Jump to content

tqh

Honorary Members
 View Profile  See their activity

  • Posts

    156

  • Joined

  • Last visited

 Content Type 

Everything posted by tqh

  1. tqh
    Thanks for the reply and your help. Here is the report: RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: iop [Admin rights] Mode: Scan -- Date: 08/14/2012 13:37:24 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVS-26VAT0 +++++ --- User --- [MBR] 66ca1cabab75826394cdee209d4f460c [bSP] 09e7744afc31920bc08bb5dd60d26bee : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11497 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23547904 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23752704 | Size: 293646 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  2. tqh
    Hello MB Forum. Need a little help. I have one computer that was diagnosed as having at least one backdoor trojan by one of your experts. See here if needed: http://forums.malwarebytes.org/index.php?showtopic=113790&hl=&fromsearch=1 None of my scans showed anything until we got to Dr. Web-CureIt. I have a Sony laptop that I am concerned about as well. I had a similar problem 2 months ago (e.g., AVAST false positive; MBAM log clean, etc.). However, we did not run Dr. Web-CureIt. What I would like to do is make sure this system is clean so I have at least one clean system. I would appreciate any help you can give me. Thanks. Here are the requested logs: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.14.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 iop :: FLOYD00 [administrator] 8/14/2012 12:08:50 PM mbam-log-2012-08-14 (12-08-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 269834 Time elapsed: 2 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by iop at 12:29:02 on 2012-08-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2566 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Windows\system32\pnusbvirtualhubwssrv.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\Apoint\Apvfb.exe C:\Windows\SysWOW64\PNUSBCLITRAY.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\SysWOW64\PNTray.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe C:\Program Files\Sony\VAIO Care\VCPerfService.exe C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe C:\Program Files\Sony\VAIO Update Common\VUAgent.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Program Files\Sony\VAIO Care\VCService.exe C:\Program Files\Sony\VAIO Care\VCAgent.exe C:\Windows\System32\vds.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\ctfmon.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat \ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [pnusbclitray] pnusbclitray.exe mRun: [<NO NAME>] mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf? lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE0MDg2MzM2LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMS s0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component \GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00105-0000-0005-ABCDEFFEDCBC} IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live \Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C: \PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C: \PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote \Evernote3.5\enbar.dll Trusted Zone: tamu.edu\voal DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{1B4C9337-1350-489A-8601-C7E07B94A658} : DhcpNameServer = 208.180.42.100 208.180.42.68 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\2456C6B696E6F5560336231683 : DhcpNameServer = 172.16.0.1 Notify: VESWinlogon - VESWinlogon.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat \ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files \Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin \jp2ssv.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [pnusbclitray] pnusbclitray.exe mRun-x64: [(Default)] mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf? lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE0MDg2MzM2LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMS s0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390 IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\iop\AppData\Roaming\Mozilla\Firefox\Profiles\6oc1p2vb.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb85fe&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\iop\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-6 44808] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-6 655944] R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 pnpnptool;Quest RDP PnP Driver;\??\C:\Windows\system32\Drivers\pnpnptool.sys --> C:\Windows\system32\Drivers\pnpnptool.sys [?] R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;C:\Windows\system32\pnusbvirtualhubwssrv.exe --> C:\Windows \system32\pnusbvirtualhubwssrv.exe [?] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 11032] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-11-25 189984] R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-5-16 259192] R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-11-25 104960] R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows \system32\DRIVERS\ArcSoftKsUFilter.sys [?] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows \system32\drivers\IntcHdmi.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 pnusbd;Quest RDP USB Driver;\??\C:\Windows\system32\Drivers\pnusbd.sys --> C:\Windows\system32\Drivers\pnusbd.sys [?] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?] R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-11-25 571248] R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-16 44736] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS \vwifimp.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C: \Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework \v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120] S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392] S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009- 8-31 313840] S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-11-25 120104] S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-11-25 70952] S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-11-25 427304] S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-11-25 75048] S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-11-25 91432] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager \VcmIAlzMgr.exe [2009-11-25 480624] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-11-25 361840] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-11-25 110960] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat \WatAdminSvc.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared \sqladhlp.exe [2009-3-30 47128] S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936] . =============== Created Last 30 ================ . 2012-08-13 20:41:25 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-08-13 20:41:25 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-30 20:30:59 -------- d-----w- C:\Users\iop\AppData\Roaming\TeamViewer 2012-07-23 02:02:24 -------- d-----w- C:\Dissertation Self-Efficacy . ==================== Find3M ==================== . 2012-07-30 22:20:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-30 22:20:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr 2012-06-19 02:53:49 848 ----a-w- C:\Windows\wininit.tmp 2012-06-19 01:54:28 18768 ----a-w- C:\Windows\SysWow64\drivers\SECDRV.SYS 2012-06-18 21:22:34 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-06-18 21:22:34 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-06-18 21:21:12 772592 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-06-18 21:21:12 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 12:29:37.54 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/23/2010 4:42:24 AM System Uptime: 8/14/2012 11:58:12 AM (1 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 287 GiB total, 221.864 GiB free. E: is Removable F: is Removable G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP383: 7/11/2012 3:01:08 AM - Windows Update RP384: 7/18/2012 4:31:47 PM - Scheduled Checkpoint RP385: 7/26/2012 1:01:03 AM - Scheduled Checkpoint RP386: 7/30/2012 4:38:18 PM - Restore Operation RP387: 8/7/2012 2:06:36 AM - Scheduled Checkpoint RP388: 8/13/2012 3:37:05 PM - VAIO Care Automatic Restore Point RP389: 8/13/2012 3:41:27 PM - Windows Update RP391: 8/13/2012 5:20:07 PM - Revo Uninstaller Pro's restore point - Command & Conquer Red Alert 2 . ==== Installed Programs ====================== . . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) ArcSoft Magic-i Visual Effects 2 ArcSoft WebCam Companion 3 avast! Free Antivirus Command & Conquer Red Alert 2 Compatibility Pack for the 2007 Office system Corel WinDVD Coupon Printer for Windows Deus Ex Deus Ex - Invisible War Deus Ex: Human Revolution Evernote HLM 7 for Windows (X86 Student) HP Envy 100 D410 series Help HP Photo Creations HP Update Java 6 Update 32 Java 7 Update 5 Junk Mail filter update Malwarebytes Anti-Malware version 1.62.0.1300 Media Gallery Microsoft Choice Guard Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Move Media Player Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NTREGOPT 1.1j Oasis2Service PMB PMB VAIO Edition Guide PMB VAIO Edition plug-in (Click to Disc) PMB VAIO Edition plug-in (VAIO Image Optimizer) PMB VAIO Edition plug-in (VAIO Movie Story) QuickBooks Financial Center Realtek High Definition Audio Driver Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy Media Creator 10 LJ Roxio Easy Media Creator Home Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Service Pack 1 for SQL Server 2008 (KB968369) Setting Utility Series SmartWi Connection Utility Sony Home Network Library Sql Server Customer Experience Improvement Program Steam Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Office 2007 (KB934528) Update for Office System 2007 Setup (KB929722) VAIO Care VAIO Content Metadata Intelligent Analyzing Manager VAIO Content Metadata Intelligent Network Service Manager VAIO Content Metadata Manager Settings VAIO Content Metadata XML Interface Library VAIO Content Monitoring Settings VAIO Control Center VAIO Data Restore Tool VAIO DVD Menu Data VAIO Entertainment Platform VAIO Event Service VAIO Hardware Diagnostics VAIO Help and Support VAIO Media plus VAIO Media plus Opening Movie VAIO Messenger VAIO Movie Story Template Data VAIO OOBE and Startup Assistant VAIO Original Function Settings VAIO Personalization Manager VAIO Power Management VAIO Quick Web Access VAIO Sample Contents VAIO Survey VAIO Transfer Support VAIO Update VAIO Wallpaper Contents VAIO Window Organizer Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables VLC media player 1.1.11 VU5x86 vWorkspace Connector for Web Access Westwood Shared Internet Components WinASO Registry Optimizer 4.7.5 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 8/14/2012 11:59:21 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL 8/14/2012 11:58:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect. 8/13/2012 9:36:03 PM, Error: Service Control Manager [7034] - The Quest USB Hub Client Service service terminated unexpectedly. It has done this 1 time(s). 8/13/2012 5:14:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect. 8/13/2012 5:14:31 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
  3. tqh
    I was able to get ComboFix to uninstall by removing the dash (-) between Combo and Fix. Bitdefender is not in my list of Add/Remove programs. There is an add-on that I have the option to disable. Is there an uninstall option? Everything else seemed to work. Thank you very much. So, I'm not truly 100% safe because there might be a backdoor trojan, correct? On another note, something strange keeps happening. I went to control panel - add/remove prog. and when I closed everything out, my desktop flashed and I lost the graphic for 3 of my shortcuts. Two of them were for games and the third was actually in my quick launch area. The graphic for my calculator disappeared. They are now represented by the generic icon graphic. This has happened on multiple occasions. I didn't think anything of it until now because it keeps happening. If I restart the computer, they appear as normal. Nothing else returns them to normal. It is the same ones each time. My desktop icons also keep disappearing and slowly reappearing (10 sec.) when I close out a few folders. Also, when I try to open a folder, for example, "My Computer", the list takes time to populate. This is the newest strange thing to happen. I recently installed a new graphics card. I also installed 2 GB of RAM a few months ago. I don't suppose either of these can cause a problem? Is it safe to back-up all of my documents or is there a chance that whatever infected my computer will end up on my external hard drive, usb, etc.? I have windows 7 on my laptop. Is there a way that I can install it on my desktop? Can I create a recovery disk or something like that from the laptop and then use it to install on my desktop computer? I know this is probably confusing and/or just a poor question. Windows 7 came installed on my laptop and I don't have a disk. I don't want to do anything that would violate their policies. Can you help me make sure my laptop is safe? I haven't changed any passwords because I'm worried that my laptop might have a backdoor trojan like the system we have been working on. I would like to run that Dr.Web Cureit and see if something similar comes up. Sorry for all of the questions. I'm just trying to make sure I am as safe as possible moving forward. I would like to safely and confidently use my laptop to change my passwords. Thanks again!
