 03:23 . 2011-10-14 03:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-10-13 02:49 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 02:49 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 02:49 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 02:49 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 02:49 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 02:49 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 02:49 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 02:49 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 02:49 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-10 04:11 . 2011-10-10 04:11 -------- d-----w- c:\programdata\Panda Security
2011-10-07 00:06 . 2011-10-07 00:06 -------- d-----w- c:\windows\SysWow64\xlive
2011-10-07 00:06 . 2011-10-07 00:06 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-10-03 03:36 . 2011-10-03 03:36 -------- d-----w- c:\program files (x86)\ESET
2011-10-02 03:54 . 2011-10-02 03:54 -------- d-----w- c:\users\Jamez\AppData\Roaming\SUPERAntiSpyware.com
2011-10-02 03:54 . 2011-10-02 03:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-01 06:59 . 2011-10-01 06:59 -------- d-----w- c:\users\Jamez\AppData\Roaming\Malwarebytes
2011-10-01 06:59 . 2011-10-01 06:59 -------- d-----w- c:\programdata\Malwarebytes
2011-10-01 06:59 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-01 06:11 . 2011-10-01 06:11 -------- d-----w- c:\users\Jamez\AppData\Roaming\Registry Mechanic
2011-10-01 06:08 . 2011-10-01 06:08 -------- d-----w- c:\program files\CCleaner
2011-10-01 06:06 . 2011-10-01 06:06 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-01 06:03 . 2011-10-01 06:03 -------- d-----w- f:\users\Jamez\AppData\Local\PackageAware
2011-10-01 05:58 . 2011-03-15 17:10 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-10-01 05:58 . 2011-02-05 02:32 108056 ----a-w- c:\windows\SysWow64\drivers\PCTDMDefrag.sys
2011-10-01 05:43 . 2011-10-07 06:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-01 04:48 . 2011-10-11 05:43 -------- d-----w- c:\programdata\Citrix
2011-10-01 04:48 . 2011-10-01 04:48 -------- d-----w- c:\users\Jamez\AppData\Roaming\Download Manager
2011-09-24 06:52 . 2011-09-24 06:52 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-09-24 06:52 . 2011-10-03 14:56 -------- d-----w- c:\users\Jamez\AppData\Roaming\Winamp
2011-09-23 20:29 . 2011-09-23 20:36 -------- d-----w- c:\programdata\Soulseek
2011-09-23 17:40 . 2011-10-01 06:10 -------- d-----w- c:\users\Jamez\AppData\Roaming\Azureus
2011-09-22 02:46 . 2011-09-22 02:46 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-09-22 02:42 . 2011-09-22 02:42 -------- d-----w- c:\programdata\boost_interprocess
2011-09-22 00:45 . 2011-09-22 00:45 -------- d-----w- c:\programdata\CanonIJ
2011-09-22 00:41 . 2011-09-22 00:41 -------- d-----w- c:\users\Jamez\AppData\Roaming\Canon
2011-09-22 00:37 . 2011-09-22 00:37 -------- d-----w- c:\program files\Common Files\CANON
2011-09-22 00:36 . 2011-09-22 00:36 -------- d-----w- c:\program files\Canon
2011-09-22 00:35 . 2007-05-14 15:50 151040 ----a-w- c:\windows\system32\CNMN6UI.DLL
2011-09-22 00:35 . 2007-05-14 15:50 251392 ----a-w- c:\windows\system32\CNMN6PPM.DLL
2011-09-22 00:34 . 2011-09-22 00:41 -------- d-----w- c:\program files (x86)\Canon
2011-09-22 00:29 . 2011-09-22 00:29 -------- d-----w- c:\users\Jamez\AppData\Local\CyberLink
2011-09-21 23:56 . 2011-09-21 23:56 -------- d-----w- c:\users\Jamez\AppData\Local\IsolatedStorage
2011-09-21 23:56 . 2011-09-21 23:56 -------- d-----w- c:\users\Jamez\AppData\Local\Futuremark_Corporation
2011-09-20 20:34 . 2011-09-23 05:39 -------- d-----w- c:\users\Jamez\AppData\Local\dxhr
2011-09-20 20:14 . 2010-02-04 17:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-09-20 20:14 . 2010-02-04 17:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-09-20 20:14 . 2010-02-04 17:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-09-20 20:14 . 2010-02-04 17:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-09-20 20:14 . 2010-02-04 17:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-09-20 20:14 . 2010-02-04 17:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-09-20 20:14 . 2010-02-04 17:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-09-20 20:14 . 2010-02-04 17:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-09-20 20:14 . 2011-09-20 20:14 -------- d-----w- c:\users\Jamez\AppData\Local\28050
2011-09-20 17:22 . 2011-10-01 05:15 -------- d-----w- c:\users\Jamez\AppData\Roaming\XnView
2011-09-20 15:33 . 2011-09-20 15:33 -------- d-----w- c:\users\Jamez\AppData\Local\PowerPanel Personal Edition
2011-09-19 20:14 . 2011-09-19 20:14 -------- d-----w- c:\users\Public\CyberLink
2011-09-19 20:14 . 2011-09-19 20:14 -------- d-----w- c:\users\Jamez\AppData\Roaming\CyberLink
2011-09-19 20:13 . 2011-09-19 20:15 -------- d-----w- c:\programdata\PDVD
2011-09-19 20:13 . 2011-09-19 20:13 -------- d-----w- c:\users\Jamez\AppData\Local\MediaServer
2011-09-19 20:12 . 2011-09-19 20:13 -------- d-----w- c:\programdata\install_clap
2011-09-19 20:10 . 2011-09-22 00:29 -------- d-----w- c:\programdata\CyberLink
