Jump to content

GrecianDelight

Honorary Members
 View Profile  See their activity

  • Posts

    39

  • Joined

  • Last visited

 Content Type 

Everything posted by GrecianDelight

  1. GrecianDelight
    MBAM Log Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8009 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10/29/2011 12:22:51 PM mbam-log-2011-10-29 (12-22-51).txt Scan type: Quick scan Objects scanned: 176925 Time elapsed: 8 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix Log ComboFix 11-10-29.03 - George A 10/29/2011 11:54:55.1.2 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.1378 [GMT -5:00] Running from: c:\users\George A\Desktop\Shutup Kevin\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\George A\AppData\Local\1d0c4dbc\U c:\users\George A\AppData\Local\1d0c4dbc\U\80000000.@ c:\users\George A\AppData\Local\1d0c4dbc\U\800000cb.@ c:\users\George A\AppData\Roaming\mIRC\logs\status.log c:\users\George A\g2mdlhlpx.exe c:\windows\assembly\tmp\U c:\windows\assembly\tmp\U\000000c0.@ c:\windows\assembly\tmp\U\000000cb.@ c:\windows\assembly\tmp\U\000000cf.@ c:\windows\assembly\tmp\U\80000000.@ c:\windows\assembly\tmp\U\800000c0.@ c:\windows\assembly\tmp\U\800000cb.@ c:\windows\assembly\tmp\U\800000cf.@ c:\windows\system32\consrv.dll c:\windows\System64 . . ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-29 ))))))))))))))))))))))))))))))) . . 2011-10-29 17:04 . 2011-10-29 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-25 23:00 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-10-25 23:00 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll 2011-10-23 19:36 . 2011-10-23 19:36 -------- d-----w- c:\program files (x86)\LP 2011-10-23 06:04 . 2011-10-24 06:36 -------- d-----w- c:\users\George A\AppData\Roaming\1493C 2011-10-23 06:03 . 2011-10-23 06:03 106496 ----a-w- c:\users\George A\AppData\Roaming\Microsoft\A744\990D.tmp 2011-10-23 06:03 . 2011-10-24 06:36 -------- d-----w- c:\users\George A\AppData\Roaming\47614 2011-10-21 16:08 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFC983A8-71E2-4138-93CE-6174CA0B1382}\mpengine.dll 2011-10-15 16:02 . 2011-10-15 16:02 -------- d-sh--w- c:\windows\system32\%APPDATA% 2011-10-15 13:54 . 2011-10-15 13:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-10-15 13:54 . 2011-10-15 13:54 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-10-15 13:54 . 2011-10-15 13:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-10-15 13:54 . 2011-10-15 13:54 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-10-12 08:31 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-10 08:02 . 2011-10-29 17:03 -------- d-sh--w- c:\users\George A\AppData\Local\1d0c4dbc 2011-10-04 00:49 . 2011-10-04 00:49 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins 2011-10-03 16:34 . 2011-10-03 16:36 -------- d-----w- c:\program files (x86)\Origin Games 2011-10-03 16:34 . 2011-10-03 16:34 -------- d-----w- c:\program files (x86)\Origin 2011-10-03 03:54 . 2011-10-03 03:54 -------- d-----w- c:\users\George A\AppData\Local\Conduit 2011-10-03 02:35 . 2011-10-03 02:35 -------- d-----w- c:\windows\system32\Macromed . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-04 02:09 . 2011-07-04 06:50 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-10-04 02:09 . 2011-07-04 06:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-10-04 02:00 . 2011-07-04 06:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-10-03 17:47 . 2011-07-04 06:49 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2011-10-03 02:36 . 2011-05-15 05:13 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-31 22:00 . 2011-02-23 07:59 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-03 11:50 . 2011-02-23 08:09 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-08-03 11:50 . 2011-02-23 08:09 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-08-03 11:50 . 2011-02-23 08:09 2758760 ----a-w- c:\windows\system32\nvapi64.dll 2011-08-03 11:50 . 2011-02-23 08:09 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-08-03 11:50 . 2011-02-23 08:09 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-08-03 11:50 . 2011-01-08 02:50 836200 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll 2011-08-03 11:50 . 2011-01-08 02:50 6136936 ----a-w- c:\windows\system32\nvcpl.dll 2011-08-03 11:50 . 2011-01-08 02:49 3021416 ----a-w- c:\windows\system32\nvsvc64.dll 2011-08-03 11:50 . 2011-01-08 02:49 117864 ----a-w- c:\windows\system32\nvmctray.dll 2011-08-03 11:50 . 2011-01-08 02:49 980072 ----a-w- c:\windows\system32\nvvsvc.exe 2011-08-03 11:50 . 2011-01-08 02:49 61544 ----a-w- c:\windows\system32\nvshext.dll 2011-08-03 11:50 . 2011-01-08 02:49 335976 ----a-w- c:\windows\system32\nvhotkey.dll 2011-08-03 11:50 . 2011-01-08 02:49 2560616 ----a-w- c:\windows\system32\nvsvcr.dll 2011-08-03 08:31 . 2011-08-03 08:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112] "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11b_ActiveX.exe" [2011-10-03 247968] . c:\users\George A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-8-21 480880] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-04-23 19952] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x] . . Contents of the 'Scheduled Tasks' folder . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976] "combofix"="c:\combofix\CF23590.3XE" [2009-07-14 344576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = http=127.0.0.1:61899 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\George A\AppData\Roaming\Mozilla\Firefox\Profiles\sm8kaxne.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc, BRI/1 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) AddRemove-PARANOIA for Half-Life_is1 - c:\program files (x86)\Steam\steamapps\greciandelight\half-life\Paranoia\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11b_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11b_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Completion time: 2011-10-29 12:13:31 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-29 17:13 . Pre-Run: 242,086,281,216 bytes free Post-Run: 244,910,112,768 bytes free . - - End Of File - - B256DBF048E2B697141257371937DC1E DDS.txt Log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Run by George A at 12:50:04 on 2011-10-29 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.875 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\AIM\aim.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wuauclt.exe C:\Windows\winsxs\amd64_microsoft-windows-s..inboxgames-freecell_31bf3856ad364e35_6.1.7600.16385_none_b466b741b68bd29a\FreeCell.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SndVol.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:61899 uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11b_ActiveX.exe -update activex StartupFolder: C:\Users\GEORGE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\Users\GEORGE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe mPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{48265619-1DED-40C8-8CEF-77B31BFCDB9B} : DhcpNameServer = 8.8.8.8 TCP: Interfaces\{D2B7C7D7-A232-4598-85BE-36AC6C991192} : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{D2B7C7D7-A232-4598-85BE-36AC6C991192}\2375942554838323 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{D2B7C7D7-A232-4598-85BE-36AC6C991192}\24C657560556E6765796E6 : DhcpNameServer = 68.87.72.134 68.87.77.134 TCP: Interfaces\{D8893E49-5BA9-4FD5-997A-DED3CF7BD47F} : DhcpNameServer = 10.0.0.25 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll BHO-X64: uTorrentBar - No File BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\George A\AppData\Roaming\Mozilla\Firefox\Profiles\sm8kaxne.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc, BRI/1 . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x64.sys --> C:\Windows\system32\DRIVERS\l160x64.sys [?] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-10-29 17:12:33 -------- d-----w- C:\Users\George A\AppData\Local\Microsoft Games 2011-10-29 17:07:37 -------- d-----w- C:\Users\George A\AppData\Local\{F44CEC91-9EBF-42A1-88F6-6FB601B50876} 2011-10-29 17:07:23 -------- d-----w- C:\Users\George A\AppData\Local\{51A5C5BC-B7C8-4996-AFE8-34A4DEFC590B} 2011-10-29 16:50:01 98816 ----a-w- C:\Windows\sed.exe 2011-10-29 16:50:01 518144 ----a-w- C:\Windows\SWREG.exe 2011-10-29 16:50:01 256000 ----a-w- C:\Windows\PEV.exe 2011-10-29 16:50:01 208896 ----a-w- C:\Windows\MBR.exe 2011-10-29 16:49:33 -------- d-----w- C:\ComboFix 2011-10-25 23:00:27 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2011-10-25 23:00:27 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll 2011-10-24 07:32:53 -------- d-----w- C:\Users\George A\AppData\Local\{8B1C5737-C72D-4C30-BE14-EF5050E1185A} 2011-10-24 07:32:41 -------- d-----w- C:\Users\George A\AppData\Local\{F3B92279-6C8D-4660-B55D-F74C4251A75E} 2011-10-24 05:14:46 -------- d-----w- C:\Users\George A\AppData\Local\{2E08C5CD-1B42-43A4-93EB-9FE651B27740} 2011-10-24 05:14:39 -------- d-----w- C:\Users\George A\AppData\Local\{E4D86F22-E19E-4FAD-8AC6-1D105E526458} 2011-10-23 23:36:35 -------- d-----w- C:\Users\George A\AppData\Local\{F815877A-4EEE-4049-B721-6C9714B85A27} 2011-10-23 23:36:25 -------- d-----w- C:\Users\George A\AppData\Local\{9EA693EC-9BDF-4FEA-B170-B809BED7AC6F} 2011-10-23 19:36:30 -------- d-----w- C:\Program Files (x86)\LP 2011-10-23 06:04:20 -------- d-----w- C:\Users\George A\AppData\Roaming\1493C 2011-10-23 06:03:57 106496 ----a-w- C:\Users\George A\AppData\Roaming\Microsoft\A744\990D.tmp 2011-10-23 06:03:51 -------- d-----w- C:\Users\George A\AppData\Roaming\47614 2011-10-21 16:08:10 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EFC983A8-71E2-4138-93CE-6174CA0B1382}\mpengine.dll 2011-10-18 17:38:00 -------- d-----w- C:\Users\George A\AppData\Local\{3FBE3D16-B30C-45C5-B1B0-E89868C21868} 2011-10-18 17:37:48 -------- d-----w- C:\Users\George A\AppData\Local\{932E8F00-4D95-4037-9240-1E1E96C38AF2} 2011-10-18 16:28:36 -------- d-----w- C:\Users\George A\AppData\Local\{4E9D097A-8FB3-4C72-BFE2-5B858DFA156C} 2011-10-18 16:28:23 -------- d-----w- C:\Users\George A\AppData\Local\{9C40B230-31B4-437D-B663-9164A6063F87} 2011-10-17 11:58:18 -------- d-----w- C:\Users\George A\AppData\Local\{42FB3469-44F2-4BF3-A436-E784A8193AEA} 2011-10-17 11:58:02 -------- d-----w- C:\Users\George A\AppData\Local\{5AF91866-4904-4113-AE7B-3039BA1423B6} 2011-10-15 16:02:40 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2011-10-15 13:54:35 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-10-15 13:54:21 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-10-15 13:54:10 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-10-15 13:54:07 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-10-15 13:37:39 -------- d-----w- C:\Users\George A\AppData\Local\{86A61A4F-517D-4930-A88A-B8A1459910B5} 2011-10-15 13:37:24 -------- d-----w- C:\Users\George A\AppData\Local\{0A8F6FF7-C30A-4A10-9C90-8995B3E0B941} 2011-10-12 08:31:31 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-10-10 08:02:27 -------- d-sh--w- C:\Users\George A\AppData\Local\1d0c4dbc 2011-10-04 00:49:24 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins 2011-10-04 00:46:19 -------- d-----w- C:\ProgramData\EA Core 2011-10-03 17:47:43 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller 2011-10-03 17:47:05 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll 2011-10-03 17:47:05 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll 2011-10-03 17:47:05 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll 2011-10-03 17:47:05 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll 2011-10-03 17:47:05 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll 2011-10-03 17:47:05 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll 2011-10-03 16:34:49 -------- d-----w- C:\Users\George A\AppData\Roaming\Origin 2011-10-03 16:34:48 -------- d-----w- C:\Users\George A\AppData\Local\Origin 2011-10-03 16:34:36 -------- d-----w- C:\ProgramData\Origin 2011-10-03 16:34:36 -------- d-----w- C:\ProgramData\Electronic Arts 2011-10-03 16:34:36 -------- d-----w- C:\Program Files (x86)\Origin Games 2011-10-03 16:34:10 -------- d-----w- C:\Program Files (x86)\Origin 2011-10-03 03:54:29 -------- d-----w- C:\Users\George A\AppData\Local\Conduit 2011-10-03 01:50:36 -------- d-----w- C:\Users\George A\AppData\Local\{2172858C-C1D0-4028-A34D-B558E3E1B1F4} 2011-10-03 01:50:24 -------- d-----w- C:\Users\George A\AppData\Local\{81F2824C-8A5B-4842-A5DE-98A1F621FF6F} 2011-10-01 08:46:43 -------- d-----w- C:\Users\George A\AppData\Local\{D5DF46E6-0F9B-4DFA-B31C-D7DD6AB3FE0F} 2011-10-01 08:46:31 -------- d-----w- C:\Users\George A\AppData\Local\{A6513B01-EB62-4E88-9F2B-65D2286DB867} 2011-10-01 08:06:52 -------- d-----w- C:\Users\George A\AppData\Local\{A77808A1-0BE1-40E1-9546-27E21E554E4D} 2011-10-01 08:06:39 -------- d-----w- C:\Users\George A\AppData\Local\{5B3CCDEE-9D5E-4013-A19F-249825CF33C2} . ==================== Find3M ==================== . 2011-10-04 02:09:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-10-04 02:09:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-10-04 02:00:34 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-10-03 17:47:11 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-10-03 02:36:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys 2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll 2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll 2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec 2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax 2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax 2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax 2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax 2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax 2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax 2011-08-03 08:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe . ============= FINISH: 12:50:42.65 =============== Attach.txt Log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/23/2011 1:30:58 AM System Uptime: 10/29/2011 12:05:25 PM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | M51Sn Processor: Intel® Core2 Duo CPU T8300 @ 2.40GHz | Socket 478 | 2401/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 227.932 GiB free. D: is CDROM () E: is CDROM () F: is Removable G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP151: 10/21/2011 11:07:44 AM - Windows Update RP153: 10/26/2011 3:00:27 AM - Windows Update RP154: 10/29/2011 11:50:34 AM - ComboFix created restore point . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent Adobe AIR Adobe Flash Player 10 Plugin Adobe Photoshop CS4 Adobe Reader X (10.1.1) AIM 7 Alien Swarm Audacity 1.3.13 (Unicode) Battlefield 3™ Open Beta Battlefield: Bad Company 2 Battlelog Web Plugins Bing Bar Bing Bar Platform Bing Rewards Client Installer BioShock BioShock 2 Counter-Strike: Source D3DX10 DAEMON Tools Lite Day of Defeat: Source Dead Space Dead Space 2 Dedicated Server Download Updater (AOL LLC) eReg ESN Sonar Garry's Mod GoToMeeting 4.8.0.723 Grand Theft Auto IV GtkRadiant 1.5.0 Half-Life Half-Life 2 Half-Life 2: Deathmatch Half-Life 2: Episode One Half-Life 2: Episode Two Half-Life 2: Lost Coast Half-Life Decay PC 1.0 Half-Life: Blue Shift Half-Life: Opposing Force HP Deskjet 3050 J610 series Help HP Photo Creations HP Update Java Auto Updater Java 6 Update 22 Left 4 Dead 2 Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft Default Manager Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MINERVA: Metastasis Mozilla Firefox 7.0.1 (x86 en-US) MSVCRT Need for Speed: Undercover Need For Speed™ World NNScript NVIDIA 3D Vision Controller Driver NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OpenOffice.org 3.3 Opera 11.52 Origin PARANOIA 1.2 PdaNet for Android 3.02 PFPortChecker 1.0.39 Portal Portal 2 Portal 2 Authoring Tools - Beta PunkBuster Services Red Faction Red Faction II Red Faction: Guerrilla Resident Evil 5 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553074) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2553073) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Skype Click to Call Skype™ 5.5 Source SDK Source SDK Base 2007 SpeedFan (remove only) Spybot - Search & Destroy Steam Team Fortress 2 Team Fortress Classic Thief: Deadly Shadows Tropico 3 - Steam Special Edition Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2596560) uTorrentBar Toolbar Ventrilo Client VLC media player 1.1.9 VTFEdit 1.2.5 Winamp Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin Wolfenstein - Enemy Territory Xvid Video Codec YouTube Downloader 3.3 . ==== Event Viewer Messages From Past Week ======== . 10/29/2011 12:10:57 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 10/29/2011 12:04:12 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/29/2011 12:03:34 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 10/24/2011 2:32:14 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 10/24/2011 2:31:38 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists. 10/24/2011 2:31:38 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists. 10/23/2011 11:30:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 10/23/2011 11:30:54 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