  4. tqh
    When I try to uninstall Combo-Fix I get this message: Windows cannot find 'Combo-Fix'. Make sure you typed the mane correctly, and then try again. To search for a file, click the Start button, and the click Search. I tried all kinds of variations and Windows can't find it in the "Run" box. However, it is sitting right on my desktop. What's up with that?
  5. tqh
    Thanks again for the quick replies. I completed a full scan with MS Safety scanner. The scan found nothing - no viruses, malware, etc. I'm not sure what you mean by the STOP code. How do you know if you had an actual BSOD stop screen? I've witnessed one of my crashes and it was a blue screen. However, it did not stay up long enough for me to read what was going on. I'm pretty sure it stated there was a critical error. But, like I said it was up for about 3 seconds. Why do you think my system is not up-to-date? Is there a problem with my version of IE? I'm pretty sure that my system is up-to-date. You can't get version 9 for XP, correct? I will check after we have finished. Thanks for the heads-up.
  6. tqh
    I've had Explorer 8 for some time. It shows up in my MBAM logs going back to May 31, 2010. Here is the data you requested from the help-about screen: Version: 8.0.6001.18702 Cipher Strength: 128-bit Product ID: 01398-643-8526185-23342 Update Versions: 0 Should I run the full scan or quick scan on MS Safety Scanner. I'm currently running the full scan. It is going to take a very long time. No problem if that is what I need to run. FYI. When I started my computer and logged on I had a crash (probably blue screen). I wasn't in the room the witness it. When I started up again, I received the message: Windows has recovered from a serious error... I wrote down the information to be sent in the error report. Let me know if you want to see those codes.
  7. tqh
    Sorry about the confusion. I have decided to try and remove/fix the problem for this case here. Could the current problem be related to this past problem? Same computer. http://forums.malwar...50 Here is the CKFiles log: CKScanner - Additional Security Risks - These are not necessarily bad scanner sequence 3.RP.11.WNNAVN ----- EOF ----- The ESET log file: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=ecc663e6aaf2244aa350b9a7f35feef6 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-08-10 07:51:33 # local_time=2012-08-10 02:51:33 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 78228 78228 0 0 # compatibility_mode=1026 16777190 0 2 86616411 86616411 0 0 # compatibility_mode=3073 16777214 0 39 29799123 35935486 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=67400 # found=0 # cleaned=0 # scan_time=3093 What is this in bold above in the ESET log (I added the bold so you could see what I was talking about)? ESET found no infections. There was no "details" tab present upon completion of the ESET scan. Now, separate issue (separate computer that had a similar problem about 7 weeks ago [http://forums.malwarebytes.org/index.php?showtopic=111112&hl=&fromsearch=1]). I never ran Dr.Web CureIt when trying to address this problem. The two problems just seem similar (false positive alert by AVAST/MBAM, etc. logs clean). I will run AVAST scan and MBAM full scan.
  8. tqh
    First, thanks for your help. Now, I need to make sure my laptop (we've been working on my desktop) is clean. I'm guessing it is possible for it to be infected as well and I don't want to change anything from another infected computer. Can we run the same scan(s) on the laptop? For now, I'm going to try and clean the desktop. I will consider starting from scratch. Could this have happened due to Steam? I don't suppose you can tell how long the trojans have been on the machine. I will begin to take the steps for removal. Let me know what we can do with the laptop.
  9. tqh
    I hope I did this correctly. My anti-virus may have re-enabled during the Dr.Web scan. I had to leave while it was scanning. It looks like it was able to complete the scan properly. I will run again if you think I should. The "CureIt.log" file is a 44 MB text file. Should I post it as well? BugTool.exe;C:\Program Files\321Studios\Platinum;BackDoor.Bifrost.24389;Incurable.Moved.; A0033666.scr;C:\System Volume Information\_restore{CB7A6167-1C2D-44AD-AD69-9E20DEFD6FCC}\RP160;Trojan.MulDrop2.44246;Incurable.Moved.; A0033707.bat;C:\System Volume Information\_restore{CB7A6167-1C2D-44AD-AD69-9E20DEFD6FCC}\RP160;Probably SCRIPT.Virus;Incurable.Moved.; A0033845.exe;C:\System Volume Information\_restore{CB7A6167-1C2D-44AD-AD69-9E20DEFD6FCC}\RP161;BackDoor.Bifrost.24389;Incurable.Moved.;
  10. tqh
    I can't tell a difference as my system wasn't really behaving poorly/badly. I just got the notification from AVAST. My computer took 47 seconds from when I turned it on to the login screen (XP). I then let it sit for 7 seconds. It then took about 2 min. 10 sec. to where all items where loaded in the task bar. This seems about the same as before. Maybe a little faster. This computer is a bit older, but works well. Revo didn't show AVG as an installed app. What about the original file that I have in my AVAST virus chest? Was there another infection on my computer? Man, you are quick. Appreciate it.