2011-09-19 20:04 . 2011-09-23 18:16 -------- d-----w- c:\users\Jamez\AppData\Roaming\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 05:31 . 2011-09-09 21:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-17 01:55 . 2011-09-17 01:55 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-09-15 02:30 . 2011-09-15 02:30 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-09-15 02:30 . 2011-09-15 02:30 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-09-12 04:06 . 2011-09-12 04:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-12 04:06 . 2011-09-12 04:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-12 04:06 . 2011-09-12 04:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-12 04:06 . 2011-09-12 04:06 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-12 04:06 . 2011-09-12 04:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-12 04:06 . 2011-09-12 04:06 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-12 04:06 . 2011-09-12 04:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-12 04:06 . 2011-09-12 04:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-12 04:06 . 2011-09-12 04:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-12 04:06 . 2011-09-12 04:06 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-12 04:06 . 2011-09-12 04:06 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-12 04:06 . 2011-09-12 04:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-12 04:06 . 2011-09-12 04:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-12 04:06 . 2011-09-12 04:06 448512 ----a-w- c:\windows\system32\html.iec
2011-09-12 04:06 . 2011-09-12 04:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-12 04:06 . 2011-09-12 04:06 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-12 04:06 . 2011-09-12 04:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-12 04:06 . 2011-09-12 04:06 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-12 04:06 . 2011-09-12 04:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-12 04:06 . 2011-09-12 04:06 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-12 04:06 . 2011-09-12 04:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-12 04:06 . 2011-09-12 04:06 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-12 04:06 . 2011-09-12 04:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-12 04:06 . 2011-09-12 04:06 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-12 04:06 . 2011-09-12 04:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-12 04:06 . 2011-09-12 04:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-12 04:06 . 2011-09-12 04:06 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-12 04:06 . 2011-09-12 04:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-12 04:06 . 2011-09-12 04:06 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-12 04:06 . 2011-09-12 04:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-12 04:06 . 2011-09-12 04:06 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-12 04:06 . 2011-09-12 04:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-12 04:06 . 2011-09-12 04:06 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-12 04:06 . 2011-09-12 04:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-12 04:06 . 2011-09-12 04:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-12 04:06 . 2011-09-12 04:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-12 00:44 . 2011-09-12 00:44 73728 ----a-r- c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
2011-09-12 00:44 . 2011-09-12 00:44 73728 ----a-r- c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
2011-09-10 05:28 . 2011-09-09 23:24 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-10 05:27 . 2011-09-10 05:17 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-09-10 05:27 . 2011-09-09 23:24 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-09-10 05:17 . 2011-09-10 05:17 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-09-10 02:30 . 2011-09-10 02:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-09 23:24 . 2011-09-09 23:24 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-09-06 20:45 . 2011-09-10 01:13 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-09-10 01:13 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-09-10 01:13 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-09-10 01:13 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2011-09-10 01:13 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-09-10 01:13 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-09-10 01:13 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-09-10 01:13 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-09-10 01:13 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-03 11:50 . 2011-09-02 20:41 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-09-02 20:41 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-08-03 11:50 . 2011-09-02 20:41 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2011-09-02 20:41 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-09-02 20:41 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-09-02 20:41 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-09-02 20:41 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 11:50 . 2011-09-02 20:41 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-09-02 20:41 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-09-02 20:41 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-09-02 20:41 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-09-02 20:41 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-09-02 20:41 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2011-09-02 20:41 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-09-02 20:41 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-09-02 20:41 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2011-09-02 20:41 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-09-02 20:41 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-09-02 20:41 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-02 20:41 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-02 20:41 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-09-02 20:41 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-09-02 20:41 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-09-02 20:41 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-09-02 20:41 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-09-02 20:41 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-09-02 20:41 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 10:31 . 2011-08-03 10:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-03_03.16.32 )))))))))))))))))))))))))))))))))))))))))