  2. GrecianDelight
    Hey guys. I've had a Google redirect virus for about a month now that I was too lazy to do anything about. It seems to have gotten worse as of about a week ago, and I've finally got some time to post here and try to fix it. So, first it was just annoyingly redirecting me, but now it appears to be downloading additional trojans en masse at least once a day. I run MalwareBytes every time I begin to notice them, and it removes the nastiest ones for a while, but it apparently isn't getting rid of the main virus that keeps downloading these subsequent trojans. So far, it cleared my taskbar and start menu, changed my desktop background and installed/ran one of those fake anti-virus programs. I quickly restarted into safe-mode and MalwareBytes got rid of all that. Then today, it turned a proxy on which stopped me from connecting to the internet until I shut that crap off. I ran MalwareBytes, too, and it found a bunch of new trojans that it has gotten rid of for the time being. It looks like it is now redirecting me to 'uncommonsearchsystem.com', 'get-answers-fast.com' and eventually takes me to 'star.feedsmixer.org'. I'm currently running a full system scan through MalwareBytes, and it has yet to find anything new in the half an hour I've had it running. Thanks for your help, George DDS.txt Log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Run by George A at 0:37:57 on 2011-10-24 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.950 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\AIM\aim.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe "C:\Windows\system32\svchost.exe" C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:61899 uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\GEORGE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\Users\GEORGE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{48265619-1DED-40C8-8CEF-77B31BFCDB9B} : DhcpNameServer = 8.8.8.8 TCP: Interfaces\{D2B7C7D7-A232-4598-85BE-36AC6C991192} : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{D2B7C7D7-A232-4598-85BE-36AC6C991192}\2375942554838323 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{D2B7C7D7-A232-4598-85BE-36AC6C991192}\24C657560556E6765796E6 : DhcpNameServer = 68.87.72.134 68.87.77.134 TCP: Interfaces\{D8893E49-5BA9-4FD5-997A-DED3CF7BD47F} : DhcpNameServer = 10.0.0.25 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll BHO-X64: uTorrentBar - No File BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll Hosts: 255.255.255.255 easyanticheat.se # misleading site Hosts: 255.255.255.255 www.easyanticheat.se # misleading site Hosts: 255.255.255.255 easyanticheat.com # misleading site Hosts: 255.255.255.255 www.easyanticheat.com # misleading site Hosts: 255.255.255.255 easyanticheat.org # misleading site . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\George A\AppData\Roaming\Mozilla\Firefox\Profiles\sm8kaxne.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc, BRI/1 . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x64.sys --> C:\Windows\system32\DRIVERS\l160x64.sys [?] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-10-24 05:14:53 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-10-24 05:14:46 -------- d-----w- C:\Users\George A\AppData\Local\{2E08C5CD-1B42-43A4-93EB-9FE651B27740} 2011-10-24 05:14:39 -------- d-----w- C:\Users\George A\AppData\Local\{E4D86F22-E19E-4FAD-8AC6-1D105E526458} 2011-10-23 23:36:35 -------- d-----w- C:\Users\George A\AppData\Local\{F815877A-4EEE-4049-B721-6C9714B85A27} 2011-10-23 23:36:25 -------- d-----w- C:\Users\George A\AppData\Local\{9EA693EC-9BDF-4FEA-B170-B809BED7AC6F} 2011-10-23 19:36:30 -------- d-----w- C:\Program Files (x86)\LP 2011-10-23 06:04:20 -------- d-----w- C:\Users\George A\AppData\Roaming\1493C 2011-10-23 06:03:57 106496 ----a-w- C:\Users\George A\AppData\Roaming\Microsoft\A744\990D.tmp 2011-10-23 06:03:51 -------- d-----w- C:\Users\George A\AppData\Roaming\47614 2011-10-21 16:08:10 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EFC983A8-71E2-4138-93CE-6174CA0B1382}\mpengine.dll 2011-10-18 17:38:00 -------- d-----w- C:\Users\George A\AppData\Local\{3FBE3D16-B30C-45C5-B1B0-E89868C21868} 2011-10-18 17:37:48 -------- d-----w- C:\Users\George A\AppData\Local\{932E8F00-4D95-4037-9240-1E1E96C38AF2} 2011-10-18 16:28:36 -------- d-----w- C:\Users\George A\AppData\Local\{4E9D097A-8FB3-4C72-BFE2-5B858DFA156C} 2011-10-18 16:28:23 -------- d-----w- C:\Users\George A\AppData\Local\{9C40B230-31B4-437D-B663-9164A6063F87} 2011-10-17 11:58:18 -------- d-----w- C:\Users\George A\AppData\Local\{42FB3469-44F2-4BF3-A436-E784A8193AEA} 2011-10-17 11:58:02 -------- d-----w- C:\Users\George A\AppData\Local\{5AF91866-4904-4113-AE7B-3039BA1423B6} 2011-10-15 16:02:40 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2011-10-15 13:54:35 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-10-15 13:54:21 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-10-15 13:54:10 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-10-15 13:54:07 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-10-15 13:37:39 -------- d-----w- C:\Users\George A\AppData\Local\{86A61A4F-517D-4930-A88A-B8A1459910B5} 2011-10-15 13:37:24 -------- d-----w- C:\Users\George A\AppData\Local\{0A8F6FF7-C30A-4A10-9C90-8995B3E0B941} 2011-10-12 08:31:31 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-10-10 08:02:27 -------- d-sh--w- C:\Users\George A\AppData\Local\1d0c4dbc 2011-10-04 00:49:24 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins 2011-10-04 00:46:19 -------- d-----w- C:\ProgramData\EA Core 2011-10-03 17:47:43 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller 2011-10-03 17:47:05 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll 2011-10-03 17:47:05 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll 2011-10-03 17:47:05 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll 2011-10-03 17:47:05 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll 2011-10-03 17:47:05 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll 2011-10-03 17:47:05 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll 2011-10-03 16:34:49 -------- d-----w- C:\Users\George A\AppData\Roaming\Origin 2011-10-03 16:34:48 -------- d-----w- C:\Users\George A\AppData\Local\Origin 2011-10-03 16:34:36 -------- d-----w- C:\ProgramData\Origin 2011-10-03 16:34:36 -------- d-----w- C:\ProgramData\Electronic Arts 2011-10-03 16:34:36 -------- d-----w- C:\Program Files (x86)\Origin Games 2011-10-03 16:34:10 -------- d-----w- C:\Program Files (x86)\Origin 2011-10-03 03:54:29 -------- d-----w- C:\Users\George A\AppData\Local\Conduit 2011-10-03 01:50:36 -------- d-----w- C:\Users\George A\AppData\Local\{2172858C-C1D0-4028-A34D-B558E3E1B1F4} 2011-10-03 01:50:24 -------- d-----w- C:\Users\George A\AppData\Local\{81F2824C-8A5B-4842-A5DE-98A1F621FF6F} 2011-10-01 08:46:43 -------- d-----w- C:\Users\George A\AppData\Local\{D5DF46E6-0F9B-4DFA-B31C-D7DD6AB3FE0F} 2011-10-01 08:46:31 -------- d-----w- C:\Users\George A\AppData\Local\{A6513B01-EB62-4E88-9F2B-65D2286DB867} 2011-10-01 08:06:52 -------- d-----w- C:\Users\George A\AppData\Local\{A77808A1-0BE1-40E1-9546-27E21E554E4D} 2011-10-01 08:06:39 -------- d-----w- C:\Users\George A\AppData\Local\{5B3CCDEE-9D5E-4013-A19F-249825CF33C2} 2011-09-29 06:26:52 -------- d-----w- C:\Users\George A\AppData\Local\Google 2011-09-26 07:26:57 -------- d-----w- C:\Windows\System32\appmgmt . ==================== Find3M ==================== . 