  11. tqh
    DDS and CF still detects AVG as a disabled anti-virus, so that removal tool did not get rid of it completely. Do you know why this is the case? I have the same problem with my laptop. Thanks! Here is the ComboFix Log: ComboFix 12-08-09.01 - poi 08/09/2012 11:34:01.8.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2472 [GMT -5:00] Running from: c:\documents and settings\poi\Desktop\Combo-Fix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\calc.exe C:\install.exe c:\windows\help\wmplayer.bak c:\windows\system32\SET274.tmp c:\windows\system32\SET27F.tmp c:\windows\system32\SET284.tmp c:\windows\system32\SET28B.tmp c:\windows\system32\SET294.tmp c:\windows\system32\SET296.tmp c:\windows\system32\SET297.tmp c:\windows\system32\SET299.tmp c:\windows\system32\SET29C.tmp c:\windows\system32\SET29E.tmp c:\windows\system32\SET2AD.tmp c:\windows\system32\SET2F.tmp c:\windows\system32\SET34.tmp c:\windows\system32\SET4D.tmp c:\windows\system32\SET52.tmp c:\windows\system32\SET59.tmp . . ((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 ))))))))))))))))))))))))))))))) . . 2012-08-08 22:04 . 2012-08-08 22:09 -------- d-----w- c:\documents and settings\poi\Application Data\QuickScan 2012-08-08 21:14 . 2012-08-08 22:15 -------- d-----w- C:\rsit 2012-08-08 21:14 . 2012-08-08 21:16 -------- d-----w- c:\program files\trend micro 2012-08-07 17:11 . 2012-08-07 17:11 -------- d-----w- c:\program files\ERUNT 2012-08-04 04:26 . 2008-04-13 23:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2012-08-04 04:26 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll 2012-08-04 04:25 . 2008-04-13 17:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2012-08-04 04:25 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2012-07-26 15:45 . 2012-07-26 15:45 -------- d-----w- c:\documents and settings\JH\Local Settings\Application Data\Sun . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-02 19:12 . 2012-04-10 22:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-02 19:12 . 2011-08-17 01:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 18:46 . 2010-05-26 19:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 16:21 . 2011-07-16 04:53 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2011-07-16 04:53 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2011-07-16 04:53 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2011-07-16 04:53 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-03 16:21 . 2011-07-16 04:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2011-07-16 04:53 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-07-03 16:21 . 2011-07-16 04:53 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-07-03 16:21 . 2011-07-16 04:53 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-07-03 16:21 . 2011-07-16 04:52 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2011-07-16 04:52 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-02 20:19 . 2008-10-16 19:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19 . 2009-06-27 21:38 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 20:19 . 2009-06-27 21:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19 . 2009-06-27 21:38 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 20:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19 . 2010-03-28 17:00 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19 . 2009-06-27 21:38 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 20:19 . 2008-10-16 19:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 20:19 . 2008-08-14 05:10 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 20:19 . 2008-08-14 05:10 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 20:19 . 2008-10-16 19:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:19 . 2009-06-27 21:38 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 20:19 . 2008-08-14 05:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-05-15 10:18 . 2012-07-09 13:57 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18 . 2012-07-09 13:56 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18 . 2012-07-09 13:56 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18 . 2012-07-09 13:56 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18 . 2012-07-09 13:56 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18 . 2012-07-09 13:56 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:18 . 2008-10-07 05:33 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18 . 2008-10-07 05:33 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18 . 2008-10-07 05:33 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18 . 2008-08-14 05:10 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 10:18 . 2008-08-14 05:10 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 09:40 . 2008-10-07 05:33 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40 . 2008-10-07 05:33 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40 . 2008-10-07 05:33 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40 . 2008-10-07 05:33 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40 . 2008-10-07 05:33 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-07-27 20:55 . 2011-04-05 05:02 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] . c:\documents and settings\poi\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] Seagate NA0LH0SB Product Registration.lnk - c:\documents and settings\poi\Application Data\Leadertech\PowerRegister\Seagate NA0LH0SB Product Registration.exe [2012-3-19 1731736] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-11 113664] BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-5-26 81997] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Quake 3 Arena\\quake3.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra 2002 Professional\\sandra.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\dxhrml\\dxhrml.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\deus ex - human revolution\\dxhr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/15/2008 6:05 PM 716272] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/15/2011 11:53 PM 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/15/2011 11:53 PM 353688] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/15/2011 11:53 PM 21256] R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [9/25/1998 3:55 AM 52800] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/26/2010 2:27 PM 655944] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [7/9/2012 10:33 AM 1262400] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [5/26/2010 2:23 PM 44032] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/26/2010 2:27 PM 22344] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/9/2012 8:57 AM 123840] R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [9/11/2007 11:27 AM 33376] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS --> c:\windows\system32\drivers\FNETURPX.SYS [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 5:12 PM 250056] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/27/2010 3:11 AM 1684736] S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS --> c:\windows\system32\drivers\FNETTBOH.SYS [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 3:29 PM 113120] S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/3/2001 12:53 AM 19677] . Contents of the 'Scheduled Tasks' folder . 2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 19:12] . 2012-08-09 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-05 16:21] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: adobe.com\get Trusted Zone: tamu.edu\voal TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - about:blank . - - - - ORPHANS REMOVED - - - - . Notify-AtiExtEvent - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-09 11:39 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(772) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . Completion time: 2012-08-09 11:40:18 ComboFix-quarantined-files.txt 2012-08-09 16:40 . Pre-Run: 64,046,522,368 bytes free Post-Run: 64,044,441,600 bytes free . - - End Of File - - 8FB5521CF12384967C40B10517A4650B
  12. tqh
    Thanks again. MBAM did not find anything (log posted below). I do have the file in the AVAST virus chest. I ran the AVG remover and it did not prompt me for a restart. I restarted anyways. In regards to the capture screen I mentioned. I was going to capture the error message I received when running rsit. I wrote what the error message stated, so I guess that is good enough. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.09.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 poi :: FLOYD [administrator] 8/9/2012 8:27:02 AM mbam-log-2012-08-09 (08-27-02).txt Scan type: Full scan (A:\|C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 318156 Time elapsed: 40 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  13. tqh
    Thanks for your help! Everything seemed to work correctly with a few exceptions. First, I received an error message when I ran RSIT. I tried to include a print screen at the bottom but it didn't work. The error box read: Please help us improve HijackThis by reporting this error Click "Yes" to submit Error details: An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell) Error #5 - Invlaid procedure call or argument Windows version:Windows NT 5.01.2600 MSIE version: 8.0.6001.18702 HijackThis version: 2.0.4 It seemed to run, but I was unable to see "info.txt" after I saved it. I had to run a search on my computer and access it through the results of the search. Here are the two log files: Logfile of random's system information tool 1.09 (written by random/random) Run by poi at 2012-08-08 16:14:54 Microsoft Windows XP Professional Service Pack 3 System drive C: has 61 GB (53%) free of 114 GB Total RAM: 3070 MB (79% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:16:12 PM, on 8/8/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\USB TV\EM28XX\BDARemote.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\poi\Desktop\RSIT.exe C:\Program Files\trend micro\poi.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=34506 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Startup: Seagate NA0LH0SB Product Registration.lnk = C:\Documents and Settings\poi\Application Data\Leadertech\PowerRegister\Seagate NA0LH0SB Product Registration.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BDARemote.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://get.adobe.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269795619093 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7017 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\avast! Emergency Update.