Edit: Lengthy SnapShot entries deleted by Bobbye
.

jamezuva · Oct 19, 2011

Combofix log continued:

Edit: Lengthy SnapShot entries deleted be Bobbye

jamezuva · Oct 19, 2011

Combofix log continued:

Edit Lengthy SnapShot entries deleted by Bobbye

jamezuva · Oct 19, 2011

Combofix log continued:

Edit: Lengthy SnapShot entries deleted by Bobbye

jamezuva · Oct 19, 2011

Combofix log continued:

Edit: Lengthy SnapShot entries deleted by Bobbye

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="f:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="f:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"avast"="f:\program files\Avast\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-09-15 273528]
"RemoteControl11"="f:\program files (x86)\PowerDVD11\PowerDVD11\PDVD11Serv.exe" [2011-08-24 230696]
"PowerPanel Personal Edition User Interaction"="f:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-08-03 349632]
"WinampAgent"="f:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SASDIFSV;SASDIFSV;c:\users\Jamez\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Jamez\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 pbfilter;pbfilter;f:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\Drivers\NEOFLTR_650_14951.SYS [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/19 13:13];f:\program files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl [2011-08-26 17:53 148976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;f:\program files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;f:\program files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-08-26 75048]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;f:\program files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-08-26 292136]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 ntk_PowerDVD;ntk_PowerDVD;f:\program files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
S2 SBSDWSCService;SBSD Security Center Service;f:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1062377385-2925155813-24115089-1001Core.job
- c:\users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 21:10]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1062377385-2925155813-24115089-1001UA.job
- c:\users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 21:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- f:\program files\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: huntingtonhospita.com\my
Trusted Zone: huntingtonhospital.com\connect
TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
DPF: {8D84D58D-8557-4CAB-8E6F-556339F5D9CE} - hxxp://10.217.1.31/hrs/download/Setup.cab
FF - ProfilePath - c:\users\Jamez\AppData\Roaming\Mozilla\Firefox\Profiles\wy36biyv.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20110924&q=
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\f:\program files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1062377385-2925155813-24115089-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:64,23,39,7f,ab,f0,79,0e,0b,00,c0,7a,f5,9f,c7,9f,1e,b6,73,93,b0,72,da,
44,28,fa,86,59,08,dd,31,e1,20,98,07,27,7a,a2,77,8c,89,36,27,f9,da,b1,94,26,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Avast\AvastSvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
f:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
.
**************************************************************************
.
Completion time: 2011-10-19 00:52:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-19 07:52
ComboFix2.txt 2011-10-03 03:31
ComboFix3.txt 2011-10-03 03:17
.
Pre-Run: 38,120,296,448 bytes free
Post-Run: 37,756,985,344 bytes free
.
- - End Of File - - 6D33289AF01066B1A513E807A984B61C