2011-10-06 00:35:43 72080 ----a-w- C:\Users\George A\g2mdlhlpx.exe 2011-10-04 02:09:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-10-04 02:09:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-10-04 02:00:34 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-10-03 17:47:11 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-10-03 02:36:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys 2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll 2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll 2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec 2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax 2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax 2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax 2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax 2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax 2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax 2011-08-03 08:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe . ============= FINISH: 0:42:10.41 =============== Attach.txt Log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/23/2011 1:30:58 AM System Uptime: 10/24/2011 12:13:36 AM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | M51Sn Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz | Socket 478 | 2401/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 226.911 GiB free. D: is CDROM () E: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Windows Firewall Authorization Driver Device ID: ROOT\LEGACY_MPSDRV\0000 Manufacturer: Name: Windows Firewall Authorization Driver PNP Device ID: ROOT\LEGACY_MPSDRV\0000 Service: mpsdrv . ==== System Restore Points =================== . RP147: 10/14/2011 6:37:01 PM - Windows Update RP149: 10/18/2011 4:04:27 AM - Windows Update RP151: 10/21/2011 11:07:44 AM - Windows Update . ==== Hosts File Hijack ====================== . Hosts: 255.255.255.255 easyanticheat.se # misleading site Hosts: 255.255.255.255 www.easyanticheat.se # misleading site Hosts: 255.255.255.255 easyanticheat.com # misleading site Hosts: 255.255.255.255 www.easyanticheat.com # misleading site Hosts: 255.255.255.255 easyanticheat.org # misleading site Hosts: 255.255.255.255 www.easyanticheat.org # misleading site . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent Adobe AIR Adobe Flash Player 10 Plugin Adobe Photoshop CS4 Adobe Reader X (10.1.1) AIM 7 Alien Swarm Audacity 1.3.13 (Unicode) Battlefield 3™ Open Beta Battlefield: Bad Company 2 Battlelog Web Plugins Bing Bar Bing Bar Platform Bing Rewards Client Installer BioShock BioShock 2 Counter-Strike: Source D3DX10 DAEMON Tools Lite Day of Defeat: Source Dead Space Dead Space 2 Dedicated Server Download Updater (AOL LLC) eReg ESN Sonar Garry's Mod GoToMeeting 4.8.0.723 Grand Theft Auto IV GtkRadiant 1.5.0 Half-Life Half-Life 2 Half-Life 2: Deathmatch Half-Life 2: Episode One Half-Life 2: Episode Two Half-Life 2: Lost Coast Half-Life Decay PC 1.0 Half-Life: Blue Shift Half-Life: Opposing Force HP Deskjet 3050 J610 series Help HP Photo Creations HP Update Java Auto Updater Java(TM) 6 Update 22 Left 4 Dead 2 Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft Default Manager Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MINERVA: Metastasis mIRC Mozilla Firefox 7.0.1 (x86 en-US) MSVCRT Need for Speed: Undercover Need For Speed™ World NNScript NVIDIA 3D Vision Controller Driver NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OpenOffice.org 3.3 Opera 11.52 Origin PARANOIA 1.2 PdaNet for Android 3.02 PFPortChecker 1.0.39 Portal Portal 2 Portal 2 Authoring Tools - Beta PunkBuster Services Red Faction Red Faction II Red Faction: Guerrilla Resident Evil 5 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553074) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2553073) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Skype Click to Call Skype™ 5.5 Source SDK Source SDK Base 2007 SpeedFan (remove only) Spybot - Search & Destroy Steam Team Fortress 2 Team Fortress Classic Thief: Deadly Shadows Tropico 3 - Steam Special Edition Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2596560) uTorrentBar Toolbar Ventrilo Client VLC media player 1.1.9 VTFEdit 1.2.5 Winamp Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin Wolfenstein - Enemy Territory Xvid Video Codec YouTube Downloader 3.3 . ==== Event Viewer Messages From Past Week ======== . 10/24/2011 12:18:53 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 10/24/2011 12:14:22 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 10/24/2011 12:13:58 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists. 10/24/2011 12:13:58 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists. 10/23/2011 11:30:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 10/23/2011 11:30:54 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/20/2011 9:53:16 PM, Error: Disk [11] - The driver detected a controller error on \...\DR50. 10/18/2011 11:23:11 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 10/18/2011 11:23:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/18/2011 11:23:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/18/2011 11:23:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/18/2011 11:22:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/18/2011 11:22:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 10/17/2011 1:58:34 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Portable Device Enumerator Service service, but this action failed with the following error: An instance of the service is already running. 10/17/2011 1:56:34 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 10/17/2011 1:56:34 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 10/17/2011 1:56:34 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 10/17/2011 1:56:34 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 10/17/2011 1:56:34 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 10/17/2011 1:56:34 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 10/17/2011 1:56:34 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 10/17/2011 1:56:34 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 10/17/2011 1:56:34 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 10/17/2011 1:56:34 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 10/17/2011 1:56:34 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. . ==== End Of File ===========================
  3. GrecianDelight
    I had problems getting the Avira Rescue Disk to boot. Anyway, Borislav, thank you for all of your help. Last week I ordered a new hard drive (I didn't want to lose the information on the current drive and had nowhere to back it up to) and I've reinstalled my OS onto it. Luckily, I found a pretty decent deal on it. I think I'm just going to give up on this one, though. :\ Thank you again for all of your help, George
  4. GrecianDelight
    Hmm, it failed to execute, though. "Failed to execute, please make sure the application was started as an administrator". I closed the program and right clicked to make sure that it was "run as administrator" , and it still didn't work.
  5. GrecianDelight
    I put DeleteFile: "C:\Users\All Users\pPnNkIk06510" in quotations just like that and it's working now. Apparently it wasn't reading the space in All Users properly.
  6. GrecianDelight
    There's a syntax error in line 6 again; invalid folder path. :\
  7. GrecianDelight
    Sorry about that, didn't notice the thread went to a 4th page. I kept refreshing the third page. XD Here are the results: SystemLook 04.09.10 by jpshortstuff Log created at 13:08 on 19/02/2011 by George A Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== folderfind ========== Searching for "*pPnNkIk06510*" C:\ProgramData\pPnNkIk06510 d------ [07:39 31/01/2011] C:\Users\All Users\pPnNkIk06510 d------ [07:39 31/01/2011] -= EOF =-
  8. GrecianDelight
    This time it said the syntax error was in line 5.
  9. GrecianDelight
    I went and looked manually at the ProgramData and Program Files folders. "pPnNkIk06510" exists in ProgramData, but not in Program Files. Should I remove the Program Files part of the script?