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default prefs.js - "browser.startup.homepage" - "about:blank" prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:0.0.0, avg@igeared:6.103.018.001, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16" "{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.3.300.270 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1] "Description"= "Path"=C:\WINDOWS\system32\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll npCouponPrinter.xpt C:\Program Files\Mozilla Firefox\plugins\ npCouponPrinter.dll npMozCouponPrinter.dll nppdf32.dll C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom.xml answers.xml avg_igeared.xml bing.xml creativecommons.xml eBay.xml google.xml twitter.xml wikipedia.xml yahoo.xml C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default\extensions\ donottrackplus@abine.com ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-06-25 17887232] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-01-20 134656] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-01-20 166912] "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-07-03 4273976] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-05-15 15504192] "NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login [] "nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-05-15 1634112] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe BDARemote.lnk - C:\Program Files\USB TV\EM28XX\BDARemote.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE C:\Documents and Settings\poi\Start Menu\Programs\Startup ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE Seagate NA0LH0SB Product Registration.lnk - C:\Documents and Settings\poi\Application Data\Leadertech\PowerRegister\Seagate NA0LH0SB Product Registration.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2009-01-20 205824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Quake 3 Arena\quake3.exe"="C:\Quake 3 Arena\quake3.exe:*:Disabled:quake3" "C:\Program Files\SPSS\spsssrvr.exe"="C:\Program Files\SPSS\spsssrvr.exe:*:Enabled:SPSS Manager" "C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\sandra.exe:*:Disabled:SiSoftware Sandra Fat Client." "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" "C:\Program Files\Steam\SteamApps\common\dxhrml\dxhrml.exe"="C:\Program Files\Steam\SteamApps\common\dxhrml\dxhrml.exe:*:Enabled:Deus Ex: Human Revolution - The Missing Link" "C:\Program Files\Steam\SteamApps\common\deus ex - human revolution\dxhr.exe"="C:\Program Files\Steam\SteamApps\common\deus ex - human revolution\dxhr.exe:*:Enabled:Deus Ex: Human Revolution" "C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe" "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm "VIDC.MPG4"=mpg4c32.dll "VIDC.MP42"=mpg4c32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "msacm.voxacm160"=vct3216.acm "msacm.scg726"=scg726.acm "msacm.alf2cd"=alf2cd.acm "msacm.ac3acm"=AC3ACM.acm "vidc.dvsd"=mcdvd_32.dll "vidc.xvid"=xvidvfw.dll "vidc.DIVX"=DivX.dll "vidc.mp43"=mpg4c32.dll "VIDC.FFDS"=ff_vfw.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2012-08-08 16:14:54 ----D---- C:\rsit 2012-08-08 16:14:54 ----D---- C:\Program Files\trend micro 2012-08-07 12:11:16 ----D---- C:\Program Files\ERUNT 2012-08-03 23:26:16 ----A---- C:\WINDOWS\system32\hidserv.dll 2012-08-03 23:25:53 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys 2012-07-09 10:42:45 ----A---- C:\WINDOWS\WININIT.INI 2012-07-09 10:30:57 ----A---- C:\WINDOWS\system32\nvhdagenco3220103.dll 2012-07-09 08:58:59 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation 2012-07-09 08:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA 2012-07-09 08:57:17 ----A---- C:\WINDOWS\system32\nvhdap32.dll 2012-07-09 08:57:17 ----A---- C:\WINDOWS\system32\nvhdagenco322040.dll 2012-07-09 08:57:17 ----A---- C:\WINDOWS\system32\drivers\nvhda32.sys 2012-07-09 08:57:00 ----A---- C:\WINDOWS\system32\OpenCL.dll 2012-07-09 08:56:59 ----A---- C:\WINDOWS\system32\nvgenco32.dll 2012-07-09 08:56:59 ----A---- C:\WINDOWS\system32\nvdispco32.dll 2012-07-09 08:56:59 ----A---- C:\WINDOWS\system32\nvcuvid.dll 2012-07-09 08:56:59 ----A---- C:\WINDOWS\system32\nvcuvenc.dll 2012-07-09 08:56:59 ----A---- C:\WINDOWS\system32\nvcompiler.dll 2012-07-09 08:56:39 ----D---- C:\Program Files\NVIDIA Corporation 2012-07-09 08:56:05 ----D---- C:\NVIDIA ======List of files/folders modified in the last 1 month====== 2012-08-08 16:15:07 ----D---- C:\WINDOWS\Prefetch 2012-08-08 16:14:54 ----RD---- C:\Program Files 2012-08-08 15:53:29 ----D---- C:\WINDOWS\ERDNT 2012-08-08 15:53:23 ----D---- C:\WINDOWS\temp 2012-08-08 15:49:24 ----D---- C:\WINDOWS\system32 2012-08-08 15:49:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2012-08-07 12:56:28 ----A---- C:\WINDOWS\SchedLgU.Txt 2012-08-06 21:25:37 ----D---- C:\WINDOWS\system32\drivers 2012-08-06 16:56:26 ----SD---- C:\WINDOWS\Tasks 2012-08-06 10:27:50 ----D---- C:\Files from J 2012-08-04 19:37:31 ----D---- C:\WINDOWS\system32\CatRoot2 2012-08-04 10:10:23 ----D---- C:\Program Files\Steam 2012-08-03 23:26:22 ----RSHDC---- C:\WINDOWS\system32\dllcache 2012-08-02 14:12:32 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2012-08-02 07:19:09 ----D---- C:\WINDOWS 2012-08-01 00:42:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2012-08-01 00:35:21 ----D---- C:\WINDOWS\Minidump 2012-07-30 10:17:33 ----D---- C:\Program Files\Mozilla Maintenance Service 2012-07-27 15:55:58 ----D---- C:\Program Files\Mozilla Firefox 2012-07-11 18:00:29 ----HD---- C:\WINDOWS\inf 2012-07-09 10:43:33 ----RSD---- C:\WINDOWS\assembly 2012-07-09 10:43:30 ----D---- C:\WINDOWS\WinSxS 2012-07-09 10:33:58 ----D---- C:\WINDOWS\system32\ReinstallBackups 2012-07-09 08:58:59 ----D---- C:\WINDOWS\Help 2012-07-09 08:58:19 ----D---- C:\Documents and Settings 2012-07-09 07:01:11 ----D---- C:\WINDOWS\system32\DirectX ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [2003-05-27 21120] R0 nvatabus;nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [2003-06-18 54656] R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-07-26 43528] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-08-15 716272] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-07-03 25256] R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-07-03 35928] R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-07-03 721000] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-07-03 353688] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-07-03 54232] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2007-09-11 20747] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-07-03 21256] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-07-03 97608] R2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS [] R2 HPFECP13;HPFECP13; C:\WINDOWS\System32\drivers\HPFECP13.SYS [1998-09-25 52800] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-25 5095936] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-07-27 44032] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2007-09-11 6912] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-05-15 14014656] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2012-04-18 123840] R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-09-11 33376] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 FNETURPX;FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS [] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-06-25 1684736] S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 FNETTBOH;FNETTBOH; C:\WINDOWS\System32\drivers\FNETTBOH.SYS [] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-05-14 51056] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-05-14 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-05-14 21488] S3 hSONYPVh;hSONYPVh; \??\C:\DOCUME~1\poi\LOCALS~1\Temp\hSONYPVh.sys [] S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-20 6278560] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-06-25 1389056] S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-05-27 97280] S3 RT73;Belkin USB Network Adapter; C:\WINDOWS\System32\DRIVERS\rt73.sys [2005-08-02 232192] S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496] S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\sandra.sys [] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 xbreader;MaxDrive XBox Driver (xbreader.sys); C:\WINDOWS\System32\Drivers\xbreader.sys [2001-01-03 19677] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-07-03 44808] R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-05-04 161664] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-05-15 164160] R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-27 113120] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-05-14 65795] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-09-10 411432] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.09 2012-08-08 16:16:14 ======Uninstall list====== -->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Action Replay XBOX 1.31-->"C:\Program Files\Datel\Action Replay XBOX\unins000.exe" Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC} Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe -maintain plugin Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} Alarm Clock v1.0-->"C:\Program Files\Alarm Clock\unins000.exe" ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3} avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Belkin 54g USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9 Command & Conquer Tiberian Sun-->C:\Westwood\SUN\Uninstll.EXE Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml" Deus Ex - Invisible War-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47BE1E5F-8978-484B-BE86-B616C00EA75A}\Setup.exe" -l0x9 Deus Ex: Human Revolution - The Missing Link-->"C:\Program Files\Steam\steam.exe" steam://uninstall/201280 Deus Ex: Human Revolution-->"C:\Program Files\Steam\steam.exe" steam://uninstall/28050 Deus Ex-->C:\DeusEx\System\Setup.exe uninstall "Deus Ex" DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe" DVD X Rescue-->C:\Program Files\321Studios\DVD X Rescue\UNWISE.EXE "C:\Program Files\321Studios\DVD X Rescue\INSTALL.LOG" DVDXCopy Platinum 3.2.1-->"C:\Program Files\321Studios\Platinum\uninstall.exe" ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" ffdshow [rev 3200] [2010-01-12]-->"C:\Program Files\ffdshow\unins000.exe" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HLM 7 for Windows (X86 Student)-->MsiExec.exe /I{1D85FF63-55A4-4891-8372-CD891FCA4EDE} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" HP DeskJet 710C Series (Remove only)-->C:\Program Files\HP DeskJet 710C Series\hpfiui.exe -c -vdivid=HPF -vpnum=13 -vproduct=710C -huninstall Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Java 7 Update 5-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217005FF} JavaFX 2.1.1-->MsiExec.exe /X{1111706F-666A-4037-7777-211328764D10} Malwarebytes Anti-Malware version 1.62.0.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox 14.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe" MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} MyProfessionalBusinessCards-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3440743-FCC9-4BFC-B630-4EFC0C1A8D44}\setup.exe" -l0x9 UNINSTALL NTI Backup NOW! 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033 BUNText NTI DriveBackup! 