Bobbye · Oct 23, 2011

Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

Code:

File::
c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
Folder::
f:\users\Jamez\AppData\Local\temp
c:\users\UpdatusUser\AppData\Local\temp
c:\windows\SysWow64\%APPDATA%
c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
c:\users\Jamez\AppData\Roaming\Azureus
c:\programdata\boost_interprocess   
c:\users\Jamez\AppData\Local\28050
DDS::
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8D84D58D-8557-4CAB-8E6F-556339F5D9CE} - hxxp://10.217.1.31/hrs/download/Setup.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

Extra::
File::
Firefox::
Firefox-: - Profile - c:\users\Jamez\AppData\Roaming\Mozilla\Firefox\Profiles\wy36biyv.default\
Firefox-: prefs.js - Startup.HomepageURL

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
==================================
Recommend uninstall Registry Mechanic. We don't recommend that anyone use a registry cleaner.

Canon ,Cyberlink, PowerDVD entries don't need to start on boot. Virtually every program downloaded on a new computer will be put on the Startup Menu, when in fact, most don't need to start on boot, then run in the background.

Computer manufacturers pre-load a lot of processes also. At some point, you should take some time to see what's running on the system.

jamezuva · Oct 23, 2011

ComboFix 11-10-23.02 - Jamez 10/23/2011 14:06:34.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8168.6436 [GMT -7:00]
Running from: f:\users\Jamez\Desktop\ComboFix.exe
Command switches used :: f:\users\Jamez\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe"
"c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.bitness.log
c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.data.log
c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.elements.log
c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.weight.log
c:\programdata\boost_interprocess
c:\users\Jamez\AppData\Local\28050
c:\users\Jamez\AppData\Local\28050\eidos\1c8a40b\cache\persistent\BA8C6DA4D591E3B712775DC910D39928FFAFE49D
c:\users\Jamez\AppData\Roaming\Azureus
c:\users\Jamez\AppData\Roaming\Azureus\.certs
c:\users\Jamez\AppData\Roaming\Azureus\.keystore
c:\users\Jamez\AppData\Roaming\Azureus\.lock
c:\users\Jamez\AppData\Roaming\Azureus\active\13F554564B4BBDDE70C11E2E87B803ECB3EB0858.dat
c:\users\Jamez\AppData\Roaming\Azureus\active\5A514766FD9595BBBB4E1E13B1C22880701285CC.dat
c:\users\Jamez\AppData\Roaming\Azureus\active\8F8D94E8128007364C19D826671E348BC2215FFF.dat
c:\users\Jamez\AppData\Roaming\Azureus\active\954165A92670B811A91FFA559E2FCF37492D0B83.dat
c:\users\Jamez\AppData\Roaming\Azureus\active\AD6D746CA63CA86457C8233CB5BB5F117522BB3B.dat
c:\users\Jamez\AppData\Roaming\Azureus\active\cache.dat
c:\users\Jamez\AppData\Roaming\Azureus\azureus.config
c:\users\Jamez\AppData\Roaming\Azureus\azureus.statistics
c:\users\Jamez\AppData\Roaming\Azureus\banips.config
c:\users\Jamez\AppData\Roaming\Azureus\devices.config
c:\users\Jamez\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\Jamez\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\Jamez\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\Jamez\AppData\Roaming\Azureus\dht\general.dat
c:\users\Jamez\AppData\Roaming\Azureus\dht\version.dat
c:\users\Jamez\AppData\Roaming\Azureus\downloads.config
c:\users\Jamez\AppData\Roaming\Azureus\filters.config
c:\users\Jamez\AppData\Roaming\Azureus\ipfilter.cache
c:\users\Jamez\AppData\Roaming\Azureus\java.vmoptions
c:\users\Jamez\AppData\Roaming\Azureus\java.vmoptions.lastgood
c:\users\Jamez\AppData\Roaming\Azureus\metasearch.config
c:\users\Jamez\AppData\Roaming\Azureus\net\pm_20115.dat
c:\users\Jamez\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\Jamez\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.jar
c:\users\Jamez\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.zip
c:\users\Jamez\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
c:\users\Jamez\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.2
c:\users\Jamez\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\azutp_0.2.8.jar
c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\azutp_0.2.8.zip
c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\plugin.properties
c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\plugin_install.properties
c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\win32\LICENSE
c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\win32\msvcr100.dll
c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\x64\LICENSE
c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\x64\msvcr100.dll
c:\users\Jamez\AppData\Roaming\Azureus\plugins\azutp\x64\utp.dll
c:\users\Jamez\AppData\Roaming\Azureus\plugins\mlab\mlab_0.1.9.jar
c:\users\Jamez\AppData\Roaming\Azureus\plugins\mlab\mlab_0.1.9.zip
c:\users\Jamez\AppData\Roaming\Azureus\plugins\mlab\plugin.properties
c:\users\Jamez\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
c:\users\Jamez\AppData\Roaming\Azureus\sidebarauto.config