  10. GrecianDelight
    "Syntax error in line 6, Invalid folder path." :\
  11. GrecianDelight
    DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by George A at 7:30:13.98 on Fri 02/18/2011 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.1078 [GMT -6:00] SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\Dwm.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AIM\aim.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\defrag.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k defragsvc C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files (x86)\mIRC\mirc.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Windows\splwow64.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskhost.exe C:\Windows\explorer.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\George A\Downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO: AutorunsDisabled - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File mRun-x64: [(Default)] ================= FIREFOX =================== FF - ProfilePath - C:\Users\GEORGE~1\AppData\Roaming\Mozilla\Firefox\Profiles\7qgt8xo1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - component: C:\Users\George A\AppData\Roaming\Mozilla\Firefox\Profiles\7qgt8xo1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll FF - plugin: C:\Users\George A\AppData\Roaming\Mozilla\Firefox\Profiles\7qgt8xo1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-6-24 58368] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2011-1-22 66728] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088] R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992] S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872] S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\92E1.tmp [2011-2-2 6144] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] =============== Created Last 30 ================ 2011-02-03 22:06:42 150520 ----a-w- C:\Windows\System32\drivers\dwprot.sys 2011-02-03 21:47:45 -------- d-----w- C:\Users\George A\DoctorWeb 2011-02-03 09:06:27 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\Adobe 2011-02-03 08:40:34 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys 2011-02-03 06:20:13 -------- d-s---w- C:\ComboFix 2011-02-03 06:16:27 20952 ----a-w- C:\Windows\SysWow64\drivers\mbam.sys 2011-02-03 06:08:02 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\AIM 2011-02-03 06:07:59 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\AOL 2011-02-03 04:59:39 6144 ------w- C:\Windows\System32\92E1.tmp 2011-02-03 00:01:38 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Malwarebytes 2011-02-03 00:01:35 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-02-03 00:01:34 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-02-03 00:01:31 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-02-03 00:01:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-02-02 20:58:08 98816 ----a-w- C:\Windows\sed.exe 2011-02-02 20:58:08 89088 ----a-w- C:\Windows\MBR.exe 2011-02-02 20:58:08 256512 ----a-w- C:\Windows\PEV.exe 2011-02-02 20:58:08 161792 ----a-w- C:\Windows\SWREG.exe 2011-02-01 00:01:49 6144 ------w- C:\Windows\System32\250F.tmp 2011-02-01 00:00:40 6144 ------w- C:\Windows\System32\193B.tmp 2011-02-01 00:00:28 -------- d-----w- C:\Program Files (x86)\Sophos 2011-01-31 23:41:05 37600 ----a-w- C:\Windows\SysWow64\Partizan.exe 2011-01-31 23:41:05 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys 2011-01-31 23:41:00 2 --shatr- C:\Windows\winstart.bat 2011-01-31 23:40:55 12808 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys 2011-01-31 23:40:52 -------- d-----w- C:\Program Files (x86)\UnHackMe 2011-01-31 18:39:37 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\VS Revo Group 2011-01-31 18:34:48 -------- d-----w- C:\PROGRA~3\MFAData 2011-01-31 07:39:28 -------- d-----w- C:\PROGRA~3\pPnNkIk06510 2011-01-27 13:56:53 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2011-01-26 22:05:26 -------- d-----w- C:\Program Files (x86)\ESET 2011-01-26 02:55:10 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2011-01-26 02:36:12 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Easeware 2011-01-22 07:23:42 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys 2011-01-22 07:23:41 -------- d-----w- C:\Program Files\Virtual Audio Cable 2011-01-22 05:27:02 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Acoustica 2011-01-22 05:26:54 57344 ----a-w- C:\Windows\SysWow64\Wnaspint.dll 2011-01-22 05:26:43 -------- d-----w- C:\Program Files (x86)\Acoustica Shared Effects 2011-01-22 05:25:51 -------- d-----w- C:\Program Files (x86)\VST 2011-01-22 05:25:51 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 4 2011-01-22 05:25:51 -------- d-----w- C:\PROGRA~3\Acoustica 2011-01-22 05:10:38 -------- d-----w- C:\Program Files (x86)\AnalogX 2011-01-22 04:38:43 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Screaming Bee 2011-01-22 04:36:51 -------- d-----w- C:\Program Files (x86)\Screaming Bee ==================== Find3M ==================== 2010-12-14 23:53:08 319488 ----a-w- C:\Windows\HideWin.exe ============= FINISH: 7:31:55.16 ===============
  12. GrecianDelight
    I keep getting "0 [ERROR: License has expired]" when the database updates.
  13. GrecianDelight
    A command prompt window pops up for a split second and then closes.
  14. GrecianDelight
    That was in regular mode. I don't think whatever this thing is will allow me to access my D:\ drive. I can't get to it from "computer" either.
  15. GrecianDelight
    That's as far as I got, and I let it run all night. Here is what was in the .txt file: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 64-bit Base Board Manufacturer: ASUSTeK Computer Inc. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: ASUSTeK Computer Inc. System Product Name: M51Sn Logical Drives Mask: 0x0000001c Kernel Drivers (total 168): 0x02C49000 \SystemRoot\system32\ntoskrnl.exe 0x02C00000 \SystemRoot\system32\hal.dll 0x00BAD000 \SystemRoot\system32\kdcom.dll 0x00CD8000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00D1C000 \SystemRoot\system32\PSHED.dll 0x00D30000 \SystemRoot\system32\CLFS.SYS 0x00C00000 \SystemRoot\system32\CI.dll 0x00EB3000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F57000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F66000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00FBD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00FC6000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00FD0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys 0x00E33000 \SystemRoot\System32\drivers\partmgr.sys 0x00E48000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00E51000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00E5D000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00D8E000 \SystemRoot\System32\drivers\volmgrx.sys 0x00E72000 \SystemRoot\system32\DRIVERS\intelide.sys 0x00E7A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00E8A000 \SystemRoot\System32\drivers\mountmgr.sys 0x00EA4000 \SystemRoot\system32\DRIVERS\atapi.sys 0x01048000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x01072000 \SystemRoot\system32\DRIVERS\msahci.sys 0x0107D000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x01088000 \SystemRoot\system32\drivers\fltmgr.sys 0x010D4000 \SystemRoot\system32\drivers\fileinfo.sys 0x01230000 \SystemRoot\System32\Drivers\Ntfs.sys 0x010E8000 \SystemRoot\System32\Drivers\msrpc.sys 0x013D3000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01146000 \SystemRoot\System32\Drivers\cng.sys 0x013ED000 \SystemRoot\System32\drivers\pcw.sys 0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01451000 \SystemRoot\system32\drivers\ndis.sys 0x01543000 \SystemRoot\system32\drivers\NETIO.SYS 0x015A3000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01603000 \SystemRoot\System32\drivers\tcpip.sys 0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x015CE000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x0185E000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x018AA000 \SystemRoot\System32\Drivers\spldr.sys 0x018B2000 \SystemRoot\System32\drivers\rdyboost.sys 0x018EC000 \SystemRoot\System32\Drivers\mup.sys 0x018FE000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01907000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01941000 \SystemRoot\system32\DRIVERS\disk.sys 0x01957000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01987000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x019B1000 \SystemRoot\System32\Drivers\Null.SYS 0x019BA000 \SystemRoot\System32\Drivers\Beep.SYS 0x019C1000 \SystemRoot\System32\drivers\vga.sys 0x019CF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01800000 \SystemRoot\System32\drivers\watchdog.sys 0x01810000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01819000 \SystemRoot\system32\drivers\rdpencdd.sys 0x01822000 \SystemRoot\system32\drivers\rdprefmp.sys 0x0182B000 \SystemRoot\System32\Drivers\Msfs.SYS 0x01836000 \SystemRoot\System32\Drivers\Npfs.SYS 0x015DE000 \SystemRoot\system32\DRIVERS\tdx.sys 0x01847000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x011B9000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02C9E000 \SystemRoot\system32\drivers\afd.sys 