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8FDD2A92-9F75-4706-B8C2-08499A9863E6} /l1033 DIBText NTI DVD Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D31612BB-C6D7-4142-96AE-16DB062354CF}\Setup.exe" -l0x9 NTI DVD-Maker Gold-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText NTI HomeVideo-Maker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7C2B282-DC3C-4837-9DFC-9E3D90DB2C44}\Setup.exe" -l0x9 NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA Graphics Driver 301.42-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.Driver NVIDIA HD Audio Driver 1.3.16.0-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage HDAudio.Driver NVIDIA nForce Drivers-->C:\WINDOWS\System32\nvuninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers NVIDIA nView 136.27-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.NView NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall NVIDIA PhysX System Software 9.12.0213-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.PhysX NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9} NVIDIA Update 1.8.15-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL",UninstallPackage Display.Update Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Return to Castle Wolfenstein-->C:\PROGRA~1\RETURN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\RETURN~1\Uninstall\Install.log Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe" Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe" Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe" Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe" Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe" Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe" Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe" Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe" Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe" Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe" Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe" Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe" Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe" Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe" Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe" Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe" Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe" Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe" Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe" Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe" Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe" Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe" Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe" Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe" Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe" Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe" Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe" Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe" Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe" Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe" Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe" Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe" Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe" Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe" Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe" Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe" Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe" Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe" Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe" Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe" Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe" SiSoftware Sandra 2002 Professional-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\Uninst.isu" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe" System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe" Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe" Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe" Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe" USB Video Driver-->C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x0009 -removeonly VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe Westwood Shared Internet Components-->C:\Westwood\Internetiii\UnstllAP.EXE WinASO Registry Optimizer 3.2-->"C:\Program Files\WinASO\Registry Optimizer 3.2\unins000.exe" Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\embda_754491038463AF55DC013DBF40581C2B1BFEE429\embda.inf Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\emaudio_754491038463AF55DC013DBF40581C2B1BFEE429\emaudio.inf Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AV: AVG Anti-Virus Free Edition 2011 (disabled) AV: avast! Antivirus ======System event log====== Computer Name: FLOYD Event Code: 7026 Message: The following boot-start or system-start driver(s) failed to load: FNETURPX Record Number: 41791 Source Name: Service Control Manager Time Written: 20120704215511.000000-300 Event Type: error User: Computer Name: FLOYD Event Code: 1003 Message: Error code 00000019, parameter1 00000020, parameter2 e1603b68, parameter3 e1603b68, parameter4 0c000006. Record Number: 41776 Source Name: System Error Time Written: 20120701194018.000000-300 Event Type: error User: Computer Name: FLOYD Event Code: 7026 Message: The following boot-start or system-start driver(s) failed to load: FNETURPX Record Number: 41759 Source Name: Service Control Manager Time Written: 20120701193904.000000-300 Event Type: error User: Computer Name: FLOYD Event Code: 7026 Message: The following boot-start or system-start driver(s) failed to load: FNETURPX Record Number: 41735 Source Name: Service Control Manager Time Written: 20120701193101.000000-300 Event Type: error User: Computer Name: FLOYD Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 41734 Source Name: Tcpip Time Written: 20120701193046.000000-300 Event Type: warning User: =====Application event log===== Computer Name: FLOYD Event Code: 11706 Message: Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP. Record Number: 46 Source Name: MsiInstaller Time Written: 20120603013832.000000-300 Event Type: error User: FLOYD\poi Computer Name: FLOYD Event Code: 1001 Message: Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'ProductNonBootFiles' failed during request for component '{C950EAC9-7056-4F89-9C7B-458959F26AF8}' Record Number: 45 Source Name: MsiInstaller Time Written: 20120603013821.000000-300 Event Type: warning User: FLOYD\poi Computer Name: FLOYD Event Code: 1004 Message: Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'ProductNonBootFiles', component '{209D419E-D59A-4292-BC10-F079C7B85CF5}' failed. The resource 'C:\Program Files\Microsoft Office\Office10\1033\ID_028.DPC' does not exist. Record Number: 44 Source Name: MsiInstaller Time Written: 20120603013821.000000-300 Event Type: warning User: FLOYD\poi Computer Name: FLOYD Event Code: 11706 Message: Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see . Record Number: 43 Source Name: MsiInstaller Time Written: 20120603013443.000000-300 Event Type: error User: FLOYD\poi Computer Name: FLOYD Event Code: 1517 Message: Windows saved user FLOYD\JH registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 42 Source Name: Userenv Time Written: 20120603012502.000000-300 Event Type: warning User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF----------------- Results of screen317's Security Check version 0.99.43 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2011 avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java 7 Update 5 Adobe Flash Player 11.3.300.270 Adobe Reader X (10.1.3) Mozilla Firefox (14.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! ````````````````````End of Log`````````````````````` Bitdefender did not create a log file. No infection was found. RogueKiller RogueKiller V7.6.5 [08/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: poi [Admin rights] Mode: Scan -- Date: 08/08/2012 17:11:39 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [sUSP PATH] Seagate NA0LH0SB Product Registration.lnk @poi : C:\Documents and Settings\poi\Application Data\Leadertech\PowerRegister\Seagate NA0LH0SB Product Registration.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFFB40) IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFFB40) IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFFB40) IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFFB40) IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFFB40) IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB7DFFB40) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3120814A +++++ --- User --- [MBR] d383a812ca530f3d451f72142fcc07e1 [bSP] 7f3a7c1c600a426261a9231ecbe99a9f : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Finally, I still have remnants of AVG on this computer. One of the other helpers tried to help me get rid of it but you can see in the log files that it is showing up. Any ideas on how to get rid of it. I've tried the AVG removal tool. How do you include a print screen in a post? Should I undo the changes made in your 2nd step you posted?
  14. tqh
    Hello and once again thanks for providing this service. Shortly after connecting to a new ISP at another person's house, I received a pop-up notification from AVAST that malware was blocked before this file was opened: A0031831.dll Located in: C:\System Volume Information_restore{CB7A6167-1C2D-44AD-AD69-9E20DEFD6FCC}\RP154 The file was moved to the AVAST chest and I scanned it shortly after and the result was "no virus". It is still there and I was given this link on the AVAST forum: http://http://www.isthisfilesafe.com/sha1/FD574C9B34BE59BCC6646E33759AC36C3C0BCAF0_details.aspx I searched my computer for "autonomy" and "keyview" and there were no results. It may be a false positive, but I don't know. Also of note, I have had three blue screen crashes recently. They seem to be related to Steam and are no longer occurring. So I come to you guys. I have posted the three logs here: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.06.13 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 poi :: FLOYD [administrator] 8/6/2012 8:50:34 PM mbam-log-2012-08-06 (20-50-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 257002 Time elapsed: 5 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1 Run by poi at 0:19:41 on 2012-08-07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2358 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\USB TV\EM28XX\BDARemote.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet StartupFolder: c:\docume~1\poi\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\poi\application data\leadertech\powerregister\Seagate NA0LH0SB Product Registration.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: adobe.com\get Trusted Zone: tamu.edu\voal DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269795619093 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A9B57C27-3A8D-4410-BF03-21FBC3F1992C} : DhcpNameServer = 192.168.1.1 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\poi\application data\mozilla\firefox\profiles\wxaz6z55.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\npwmsdrm.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-15 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-15 353688] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-15 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-15 44808] R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [1998-9-25 52800] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-26 655944] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-7-9 1262400] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-5-26 44032] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-26 22344] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-7-9 123840] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\fneturpx.sys --> c:\windows\system32\drivers\FNETURPX.SYS [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250056] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-27 1684736] S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys --> c:\windows\system32\drivers\FNETTBOH.SYS [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120] S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-3 19677] . =============== Created Last 30 ================ . 