c:\users\Jamez\AppData\Roaming\Azureus\subs\1192D5E76B567EEFE446.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subs\242EBEAF73FE475210A1.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subs\277ACC855F44411975B6.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subs\38B243FB0DC547409457.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subs\4E9EEF508CE39C1B9934.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subs\A26B3D8950040D948426.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subs\A29987CF9CA4C6EAEA4D.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subs\A2D5820A1D7E63FCD884.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subs\A807F0B3DD867437152D.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subs\B4440B692D8213F269FD.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subs\EF0D07F8DD38E8F626A2.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subs\EF82A8EFB1D60FB4232E.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subs\F83343E42DB8A2CBDCA0.vuze
c:\users\Jamez\AppData\Roaming\Azureus\subscriptions.config
c:\users\Jamez\AppData\Roaming\Azureus\tables.config
c:\users\Jamez\AppData\Roaming\Azureus\torrents\AZU3155048748588787643.tmp
c:\users\Jamez\AppData\Roaming\Azureus\torrents\AZU6149147785032475773.tmp
c:\users\Jamez\AppData\Roaming\Azureus\torrents\AZU8296024192648844091.tmp
c:\users\Jamez\AppData\Roaming\Azureus\torrents\Vanessa_Carlton-_Rabbits_On_The_Run-_[2011]-_Mp3ViLLe.torrent
c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
c:\users\Jamez\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
c:\users\UpdatusUser\AppData\Local\temp
c:\windows\SysWow64\%APPDATA%
c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
f:\users\Jamez\AppData\Local\temp
M:\AUTORUN.INF . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-23 21:08 . 2011-10-23 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-22 18:34 . 2011-10-22 18:34 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-10-21 18:16 . 2011-10-21 18:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-21 18:16 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{004CC92A-C05A-4D5E-8E7C-950A649A0D49}\mpengine.dll
2011-10-13 02:49 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 02:49 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 02:49 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 02:49 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 02:49 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 02:49 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 02:49 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 02:49 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 02:49 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-10 04:11 . 2011-10-10 04:11 -------- d-----w- c:\programdata\Panda Security
2011-10-07 00:06 . 2011-10-07 00:06 -------- d-----w- c:\windows\SysWow64\xlive
2011-10-07 00:06 . 2011-10-07 00:06 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-10-03 03:36 . 2011-10-03 03:36 -------- d-----w- c:\program files (x86)\ESET
2011-10-02 03:54 . 2011-10-02 03:54 -------- d-----w- c:\users\Jamez\AppData\Roaming\SUPERAntiSpyware.com
2011-10-02 03:54 . 2011-10-02 03:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-01 06:59 . 2011-10-01 06:59 -------- d-----w- c:\users\Jamez\AppData\Roaming\Malwarebytes
2011-10-01 06:59 . 2011-10-01 06:59 -------- d-----w- c:\programdata\Malwarebytes
2011-10-01 06:59 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-01 06:11 . 2011-10-01 06:11 -------- d-----w- c:\users\Jamez\AppData\Roaming\Registry Mechanic
2011-10-01 06:08 . 2011-10-01 06:08 -------- d-----w- c:\program files\CCleaner
2011-10-01 06:03 . 2011-10-01 06:03 -------- d-----w- f:\users\Jamez\AppData\Local\PackageAware
2011-10-01 05:58 . 2011-03-15 17:10 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-10-01 05:58 . 2011-02-05 02:32 108056 ----a-w- c:\windows\SysWow64\drivers\PCTDMDefrag.sys
2011-10-01 05:43 . 2011-10-07 06:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-01 04:48 . 2011-10-11 05:43 -------- d-----w- c:\programdata\Citrix
2011-10-01 04:48 . 2011-10-01 04:48 -------- d-----w- c:\users\Jamez\AppData\Roaming\Download Manager
2011-09-24 06:52 . 2011-09-24 06:52 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-09-24 06:52 . 2011-10-03 14:56 -------- d-----w- c:\users\Jamez\AppData\Roaming\Winamp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 18:34 . 2011-09-09 23:24 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-22 18:34 . 2011-09-09 23:24 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-22 18:34 . 2011-09-09 23:24 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-03 12:06 . 2011-09-10 02:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 05:31 . 2011-09-09 21:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-17 01:55 . 2011-09-17 01:55 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-09-15 02:30 . 2011-09-15 02:30 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-09-15 02:30 . 2011-09-15 02:30 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-09-12 04:06 . 2011-09-12 04:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-12 04:06 . 2011-09-12 04:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-12 04:06 . 2011-09-12 04:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-12 04:06 . 2011-09-12 04:06 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-12 04:06 . 2011-09-12 04:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-12 04:06 . 2011-09-12 04:06 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-12 04:06 . 2011-09-12 04:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-12 04:06 . 2011-09-12 04:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-12 04:06 . 2011-09-12 04:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-12 04:06 . 2011-09-12 04:06 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-12 04:06 . 2011-09-12 04:06 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-12 04:06 . 2011-09-12 04:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-12 04:06 . 2011-09-12 04:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-12 04:06 . 2011-09-12 04:06 448512 ----a-w- c:\windows\system32\html.iec