0x02D28000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02D31000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02D57000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02D66000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02D81000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02D95000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02DE6000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02DF2000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02C00000 \SystemRoot\system32\hal.dll 0x02C0F000 \SystemRoot\system32\drivers\csc.sys 0x0120A000 \SystemRoot\System32\Drivers\dfsc.sys 0x01000000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x01011000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x00FDD000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x0FE24000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x10A92000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x10A94000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x10B88000 \SystemRoot\System32\drivers\dxgmms1.sys 0x10BCE000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x03AF5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x03B4B000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x03B5C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03B80000 \SystemRoot\system32\DRIVERS\l160x64.sys 0x03C56000 \SystemRoot\system32\DRIVERS\netw5v64.sys 0x04191000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x041CF000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x03B92000 \SystemRoot\system32\DRIVERS\rixdpx64.sys 0x03C00000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x03C1E000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x03C2D000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03C3C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x03C49000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x03C4E000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys 0x041EF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x03BE9000 \SystemRoot\system32\drivers\ScreamingBAudio64.sys 0x03A00000 \SystemRoot\system32\drivers\portcls.sys 0x03A3D000 \SystemRoot\system32\drivers\drmk.sys 0x03A5F000 \SystemRoot\system32\drivers\ks.sys 0x03AA2000 \SystemRoot\system32\drivers\ksthunk.sys 0x03AA8000 \SystemRoot\system32\DRIVERS\vrtaucbl.sys 0x03AB7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x03ACD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x10BDB000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x0447E000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x044AD000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x044C8000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x044E9000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04503000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x0450E000 \SystemRoot\system32\DRIVERS\swenum.sys 0x04510000 \SystemRoot\system32\DRIVERS\nvoclk64.sys 0x04520000 \SystemRoot\system32\DRIVERS\umbus.sys 0x04532000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x0458C000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x045A1000 \SystemRoot\system32\drivers\HdAudio.sys 0x07660000 \SystemRoot\system32\DRIVERS\SmSerl64.sys 0x0779A000 \SystemRoot\system32\drivers\modem.sys 0x077A9000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x077C6000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x077D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x077EF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x0762E000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0763B000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x0784F000 \SystemRoot\System32\Drivers\bthport.sys 0x07911000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x0793D000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x0794D000 \SystemRoot\system32\DRIVERS\bthpan.sys 0x0796D000 \SystemRoot\system32\DRIVERS\hidbth.sys 0x0798B000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0x0799E000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0x00060000 \SystemRoot\System32\win32k.sys 0x079B2000 \SystemRoot\System32\drivers\Dxapi.sys 0x004A0000 \SystemRoot\System32\TSDDD.dll 0x00600000 \SystemRoot\System32\cdd.dll 0x00800000 \SystemRoot\System32\ATMFD.DLL 0x079CC000 \SystemRoot\system32\drivers\luafv.sys 0x07800000 \SystemRoot\system32\drivers\WudfPf.sys 0x07821000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x0783E000 \SystemRoot\System32\Drivers\crashdmp.sys 0x079EF000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x07653000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x04400000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x04413000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x04428000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x10BE7000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x0FE00000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0380A000 \SystemRoot\system32\drivers\HTTP.sys 0x038D2000 \SystemRoot\system32\DRIVERS\bowser.sys 0x038F0000 \SystemRoot\System32\drivers\mpsdrv.sys 0x03908000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x03935000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x03983000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x046E3000 \SystemRoot\system32\drivers\peauth.sys 0x04789000 \SystemRoot\System32\Drivers\secdrv.SYS 0x04794000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x047C1000 \SystemRoot\System32\drivers\tcpipreg.sys 0x04600000 \SystemRoot\System32\DRIVERS\srv2.sys 0x09CBB000 \SystemRoot\System32\DRIVERS\srv.sys 0x09C71000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x09D51000 \SystemRoot\System32\Drivers\usbvideo.sys 0x09DC4000 \SystemRoot\system32\DRIVERS\monitor.sys 0x09DD2000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x09DE0000 \SystemRoot\system32\drivers\usbaudio.sys 0x779A0000 \Windows\System32\ntdll.dll 0x48410000 \Windows\System32\smss.exe 0xFFCC0000 \Windows\System32\apisetschema.dll Processes (total 55): 0 System Idle Process 4 System 212 C:\Windows\System32\smss.exe 332 csrss.exe 388 csrss.exe 396 C:\Windows\System32\wininit.exe 444 C:\Windows\System32\winlogon.exe 492 C:\Windows\System32\services.exe 500 C:\Windows\System32\lsass.exe 508 C:\Windows\System32\lsm.exe 608 C:\Windows\System32\svchost.exe 688 C:\Windows\System32\svchost.exe 780 C:\Windows\System32\svchost.exe 812 C:\Windows\System32\svchost.exe 836 C:\Windows\System32\svchost.exe 1020 C:\Windows\System32\svchost.exe 324 C:\Windows\System32\svchost.exe 1212 C:\Windows\System32\spoolsv.exe 1264 C:\Windows\System32\svchost.exe 1464 C:\Windows\System32\svchost.exe 1476 C:\Windows\System32\dwm.exe 1552 C:\Windows\SysWOW64\PnkBstrA.exe 1724 C:\Windows\System32\taskhost.exe 1792 C:\Windows\System32\svchost.exe 1820 C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe 1916 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 252 C:\Program Files (x86)\AIM\aim.exe 888 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe 764 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2136 C:\Program Files\Ventrilo\Ventrilo.exe 2592 C:\Windows\System32\SearchIndexer.exe 2644 C:\Windows\System32\svchost.exe 3412 C:\Program Files\Windows Media Player\wmpnetwk.exe 4080 C:\Windows\SysWOW64\dllhost.exe 1672 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 8796 C:\Windows\servicing\TrustedInstaller.exe 1640 C:\Windows\System32\audiodg.exe 3728 C:\Windows\System32\VSSVC.exe 8488 C:\Windows\System32\svchost.exe 8132 C:\Windows\System32\Defrag.exe 4820 C:\Windows\System32\conhost.exe 7616 C:\Windows\System32\svchost.exe 9268 C:\Windows\System32\rundll32.exe 6120 rundll32.exe 3112 C:\Program Files (x86)\Skype\Phone\Skype.exe 1232 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe 9576 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 9520 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 10780 C:\Windows\System32\taskhost.exe 11136 taskhost.exe 7528 C:\Windows\explorer.exe 2204 C:\Windows\explorer.exe 4968 C:\Users\George A\Desktop\MBRCheck.exe 10276 C:\Windows\System32\conhost.exe 9024 <unknown> \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: -->
  16. GrecianDelight
    Oh, it just kept freezing and the screen kept popping up.
  17. GrecianDelight
    Hello?
  18. GrecianDelight
    It doesn't happen before the main screen, it happens when I push "run scan". It tries to scan for a minute or two, then that screen pops up saying that it crashed. It still looks frozen after I push continue and the screen just ends up popping up again, but I guess I'll keep pushing continue and see what that does.
  19. GrecianDelight
  20. GrecianDelight
    I tried to run it using Task Manager, but it didn't work. It said that Windows could not find ComboFix. I have it on the desktop, should I have put it somewhere else?
  21. GrecianDelight
    They still don't work. :\ I forgot to mention, though, that whenever I restart, for some reason, multiple instances of wmpnscfg.exe begin to run; I've seen as many as 9 running at once. Apparently it's a Windows Media Player Network Configuration type of program, but it seems weird that they automatically run when I restart and that so many of them run. I never noticed this in the past. My computer is very laggy while they're running, and they eventually close on their own. Could this be anything?
  22. GrecianDelight
    That was in regular mode.