2012-08-04 04:26:16 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2012-08-04 04:26:16 21504 ----a-w- c:\windows\system32\hidserv.dll 2012-08-04 04:25:53 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2012-08-04 04:25:53 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2012-07-09 15:30:57 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll 2012-07-09 13:58:59 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation 2012-07-09 13:57:49 1074812 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-07-09 13:57:49 1074812 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-07-09 13:57:49 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-07-09 13:57:17 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll 2012-07-09 13:57:17 27968 ----a-w- c:\windows\system32\nvhdap32.dll 2012-07-09 13:57:17 123840 ----a-w- c:\windows\system32\drivers\nvhda32.sys 2012-07-09 13:57:00 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-07-09 13:56:59 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-07-09 13:56:59 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-07-09 13:56:59 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-07-09 13:56:59 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-07-09 13:56:59 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-07-09 13:56:39 -------- d-----w- c:\program files\NVIDIA Corporation 2012-07-09 13:56:05 -------- d-----w- C:\NVIDIA . ==================== Find3M ==================== . 2012-08-02 19:12:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-02 19:12:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll . ============= FINISH: 0:20:13.06 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 9/11/2007 10:44:00 AM System Uptime: 8/6/2012 7:04:18 PM (5 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L Processor: Intel Pentium III Xeon processor | Socket 775 | 2700/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 112 GiB total, 59.661 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Parallel Device Device ID: ROOT\LEGACY_HPFECP13\0000 Manufacturer: Name: Parallel Device PNP Device ID: ROOT\LEGACY_HPFECP13\0000 Service: HPFECP13 . ==== System Restore Points =================== . RP114: 5/9/2012 4:05:44 PM - System Checkpoint RP115: 5/9/2012 11:32:21 PM - Installed DirectX RP116: 5/15/2012 7:11:03 PM - System Checkpoint RP117: 5/16/2012 2:59:36 AM - Installed DirectX RP118: 5/16/2012 4:29:43 AM - Installed DirectX RP119: 5/16/2012 11:44:57 PM - Installed DirectX RP120: 5/20/2012 11:05:48 PM - System Checkpoint RP121: 5/25/2012 12:55:43 PM - System Checkpoint RP122: 5/29/2012 2:26:10 PM - System Checkpoint RP123: 5/30/2012 2:47:43 PM - System Checkpoint RP124: 5/31/2012 3:33:23 PM - System Checkpoint RP125: 6/2/2012 7:12:43 PM - System Checkpoint RP126: 6/3/2012 8:03:13 PM - System Checkpoint RP127: 6/7/2012 2:05:29 PM - System Checkpoint RP128: 6/19/2012 11:19:26 PM - System Checkpoint RP129: 6/20/2012 12:04:45 AM - Removed Java 6 Update 31 RP130: 6/20/2012 12:05:12 AM - Installed Java 7 Update 5 RP131: 6/20/2012 12:05:48 AM - Installed JavaFX 2.1.1 RP132: 6/21/2012 4:10:12 PM - System Checkpoint RP133: 6/22/2012 8:19:02 PM - System Checkpoint RP134: 6/23/2012 8:22:08 PM - System Checkpoint RP135: 6/26/2012 5:25:53 PM - System Checkpoint RP136: 6/30/2012 12:55:07 PM - System Checkpoint RP137: 7/1/2012 8:02:48 PM - System Checkpoint RP138: 7/5/2012 4:19:17 AM - Installed DirectX RP139: 7/7/2012 12:37:15 AM - Installed DirectX RP140: 7/7/2012 5:17:05 PM - Installed DirectX RP141: 7/8/2012 5:49:49 PM - System Checkpoint RP142: 7/9/2012 7:01:11 AM - Installed DirectX RP143: 7/9/2012 10:42:59 AM - Removed ATI Catalyst Control Center RP144: 7/10/2012 10:39:23 PM - System Checkpoint RP145: 7/17/2012 9:20:58 AM - System Checkpoint RP146: 7/21/2012 6:26:32 PM - System Checkpoint RP147: 7/22/2012 6:59:39 PM - System Checkpoint RP148: 7/23/2012 7:29:45 PM - System Checkpoint RP149: 7/24/2012 10:15:13 PM - System Checkpoint RP150: 7/25/2012 10:33:56 PM - System Checkpoint RP151: 7/27/2012 7:44:12 PM - System Checkpoint RP152: 7/28/2012 8:41:00 PM - System Checkpoint RP153: 7/29/2012 9:41:00 PM - System Checkpoint RP154: 7/31/2012 11:26:17 AM - System Checkpoint RP155: 8/2/2012 8:59:14 AM - System Checkpoint RP156: 8/3/2012 9:24:03 AM - System Checkpoint RP157: 8/4/2012 9:28:00 AM - System Checkpoint RP158: 2/19/2009 12:47:32 PM - Installed HLM 7 for Windows (X86 Student). RP159: 8/6/2012 7:59:30 PM - System Checkpoint . ==== Installed Programs ====================== . Acrobat.com Action Replay XBOX 1.31 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop 7.0 Adobe Reader X (10.1.3) Alarm Clock v1.0 ATI AVIVO Codecs avast! Free Antivirus Belkin 54g USB Network Adapter Command & Conquer Tiberian Sun Coupon Printer for Windows Deus Ex Deus Ex - Invisible War Deus Ex: Human Revolution Deus Ex: Human Revolution - The Missing Link DVD Flick DVD X Rescue DVDXCopy Platinum 3.2.1 ffdshow [rev 3200] [2010-01-12] High Definition Audio Driver Package - KB888111 HLM 7 for Windows (X86 Student) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) HP DeskJet 710C Series (Remove only) Intel® Graphics Media Accelerator Driver Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office XP Professional with FrontPage Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) MyProfessionalBusinessCards NTI Backup NOW! 3 NTI DriveBackup! 3 NTI DVD-Maker NTI DVD-Maker Gold NTI DVD Player NTI HomeVideo-Maker NVIDIA Control Panel 301.42 NVIDIA Drivers NVIDIA Graphics Driver 301.42 NVIDIA HD Audio Driver 1.3.16.0 NVIDIA Install Application NVIDIA nForce Drivers NVIDIA nView 136.27 NVIDIA nView Desktop Manager NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Update 1.8.15 NVIDIA Update Components QFolder Realtek AC'97 Audio REALTEK Gigabit and Fast Ethernet NIC Driver Realtek High Definition Audio Driver Return to Castle Wolfenstein Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SiSoftware Sandra 2002 Professional Steam SUPERAntiSpyware System Requirements Lab Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Internet Explorer 8 (KB982632) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB980182) USB Video Driver VLC media player 1.0.1 WebFldrs XP Westwood Shared Internet Components WinASO Registry Optimizer 3.2 Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0) Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 8/1/2012 12:43:17 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FNETURPX 8/1/2012 12:37:36 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 b70eceb8, parameter3 b27515e8, parameter4 b27512e4. 8/1/2012 12:32:23 AM, error: System Error [1003] - Error code 000000de, parameter1 00000002, parameter2 e14e29e0, parameter3 e3e3a5c8, parameter4 84b7b8c0. 8/1/2012 12:27:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service. 7/31/2012 11:10:30 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 6CF0495DADFF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================
  15. tqh
    So, all clear then? If so, thank you very much for all your help. You provide a great service.
  16. tqh
    From three posts ago... Quote I wrote: So, you don't think there is a legitimate infection? You wrote: There is, but this one is not this kind of application. I thought "There is" suggested there is an infection on my computer. I was asking if there is a legitimate infection, i.e., the Pando software was not a legitimate infection. Bottom line - does there appear to be malware (forgetting about the Pando software)? Thanks once again.
  17. tqh
    Thanks. I manually deleted the plugin file per your instruction. I had already submitted the file as a potential false positive to AVAST. It still recognizes it as malware (suspicious). What do I need to do to get rid of the infection? Do I need to start a new topic. Are you going to send instructions on uninstalling OTL? Appreciate your help. How can you tell there is an infection? Is it serious and why doesn't Malwarebytes and/or AVAST detect it? What is it? What file is infected and should I avoid doing much on the web? Regards
  18. tqh
    Looks like it is gone. Gone from control panel, from processes, and the plugin does not show up in firefox. There is still a file labeled "npPandoWebInst.xpt" in Program Files (x86)\Mozilla Firefox\plugins. All other related folders appear to be in the OTL folder. Can these be deleted? Looks like this really worked well. Thanks for your help. So, you don't think there is a legitimate infection? The file tmp.edb I mentioned previously - do you know if it is related to Pando? Location - C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb This is the relevant information from ClamAV. First seen by VirusTotal 2012-06-11 20:10:14 UTC ( 7 timer, 57 minutter ago ) Sigcheck publisher................: Pando Networks product..................: Pando Media Boster Control Panel internal name............: PMB copyright................: Copyright © 2008 original name............: PMB.cpl file version.............: 1, 0, 0, 1 description..............: Pando Media Boster Control Panel ClamAV PUA Engine Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. They removed it from detection, but AVAST still identifies it as suspicious.
  19. tqh
    Thanks again. This seemed to work without a problem. All processes killed ========== OTL ========== C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-506262091-4044297795-720065328-1007\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully. C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully. ========== FILES ========== C:\Program Files (x86)\Pando Networks\PandoShared folder moved successfully. C:\Program Files (x86)\Pando Networks\Media Booster\Microsoft.VC90.CRT folder moved successfully. C:\Program Files (x86)\Pando Networks\Media Booster folder moved successfully. C:\Program Files (x86)\Pando Networks folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 53632 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: iop ->Temp folder emptied: 478672258 bytes ->Temporary Internet Files folder emptied: 4049896 bytes ->Java cache emptied: 29624 bytes ->FireFox cache emptied: 167677314 bytes ->Flash cache emptied: 3736 bytes User: J ->Temp folder emptied: 21723911 bytes ->Temporary Internet Files folder emptied: 2037485 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: poi User: Public User: zp ->Temp folder emptied: 4250 bytes ->Temporary Internet Files folder emptied: 315656 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 49884 bytes ->Flash cache emptied: 53632 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 647 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 56358095 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 100878 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 697.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.49.0 log created on 06172012_141600 Files\Folders moved on Reboot... C:\Users\iop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...