2011-09-12 04:06 . 2011-09-12 04:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-12 04:06 . 2011-09-12 04:06 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-12 04:06 . 2011-09-12 04:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-12 04:06 . 2011-09-12 04:06 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-12 04:06 . 2011-09-12 04:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-12 04:06 . 2011-09-12 04:06 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-12 04:06 . 2011-09-12 04:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-12 04:06 . 2011-09-12 04:06 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-12 04:06 . 2011-09-12 04:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-12 04:06 . 2011-09-12 04:06 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-12 04:06 . 2011-09-12 04:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-12 04:06 . 2011-09-12 04:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-12 04:06 . 2011-09-12 04:06 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-12 04:06 . 2011-09-12 04:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-12 04:06 . 2011-09-12 04:06 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-12 04:06 . 2011-09-12 04:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-12 04:06 . 2011-09-12 04:06 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-12 04:06 . 2011-09-12 04:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-12 04:06 . 2011-09-12 04:06 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-12 04:06 . 2011-09-12 04:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-12 04:06 . 2011-09-12 04:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-12 04:06 . 2011-09-12 04:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-10 05:27 . 2011-09-10 05:17 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-09-10 05:17 . 2011-09-10 05:17 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-09-09 23:24 . 2011-09-09 23:24 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-09-06 20:45 . 2011-09-10 01:13 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-09-10 01:13 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-09-10 01:13 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-09-10 01:13 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2011-09-10 01:13 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-09-10 01:13 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-09-10 01:13 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-09-10 01:13 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-09-10 01:13 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-03 11:50 . 2011-09-02 20:41 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-09-02 20:41 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-08-03 11:50 . 2011-09-02 20:41 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2011-09-02 20:41 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-09-02 20:41 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-09-02 20:41 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-09-02 20:41 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 11:50 . 2011-09-02 20:41 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-09-02 20:41 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-09-02 20:41 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-09-02 20:41 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-09-02 20:41 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-09-02 20:41 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2011-09-02 20:41 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-09-02 20:41 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-09-02 20:41 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2011-09-02 20:41 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-09-02 20:41 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-09-02 20:41 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-02 20:41 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-09-02 20:41 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-09-02 20:41 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-09-02 20:41 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-09-02 20:41 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-09-02 20:41 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-09-02 20:41 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-09-02 20:41 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 10:31 . 2011-08-03 10:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-19_07.51.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-10-01 06:00 . 2011-10-19 07:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-01 06:00 . 2011-10-21 18:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2011-10-19 07:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-23 20:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-19 07:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-23 20:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-23 20:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-19 07:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-26 19:01 . 2011-10-19 07:56 33870 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-19 07:56 37306 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-22 18:33 . 2011-10-22 18:33 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-09-09 22:51 . 2011-10-19 07:56 4336 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062377385-2925155813-24115089-1001_UserData.bin