  23. GrecianDelight
    I launched the program and when it finally came to the main screen, it looked like it froze immediately. I forced it close and a box popped up saying it found infections. I found the log and moved it to my desktop. I then did the same thing again but let it keep going for an hour. The same box popped up when I forced it close. I'm going to post both of the logs. First log: ============================================================================= Dr.Web Scanner for Windows v6.00.05 (6.00.05.08310) (c) Doctor Web, Ltd., 1992-2010 Log generated on: 2011-02-03, 15:47:45 [GEORGEA][George A] Command line: "C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\6a098_xp.exe" /lng /ini:setup_xp.ini /fast Operating system: Windows Seven Professional x64/WOW (Build 7600) ============================================================================= Engine version: 5.00 (5.00.2.03300) Engine API version: 2.02 [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\fb80b954 - 2958 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\d8b68364 - 7827 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\7793bc66 - 14834 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\c8baa899 - 14185 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\40664487 - 13370 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\5326af8a - 7482 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\8535dae0 - 11624 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\3d484606 - 10523 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\992698a2 - 10122 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\8256e80a - 10453 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\33ce0798 - 10778 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\c42d0b9c - 9822 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\20535044 - 14045 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f31a5c0d - 7028 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\6d322995 - 8674 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f9291c06 - 8626 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\5d534a8a - 8231 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\adb63c56 - 10397 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\03359482 - 11234 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\1b554c7a - 10356 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\0ce57456 - 11383 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\5b09dfb1 - 8957 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\525f9389 - 11015 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\230adde5 - 11168 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\ede6fb65 - 7798 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\9442f29e - 7873 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\edd1bd4a - 6904 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\3bbb2c59 - 6503 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f6b1a611 - 9823 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\3f81ec9d - 7572 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\0551cb93 - 6996 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\54c505a5 - 16360 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\24d98384 - 29168 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\a792c9d9 - 34202 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\1c6cb55a - 28292 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\486dfb80 - 27164 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\0440b414 - 25131 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\5aa93838 - 31464 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\a9008722 - 18281 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\e08e8a7c - 18009 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\fb1909c6 - 24685 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\7c6eb141 - 13651 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\eb204193 - 16025 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\25afd933 - 15644 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\9595c785 - 23265 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\4a8bd842 - 23135 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\b34067b6 - 20510 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\4d57f9cd - 25475 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\7c080f83 - 16298 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\322df423 - 19357 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\918382f7 - 18381 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\9dbd0732 - 19562 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\982ff438 - 27102 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\cfaaeb4c - 21223 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f3471986 - 24847 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f7de7125 - 23251 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\d5906117 - 14982 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\5b4e0ac5 - 16778 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\0abb5e40 - 18725 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\9efb0a8c - 18429 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\eed72ddc - 6221 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\54ce1a24 - 142240 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\dc0448d9 - 66726 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f4ba17ba - 24512 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\209f7113 - 82762 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\46e2db2f - 508543 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\c04ba8c2 - 640 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\7896134d - 1578 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f458da90 - 1959 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\a5f533f5 - 2033 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\9c884e85 - 1812 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\de6584c9 - 1738 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\6bbf2e83 - 1885 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\389619b8 - 2091 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\6ba8b320 - 1569 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\ff31f640 - 1834 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\82680b1a - 1023 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\c19854a0 - 2229 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\816735a6 - 1833 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\7d351006 - 1614 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\0a0f9b5a - 2297 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\a974f2c1 - 2110 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\e792a6bd - 2007 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\e9f89882 - 2370 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\5af433d9 - 2241 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\1d4e0e57 - 2596 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\2109657f - 2024 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\71e3d970 - 1609 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\b2ac7afe - 1471 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\fe33ccc2 - 1445 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\d3545557 - 1895 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\07aaae39 - 2312 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\22b3ac5e - 3006 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\fea35e13 - 2146 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\2506a7e5 - 1714 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\e472dbfd - 2095 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\603276ff - 2715 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\9f004525 - 2545 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\73e48e34 - 2801 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\f2d4a922 - 6197 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\bc308f96 - 28348 virus records Total virus records: 1858743 [Self-checking] C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\6a098_xp.exe Key file: C:\Users\George A\AppData\Local\Temp\66F9B135-15A12656-2198D062-C8711E23\setup.key License key number: 0012913379 Registered to: An unauthorized User License key activates on: 2010-09-17 License key expires on: 2011-03-20 ============================================================================= Dr.Web Scanner for Windows v6.00.05 (6.00.05.08310) (c) Doctor Web, Ltd., 1992-2010 Log generated on: 2011-02-03, 15:55:19 [GEORGEA][George A] Command line: "C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\6a098_xp.exe" /lng /ini:setup_xp.ini /fast Operating system: Windows Seven Professional x64/WOW (Build 7600) ============================================================================= Engine version: 5.00 (5.00.2.03300) Engine API version: 2.02 [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\fb80b954 - 2958 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\d8b68364 - 7827 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\7793bc66 - 14834 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\c8baa899 - 14185 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\40664487 - 13370 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\5326af8a - 7482 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\8535dae0 - 11624 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\3d484606 - 10523 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\992698a2 - 10122 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\8256e80a - 10453 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\33ce0798 - 10778 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\c42d0b9c - 9822 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\20535044 - 14045 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f31a5c0d - 7028 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\6d322995 - 8674 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f9291c06 - 8626 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\5d534a8a - 8231 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\adb63c56 - 10397 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\03359482 - 11234 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\1b554c7a - 10356 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\0ce57456 - 11383 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\5b09dfb1 - 8957 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\525f9389 - 11015 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\230adde5 - 11168 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\ede6fb65 - 7798 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\9442f29e - 7873 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\edd1bd4a - 6904 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\3bbb2c59 - 6503 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f6b1a611 - 9823 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\3f81ec9d - 7572 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\0551cb93 - 6996 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\54c505a5 - 16360 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\24d98384 - 29168 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\a792c9d9 - 34202 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\1c6cb55a - 28292 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\486dfb80 - 27164 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\0440b414 - 25131 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\5aa93838 - 31464 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\a9008722 - 18281 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\e08e8a7c - 18009 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\fb1909c6 - 24685 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\7c6eb141 - 13651 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\eb204193 - 16025 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\25afd933 - 15644 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\9595c785 - 23265 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\4a8bd842 - 23135 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\b34067b6 - 20510 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\4d57f9cd - 25475 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\7c080f83 - 16298 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\322df423 - 19357 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\918382f7 - 18381 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\9dbd0732 - 19562 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\982ff438 - 27102 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\cfaaeb4c - 21223 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f3471986 - 24847 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f7de7125 - 23251 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\d5906117 - 14982 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\5b4e0ac5 - 16778 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\0abb5e40 - 18725 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\9efb0a8c - 18429 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\eed72ddc - 6221 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\54ce1a24 - 142240 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\dc0448d9 - 66726 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f4ba17ba - 24512 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\209f7113 - 82762 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\46e2db2f - 508543 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\c04ba8c2 - 640 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\7896134d - 1578 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f458da90 - 1959 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\a5f533f5 - 2033 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\9c884e85 - 1812 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\de6584c9 - 1738 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\6bbf2e83 - 1885 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\389619b8 - 2091 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\6ba8b320 - 1569 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\ff31f640 - 1834 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\82680b1a - 1023 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\c19854a0 - 2229 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\816735a6 - 1833 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\7d351006 - 1614 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\0a0f9b5a - 2297 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\a974f2c1 - 2110 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\e792a6bd - 2007 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\e9f89882 - 2370 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\5af433d9 - 2241 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\1d4e0e57 - 2596 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\2109657f - 2024 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\71e3d970 - 1609 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\b2ac7afe - 1471 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\fe33ccc2 - 1445 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\d3545557 - 1895 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\07aaae39 - 2312 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\22b3ac5e - 3006 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\fea35e13 - 2146 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\2506a7e5 - 1714 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\e472dbfd - 2095 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\603276ff - 2715 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\9f004525 - 2545 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\73e48e34 - 2801 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\f2d4a922 - 6197 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\bc308f96 - 28348 virus records Total virus records: 1858743 [Self-checking] C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\6a098_xp.exe Key file: C:\Users\George A\AppData\Local\Temp\27493984-354E3979-5E882981-C4D7817B\setup.key License key number: 0012913379 Registered to: An unauthorized User License key activates on: 2010-09-17 License key expires on: 2011-03-20 Second log: ============================================================================= Dr.Web Scanner for Windows v6.00.05 (6.00.05.08310) (c) Doctor Web, Ltd., 1992-2010 Log generated on: 2011-02-03, 16:12:17 [GEORGEA][George A] Command line: "C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\6a098_xp.exe" /lng /ini:setup_xp.ini /fast Operating system: Windows Seven Professional x64/WOW (Build 7600) ============================================================================= Engine version: 5.00 (5.00.2.03300) Engine API version: 2.02 [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\fb80b954 - 2958 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\d8b68364 - 7827 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\7793bc66 - 14834 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\c8baa899 - 14185 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\40664487 - 13370 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\5326af8a - 7482 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\8535dae0 - 11624 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\3d484606 - 10523 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\992698a2 - 10122 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\8256e80a - 10453 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\33ce0798 - 10778 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\c42d0b9c - 9822 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\20535044 - 14045 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f31a5c0d - 7028 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\6d322995 - 8674 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f9291c06 - 8626 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\5d534a8a - 8231 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\adb63c56 - 10397 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\03359482 - 11234 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\1b554c7a - 10356 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\0ce57456 - 11383 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\5b09dfb1 - 8957 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\525f9389 - 11015 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\230adde5 - 11168 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\ede6fb65 - 7798 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\9442f29e - 7873 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\edd1bd4a - 6904 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\3bbb2c59 - 6503 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f6b1a611 - 9823 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\3f81ec9d - 7572 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\0551cb93 - 6996 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\54c505a5 - 16360 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\24d98384 - 29168 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\a792c9d9 - 34202 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\1c6cb55a - 28292 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\486dfb80 - 27164 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\0440b414 - 25131 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\5aa93838 - 31464 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\a9008722 - 18281 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\e08e8a7c - 18009 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\fb1909c6 - 24685 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\7c6eb141 - 13651 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\eb204193 - 16025 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\25afd933 - 15644 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\9595c785 - 23265 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\4a8bd842 - 23135 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\b34067b6 - 20510 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\4d57f9cd - 25475 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\7c080f83 - 16298 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\322df423 - 19357 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\918382f7 - 18381 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\9dbd0732 - 19562 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\982ff438 - 27102 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\cfaaeb4c - 21223 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f3471986 - 24847 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f7de7125 - 23251 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\d5906117 - 14982 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\5b4e0ac5 - 16778 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\0abb5e40 - 18725 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\9efb0a8c - 18429 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\eed72ddc - 6221 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\54ce1a24 - 142240 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\dc0448d9 - 66726 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f4ba17ba - 24512 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\209f7113 - 82762 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\46e2db2f - 508543 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\c04ba8c2 - 640 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\7896134d - 1578 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f458da90 - 1959 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\a5f533f5 - 2033 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\9c884e85 - 1812 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\de6584c9 - 1738 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\6bbf2e83 - 1885 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\389619b8 - 2091 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\6ba8b320 - 1569 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\ff31f640 - 1834 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\82680b1a - 1023 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\c19854a0 - 2229 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\816735a6 - 1833 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\7d351006 - 1614 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\0a0f9b5a - 2297 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\a974f2c1 - 2110 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\e792a6bd - 2007 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\e9f89882 - 2370 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\5af433d9 - 2241 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\1d4e0e57 - 2596 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\2109657f - 2024 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\71e3d970 - 1609 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\b2ac7afe - 1471 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\fe33ccc2 - 1445 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\d3545557 - 1895 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\07aaae39 - 2312 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\22b3ac5e - 3006 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\fea35e13 - 2146 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\2506a7e5 - 1714 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\e472dbfd - 2095 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\603276ff - 2715 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\9f004525 - 2545 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\73e48e34 - 2801 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\f2d4a922 - 6197 virus records [Virus database] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\bc308f96 - 28348 virus records Total virus records: 1858743 [Self-checking] C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\6a098_xp.exe Key file: C:\Users\George A\AppData\Local\Temp\BBCB19E6-C98DC250-8E0DD7C5-27EA273C\setup.key License key number: 0012913379 Registered to: An unauthorized User License key activates on: 2010-09-17 License key expires on: 2011-03-20
  24. GrecianDelight
    Done. DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by George A at 15:35:31.72 on Thu 02/03/2011 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.2847 [GMT -6:00] SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AIM\aim.exe C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\defrag.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k defragsvc C:\Windows\system32\defrag.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\conhost.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\rundll32.exe C:\Windows\System32\sdiagnhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\George A\Downloads\dds(2).scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO: AutorunsDisabled - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File mRun-x64: [(Default)] ================= FIREFOX =================== FF - ProfilePath - C:\Users\GEORGE~1\AppData\Roaming\Mozilla\Firefox\Profiles\7qgt8xo1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - component: C:\Users\George A\AppData\Roaming\Mozilla\Firefox\Profiles\7qgt8xo1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll FF - plugin: C:\Users\George A\AppData\Roaming\Mozilla\Firefox\Profiles\7qgt8xo1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-6-24 58368] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2011-1-22 66728] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088] R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992] S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872] S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\92E1.tmp [2011-2-2 6144] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] =============== Created Last 30 ================ 2011-02-03 09:06:27 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\Adobe 2011-02-03 08:40:34 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys 2011-02-03 06:20:13 -------- d-s---w- C:\ComboFix 2011-02-03 06:16:27 20952 ----a-w- C:\Windows\SysWow64\drivers\mbam.sys 2011-02-03 06:08:02 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\AIM 2011-02-03 06:07:59 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\AOL 2011-02-03 04:59:39 6144 ------w- C:\Windows\System32\92E1.tmp 2011-02-03 00:01:38 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Malwarebytes 2011-02-03 00:01:35 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-02-03 00:01:34 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-02-03 00:01:31 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-02-03 00:01:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-02-02 20:58:08 98816 ----a-w- C:\Windows\sed.exe 2011-02-02 20:58:08 89088 ----a-w- C:\Windows\MBR.exe 2011-02-02 20:58:08 256512 ----a-w- C:\Windows\PEV.exe 2011-02-02 20:58:08 161792 ----a-w- C:\Windows\SWREG.exe 2011-02-01 00:01:49 6144 ------w- C:\Windows\System32\250F.tmp 2011-02-01 00:00:40 6144 ------w- C:\Windows\System32\193B.tmp 2011-02-01 00:00:28 -------- d-----w- C:\Program Files (x86)\Sophos 2011-01-31 23:41:05 37600 ----a-w- C:\Windows\SysWow64\Partizan.exe 2011-01-31 23:41:05 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys 2011-01-31 23:41:00 2 --shatr- C:\Windows\winstart.bat 2011-01-31 23:40:55 12808 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys 2011-01-31 23:40:52 -------- d-----w- C:\Program Files (x86)\UnHackMe 2011-01-31 18:39:37 -------- d-----w- C:\Users\GEORGE~1\AppData\Local\VS Revo Group 2011-01-31 18:34:48 -------- d-----w- C:\PROGRA~3\MFAData 2011-01-31 07:39:28 -------- d-----w- C:\PROGRA~3\pPnNkIk06510 2011-01-27 13:56:53 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2011-01-26 22:05:26 -------- d-----w- C:\Program Files (x86)\ESET 2011-01-26 02:55:10 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2011-01-26 02:36:12 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Easeware 2011-01-22 07:23:42 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys 2011-01-22 07:23:41 -------- d-----w- C:\Program Files\Virtual Audio Cable 2011-01-22 05:27:02 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Acoustica 2011-01-22 05:26:54 57344 ----a-w- C:\Windows\SysWow64\Wnaspint.dll 2011-01-22 05:26:43 -------- d-----w- C:\Program Files (x86)\Acoustica Shared Effects 2011-01-22 05:25:51 -------- d-----w- C:\Program Files (x86)\VST 2011-01-22 05:25:51 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 4 2011-01-22 05:25:51 -------- d-----w- C:\PROGRA~3\Acoustica 2011-01-22 05:10:38 -------- d-----w- C:\Program Files (x86)\AnalogX 2011-01-22 04:38:43 -------- d-----w- C:\Users\GEORGE~1\AppData\Roaming\Screaming Bee 2011-01-22 04:36:51 -------- d-----w- C:\Program Files (x86)\Screaming Bee 2011-01-12 10:50:57 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2011-01-12 10:50:57 720896 ----a-w- C:\Windows\System32\odbc32.dll 2011-01-12 10:50:57 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll 2011-01-12 10:50:57 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2011-01-12 10:50:57 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2011-01-12 10:50:57 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2011-01-12 10:50:57 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2011-01-12 10:50:57 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2011-01-12 10:50:57 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2011-01-12 10:50:57 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2011-01-10 14:06:32 -------- d-----w- C:\PROGRA~3\Canon IJ Network Tool 2011-01-10 14:06:29 -------- d-----w- C:\Program Files (x86)\Canon 2011-01-10 14:06:28 307200 ----a-w- C:\Windows\SysWow64\CNC6100L.dll 2011-01-10 14:06:28 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll 2011-01-10 14:06:28 106496 ----a-w- C:\Windows\SysWow64\CNC6100U.dll 2011-01-10 14:06:01 37376 ----a-w- C:\Windows\System32\CNMN6UI.DLL 2011-01-10 14:06:01 340992 ----a-w- C:\Windows\SysWow64\CNMNPPM.DLL 2011-01-10 14:06:01 327680 ----a-w- C:\Windows\System32\CNMN6PPM.DLL 2011-01-10 14:06:01 -------- d-----w- C:\Windows\System32\STRING 2011-01-10 14:05:35 87040 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAG.DLL 2011-01-10 14:05:35 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAG.DLL 2011-01-10 14:04:42 361472 ----a-w- C:\Windows\System32\CNMLMAG.DLL 2011-01-10 14:04:38 248320 ----a-w- C:\Windows\System32\CNMIUAG.DLL ==================== Find3M ==================== 2010-12-14 23:53:08 319488 ----a-w- C:\Windows\HideWin.exe 2010-11-06 02:25:02 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys ============= FINISH: 15:37:13.24 ===============
  25. GrecianDelight
    I followed your instructions and let the scan run for about 15 minutes and it's stuck at 0 files scanned. I've tried running it in the past, and the same thing happened.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.