  20. tqh
    Hey thanks for the reply. I think I may have made some kind of mistake. I ran OTL and had both the OTL and Extras files. I realized that I ended the Pando process earlier in the day, so I wanted to do a scan with that process running. Unfortunately I deleted the files completely. I ran the scan again and did not get the Extras log. I tried a few more times and could not get it to produce the Extras file. Any idea what happened? Here are the OTL and Checkup logs. Appreciate the help. OTL logfile created on: 6/16/2012 2:58:21 PM - Run 6 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\iop\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.84 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 61.41% Memory free 7.68 Gb Paging File | 5.78 Gb Available in Paging File | 75.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286.76 Gb Total Space | 222.35 Gb Free Space | 77.54% Space Free | Partition Type: NTFS Computer Name: FLOYD00 | User Name: iop | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/16 14:56:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\iop\Desktop\OTL.exe PRC - [2012/05/20 04:07:02 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012/04/16 17:01:47 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/02/09 20:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/08/29 17:43:24 | 001,209,288 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe PRC - [2010/12/08 19:28:48 | 000,067,560 | ---- | M] (Quest Software) -- C:\Windows\SysWOW64\PNUSBCLITRAY.exe PRC - [2010/12/08 19:28:30 | 000,104,424 | ---- | M] (Quest Software) -- C:\Windows\SysWOW64\pntray.exe PRC - [2010/05/28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2010/03/29 15:49:03 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2009/11/04 21:32:12 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2009/10/24 06:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2009/10/24 06:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2009/10/05 16:57:46 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe PRC - [2009/10/05 16:42:48 | 000,161,080 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe PRC - [2009/10/05 16:42:48 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe PRC - [2009/10/05 16:42:46 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe PRC - [2009/09/14 22:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2009/09/14 21:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2009/08/26 22:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2009/06/04 22:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2012/06/13 21:17:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012/06/13 21:17:11 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012/06/13 21:16:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/13 21:16:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/06/13 21:16:42 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012/05/20 04:07:00 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/05/20 04:06:51 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2012/05/20 04:06:48 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012/05/20 04:06:46 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012/05/20 04:06:44 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012/05/12 05:45:06 | 000,888,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4d73a7649876bb6e54a01ccbf235919b\System.DirectoryServices.AccountManagement.ni.dll MOD - [2012/05/12 05:44:53 | 002,516,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\2fe1658f05b0a96fe25c956a31d27b06\System.Data.Linq.ni.dll MOD - [2012/05/12 05:44:53 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll MOD - [2012/05/12 05:43:27 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012/05/12 05:42:49 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll MOD - [2012/05/12 05:41:03 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\4647d9c682e5cae623ac7a7178f16fe9\System.Data.SqlServerCe.ni.dll MOD - [2012/05/12 05:39:12 | 000,634,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\a90ec436f1d2c5cb0133a53c2e47d61a\System.AddIn.ni.dll MOD - [2012/05/12 05:39:12 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f34410ab8e82063735d876533db26c49\System.AddIn.Contract.ni.dll MOD - [2012/05/12 05:38:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012/05/12 05:38:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/12 05:38:39 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll MOD - [2012/05/12 05:38:39 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012/05/12 05:38:38 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012/05/12 05:37:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/12 05:37:49 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll MOD - [2012/05/12 05:37:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/12 05:37:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/12 05:37:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/12 05:37:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/04/23 17:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012/03/21 17:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012/01/03 21:51:03 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2010/11/04 20:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010/11/04 20:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2010/11/04 20:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/03/29 15:49:03 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2009/10/05 16:57:46 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe MOD - [2009/10/05 16:42:50 | 000,121,856 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll MOD - [2009/10/05 16:42:50 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll MOD - [2009/10/05 16:42:50 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll MOD - [2009/10/05 16:42:50 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll MOD - [2009/10/05 16:42:50 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll MOD - [2009/10/05 16:42:48 | 000,161,080 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe MOD - [2009/10/05 16:42:48 | 000,107,008 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll MOD - [2009/10/05 16:42:48 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe MOD - [2009/10/05 16:42:48 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll MOD - [2009/10/05 16:42:48 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll MOD - [2009/10/05 16:42:48 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll MOD - [2009/10/05 16:42:48 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll MOD - [2009/10/05 16:42:48 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll MOD - [2009/10/05 16:42:48 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll MOD - [2009/10/05 16:42:46 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe MOD - [2009/10/05 16:42:46 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll MOD - [2009/10/05 16:42:46 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll MOD - [2009/10/05 16:42:46 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll MOD - [2009/10/05 16:42:46 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SystemPowerDLL.dll MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV:64bit: - [2011/07/11 16:09:04 | 000,477,000 | ---- | M] (Quest Software) [Auto | Stopped] -- C:\Windows\SysNative\pnusbvirtualhubwssrv.exe -- (pnusbvirtualhubwssrv) SRV:64bit: - [2011/05/04 12:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:64bit: - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService) SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2009/11/18 20:27:36 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV:64bit: - [2009/09/16 20:14:58 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV:64bit: - [2009/09/16 16:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV:64bit: - [2009/09/08 21:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV:64bit: - [2009/09/04 16:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/09/02 00:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/05/20 04:07:02 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/05/05 18:06:43 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/02/09 20:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service) SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/05/28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/24 06:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009/10/15 19:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2009/10/15 19:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2009/10/15 19:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2009/10/15 19:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2009/10/15 19:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2009/09/14 22:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009/09/14 22:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009/09/14 21:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2009/08/31 04:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009/08/31 04:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2009/02/06 20:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/11 16:09:04 | 000,052,040 | ---- | M] (Quest Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnpnptool.sys -- (pnpnptool) DRV:64bit: - [2011/07/11 16:09:04 | 000,037,320 | ---- | M] (Quest Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pnusbd.sys -- (pnusbd) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:64bit: - [2009/11/05 01:30:19 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/11/04 02:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID) DRV:64bit: - [2009/10/22 01:09:07 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV:64bit: - [2009/10/22 01:07:45 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/10/21 15:05:38 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/10/21 15:05:37 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/10/21 15:05:37 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/10/21 15:04:33 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009/09/28 00:57:13 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009/09/23 15:03:12 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk) DRV:64bit: - [2009/09/15 15:09:20 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk) DRV:64bit: - [2009/09/10 15:04:50 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/08/19 15:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009/07/31 15:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/05/26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009/05/20 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNNT_en IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbb85fe&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\iop\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/16 18:23:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/05 18:06:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/10 20:12:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\iop\AppData\Roaming\Move Networks [2010/04/30 21:41:23 | 000,000,000 | ---D | M] [2010/03/23 07:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iop\AppData\Roaming\Mozilla\Extensions [2012/06/15 12:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iop\AppData\Roaming\Mozilla\Firefox\Profiles\6oc1p2vb.default\extensions [2012/06/15 12:55:44 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\iop\AppData\Roaming\Mozilla\Firefox\Profiles\6oc1p2vb.default\extensions\donottrackplus@abine.com [2012/06/10 20:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/10 20:12:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012/03/16 18:23:17 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012/02/24 14:22:50 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\IOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6OC1P2VB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/05/05 18:06:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010/03/29 15:49:03 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2012/02/18 20:38:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/18 20:38:54 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [pnusbclitray] C:\Windows\SysWow64\PNUSBCLITRAY.exe (Quest Software) O4 - HKLM..