- 2011-10-19 07:51 . 2011-10-19 07:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-23 21:09 . 2011-10-23 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-21 18:16 . 2011-10-03 12:06 157472 c:\windows\SysWOW64\javaws.exe
- 2011-09-10 02:31 . 2011-09-10 02:30 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-10-21 18:16 . 2011-10-03 12:06 145184 c:\windows\SysWOW64\javaw.exe
- 2011-09-10 02:31 . 2011-09-10 02:30 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-10-21 18:16 . 2011-10-03 12:06 145184 c:\windows\SysWOW64\java.exe
- 2011-09-10 02:31 . 2011-09-10 02:30 145184 c:\windows\SysWOW64\java.exe
+ 2011-09-21 16:34 . 2011-10-23 16:56 277342 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-10-19 07:46 632930 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-19 07:59 632930 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-19 07:46 110564 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-10-19 07:59 110564 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-10-19 07:50 247864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-23 21:09 247864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-21 18:16 . 2011-10-21 18:16 207360 c:\windows\Installer\c8644f2.msi
- 2011-09-20 20:14 . 2011-09-20 20:14 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-10-22 18:33 . 2011-10-22 18:33 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-09-20 20:14 . 2011-09-20 20:14 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-09 21:57 . 2011-10-23 21:09 32722736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1062377385-2925155813-24115089-1001-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="f:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="f:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"avast"="f:\program files\Avast\avastUI.exe" [2011-09-06 3722416]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-09-15 273528]
"RemoteControl11"="f:\program files (x86)\PowerDVD11\PowerDVD11\PDVD11Serv.exe" [2011-08-24 230696]
"PowerPanel Personal Edition User Interaction"="f:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-08-03 349632]
"WinampAgent"="f:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SASDIFSV;SASDIFSV;c:\users\Jamez\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Jamez\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 pbfilter;pbfilter;f:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\Drivers\NEOFLTR_650_14951.SYS [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/19 13:13];f:\program files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl [2011-08-26 17:53 148976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;f:\program files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;f:\program files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-08-26 75048]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;f:\program files (x86)\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-08-26 292136]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 ntk_PowerDVD;ntk_PowerDVD;f:\program files (x86)\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
S2 SBSDWSCService;SBSD Security Center Service;f:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1062377385-2925155813-24115089-1001Core.job
- f:\users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 21:10]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1062377385-2925155813-24115089-1001UA.job
- f:\users\Jamez\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 21:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- f:\program files\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: huntingtonhospita.com\my
Trusted Zone: huntingtonhospital.com\connect
TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
FF - ProfilePath - c:\users\Jamez\AppData\Roaming\Mozilla\Firefox\Profiles\wy36biyv.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20110924&q=
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\f:\program files (x86)\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1062377385-2925155813-24115089-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:64,23,39,7f,ab,f0,79,0e,0b,00,c0,7a,f5,9f,c7,9f,1e,b6,73,93,b0,72,da,
44,28,fa,86,59,08,dd,31,e1,20,98,07,27,7a,a2,77,8c,89,36,27,f9,da,b1,94,26,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Avast\AvastSvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
f:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
.
**************************************************************************
.
Completion time: 2011-10-23 14:11:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-23 21:11
ComboFix2.txt 2011-10-19 07:52
ComboFix3.txt 2011-10-03 03:31
ComboFix4.txt 2011-10-03 03:17
.
Pre-Run: 38,663,680,000 bytes free
Post-Run: 38,681,960,448 bytes free
.
- - End Of File - - 41BBB5A7D6417A5D0B3C11480847CC81

jamezuva · Oct 23, 2011

Combofix log is pasted above.

I cannot access control panel (and thus add/remove programs under it) still so I don't know how I can uninstall the previous Java versions but I have the most up-to-date version installed.

I uninstalled the registry mechanic

I just deleted the powerdvd directory since I can't add/remove it yet. I tried to change the settings for Canon so it won't automatically run when windows starts.

Bobbye · Oct 23, 2011

This deletion in Combofix M:\AUTORUN.INF indicates possible flash drive infection. Be sure Drive M is connected.

Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
Install and run it.
Plug in USB drive and click on Vaccinate USB and Vaccinate computer.

I'm going to shut down for the night. Will check Combofix and the other problems in the morning.

jamezuva · Oct 23, 2011

Yes, I had actually vaccinated my computer, M:\, K:\, and I:\ based on a previous post of yours. I do think you're right though that I infected my computer due to one of my external harddrives.

Bobbye · Oct 25, 2011

Let me clarify a couple of things:

the icon to access my directories under explorer or access the control panel.

When you say "my directories" are you referring to the folders on the Local Drive> C?
And does "explorer" refer to Internet Explorer or Windows Explorer?

Using Windows Explorer (right click on Start> Explore)> Computer> OS(C)> should show the Directories.
Using Windows Explorer> Computer> UAC> User accounts> although you are the Administrator, there may be another account. If you are using that (for UAC safety) you may not be logging in to the Administrator's account.

Have a look at this information: http://www.tech-101.com/support/index.php/topic/47-security-101-2a-lua-vs-admin-accounts/
=================================

jamezuva · Oct 25, 2011

Yes, when I refer to "explorer" I'm talking about the folders for all my drives including C:\ via Windows Explorer. I can access Internet Explorer fine.

When I try to open Windows Explorer or "Computer" in the Start menu or Control Panel or User Accounts, it'll give me the "Windows cannot access specified device, path, or file. You may not have appropriate permissions to access the item." The Windows Installer was also affected and I can no longer run that either. The only way I have been able to access any of my files/folders is to either run command prompt or to use the "browse" function under the "Run" program.

I only have the one user account on this computer and it has administrator privileges (atleast it did in the past). I'm assuming whatever malware I have basically corrupted this account and locked me out of my administrator privileges.

I've looked at the link you posted and will try to run my system without admin privileges from here on out once this current problem is resolved.

Bobbye · Oct 28, 2011

Let's give this a try:

Add "Take Ownership" to Explorer Right-Click Menu in Win 7 or Vista

DownloadTakeOwnership.zip and save to your desktop.

Unzip (extract) the files contained in the zipfile.
Double-click the InstallTakeOwnership.reg file and click through the prompts. No reboot necessary.

Here’s what the new right-click menu will look like after installing this registry hack.

(Images courtesy howtogeek)

This should allow you to do the right click on those parts of the system that are denying you permissions and 'take ownership.'

Let me know

jamezuva · Oct 29, 2011

Tried running it on all the important directories on C:\ including the Windows, Users, Program Files directories and don't notice any change in my ability to access the problem areas.

Do you think the process described in this link might help?
http://windows.microsoft.com/en-US/windows7/Fix-a-corrupted-user-profile

Maybe it would be easier just to format C:\ and reinstall Windows? I have never formatted the my main drive and reinstalled an OS before though.

Inactive Windows 7, can't access directories (aka explorer), control panel

Posts: 19 +0

Posts: 16,313 +36

Posts: 19 +0

Posts: 19 +0

Posts: 16,313 +36

Posts: 19 +0

Posts: 16,313 +36

Posts: 19 +0

Posts: 16,313 +36

Posts: 19 +0

Posts: 19 +0

Posts: 19 +0

Posts: 19 +0

Posts: 19 +0

Posts: 19 +0

Posts: 19 +0

Posts: 16,313 +36

Posts: 19 +0

Posts: 19 +0

Posts: 16,313 +36

Posts: 19 +0

Posts: 16,313 +36

Posts: 19 +0

Posts: 16,313 +36

Posts: 19 +0

Similar threads