\Run: [smartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation) O4 - HKU\S-1-5-21-506262091-4044297795-720065328-1007..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-506262091-4044297795-720065328-1007..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-506262091-4044297795-720065328-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O15 - HKU\S-1-5-21-506262091-4044297795-720065328-1007\..Trusted Domains: tamu.edu ([voal] https in Trusted sites) O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16:64bit: - DPF: {D9397163-A2DB-4A4A-B2C9-34E876AF2DFC} https://voal.tamu.edu/windows/provision/web-it/clients/vasclient32t.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B4C9337-1350-489A-8601-C7E07B94A658}: DhcpNameServer = 208.180.42.100 208.180.42.68 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/16 14:56:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\iop\Desktop\OTL.exe [2012/06/15 16:47:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\iop\Desktop\Documents\OTL.exe [2012/06/13 20:02:31 | 000,000,000 | ---D | C] -- C:\Users\iop\AppData\Local\VS Revo Group [2012/06/13 20:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [2012/06/13 20:02:27 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys [2012/06/13 20:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012/06/13 16:38:28 | 000,000,000 | ---D | C] -- C:\Users\iop\AppData\Roaming\f-secure [2012/06/13 16:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2012/06/13 00:24:27 | 000,000,000 | ---D | C] -- C:\Users\iop\AppData\Roaming\QuickScan [2012/06/11 15:06:07 | 000,000,000 | ---D | C] -- C:\Suspect [2012/06/10 20:18:36 | 000,000,000 | ---D | C] -- C:\Users\iop\AppData\Local\Macromedia [2012/06/10 00:24:23 | 000,000,000 | ---D | C] -- C:\Users\iop\AppData\Local\Adobe [2012/06/09 18:25:05 | 000,000,000 | ---D | C] -- C:\Users\iop\DoctorWeb [2012/06/09 01:30:18 | 000,000,000 | ---D | C] -- C:\Users\iop\AppData\Local\28050 [2012/06/05 03:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/06/05 03:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/06/05 03:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/16 14:57:46 | 000,853,862 | ---- | M] () -- C:\Users\iop\Desktop\SecurityCheck.exe [2012/06/16 14:56:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\iop\Desktop\OTL.exe [2012/06/16 04:42:45 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/16 04:42:45 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/16 04:34:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/16 04:34:39 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys [2012/06/16 03:08:38 | 000,081,396 | ---- | M] () -- C:\test.xml [2012/06/16 03:00:39 | 000,000,037 | ---- | M] () -- C:\Users\iop\AppData\Roaming\mbam.context.scan [2012/06/15 16:47:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\iop\Desktop\Documents\OTL.exe [2012/06/15 13:07:57 | 000,817,776 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/15 13:07:57 | 000,689,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/15 13:07:57 | 000,130,678 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/14 21:46:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012/06/13 21:12:27 | 000,376,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/13 20:02:28 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2012/06/13 00:44:40 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/06/09 18:13:39 | 086,878,976 | ---- | M] () -- C:\Users\iop\Desktop\jh48a6wk.exe [2012/06/08 22:54:32 | 422,197,023 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/06/06 20:03:38 | 000,116,596 | ---- | M] () -- C:\11773170.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/16 14:57:44 | 000,853,862 | ---- | C] () -- C:\Users\iop\Desktop\SecurityCheck.exe [2012/06/16 03:00:39 | 000,000,037 | ---- | C] () -- C:\Users\iop\AppData\Roaming\mbam.context.scan [2012/06/13 20:02:28 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2012/06/09 18:05:36 | 086,878,976 | ---- | C] () -- C:\Users\iop\Desktop\jh48a6wk.exe [2012/06/08 22:54:32 | 422,197,023 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/06/06 20:03:37 | 000,116,596 | ---- | C] () -- C:\11773170.pdf [2012/01/29 03:13:52 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011/08/18 10:39:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/08/18 10:39:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/08/18 10:39:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/08/18 10:39:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/08/18 10:39:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/07/25 03:26:25 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/07/25 03:26:25 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/02/04 20:39:31 | 000,000,701 | ---- | C] () -- C:\Windows\wininit.ini [2011/01/29 22:04:47 | 000,000,017 | ---- | C] () -- C:\Users\iop\AppData\Local\resmon.resmoncfg [2010/12/08 19:29:30 | 000,059,368 | ---- | C] () -- C:\Windows\SysWow64\pnlteclirc.dll [2010/12/08 19:27:38 | 000,020,560 | ---- | C] () -- C:\Windows\SysWow64\detoured.dll ========== LOP Check ========== [2010/05/27 08:20:13 | 000,000,000 | ---D | M] -- C:\Users\iop\AppData\Roaming\Auslogics [2012/06/13 16:38:28 | 000,000,000 | ---D | M] -- C:\Users\iop\AppData\Roaming\f-secure [2012/06/13 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\iop\AppData\Roaming\QuickScan [2012/05/15 20:29:55 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\AusLogics [2012/05/20 04:05:32 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Results of screen317's Security Check version 0.99.41 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 32 Java version out of date! Adobe Reader X (10.1.3) Mozilla Firefox (12.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  21. tqh
    Hey thanks Maniac. I really don't want the software on the machine. At minimum it is using up RAM. I don't use it to my knowledge. Any suggestions on how to uninstall it? I have exhausted all possible optioins mentioned on the web, including the Pando website. What about the result of the BitDefender scan? It found: Trojan.Heur.FU.hqX@aKgUU3i (unknown location). I posted another topic on the 10th describing a potentially related problem. My computer was streaming a show from Crackle and I woke up and found a screen that read, "Cannot locate operating system". I rebooted and haven't had the problem occur since. However, I did get a blue screen crash the other day. Something about a memory dump. These are relatively new problems. I don't have a history of crashes. Appreciate all your help.
  22. tqh
    Thanks CWB for your reply. I started a topic per your suggestion here: http://forums.malwarebytes.org/index.php?showtopic=111112&hl=&fromsearch=1 This software appears to be a P2P client. I do not use it to my knowledge so whether it is dangerous or not - I really don't care at this point. I do think you are right in that it is shady. Thanks again.
  23. tqh
    I apologize in advance for the long post and hyperlinks. I already started another topic on here, but did not use the GMER scan. I also did not use the defogger. There are different instructions based on whether you go here: http://forums.malwarebytes.org/index.php?showtopic=81385 or here: http://forums.malwarebytes.org/index.php?showtopic=9573 I was referred to the former on this topic: http://forums.malwarebytes.org/index.php?showtopic=111098&hl=&fromsearch=1 I guess the first topic should be ignored and maybe deleted since I did not post the correct logs. This is a different issue, but could be related. I want to remove Pando Media Booster and permanantly kill the related process being run constantly on my computer. I also want to get rid of the Pando Web Installer Plugin on Firefox. I have exhausted all uninstall options via the web and cannot get rid of anything related to Pando. There is no option in Programs/Features; there is no uninstall executable in the program folder. Nothing. I tried to use Revo - it does not show up there either. AVAST found Win32:BogEnt in the file (with directory): C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb. Bitdefender found Trojan.Heur.FU.hqX@aKgUU3i (unknown location). I posted an inquiry on the AVAST forum here: http://forum.avast.com/index.php?topic=99545.0 Bottom line is that it seems to be related to Pando so I just want to get rid of it. I also would like to get rid of any infection. Thanks in advance for your help. Here are the requsted logs: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.14.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 iop :: FLOYD00 [administrator] 6/13/2012 10:40:29 PM mbam-log-2012-06-13 (22-40-29).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 262427 Time elapsed: 3 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32 Run by iop at 22:58:37 on 2012-06-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2454 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Windows\system32\pnusbvirtualhubwssrv.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe C:\Program Files\Sony\VAIO Care\VCPerfService.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\Steam\steam.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Apoint\Apvfb.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\SysWOW64\PNUSBCLITRAY.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\SysWOW64\PNTray.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\Sony\VAIO Update Common\VUAgent.exe C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Program Files\Sony\VAIO Care\VCService.exe C:\Program Files\Sony\VAIO Care\VCAgent.exe C:\Windows\System32\vds.exe C:\Program Files\Sony\VAIO Care\Admload.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Pando Media Booster] "C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [pnusbclitray] pnusbclitray.exe mRun: [<NO NAME>] mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE0MDg2MzM2LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll Trusted Zone: tamu.edu\voal DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{1B4C9337-1350-489A-8601-C7E07B94A658} : DhcpNameServer = 208.180.42.100 208.180.42.68 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\2456C6B696E6F5560336231683 : DhcpNameServer = 172.16.0.1 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\24572776562702B496E676 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\64C6F69746D277962756C6563737 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\65562796A7F6E602D494649443531303C4024413130302355636572756 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\65562796A7F6E602D496649623230303023323032402355636572756 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\841677275656 : DhcpNameServer = 192.168.2.1 Notify: VESWinlogon - VESWinlogon.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [pnusbclitray] pnusbclitray.exe mRun-x64: [(Default)] mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE0MDg2MzM2LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390 IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\iop\AppData\Roaming\Mozilla\Firefox\Profiles\6oc1p2vb.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.kbtx.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb85fe&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\iop\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-8 44768] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-13 654408] R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 pnpnptool;Quest RDP PnP Driver;\??\C:\Windows\system32\Drivers\pnpnptool.sys --> C:\Windows\system32\Drivers\pnpnptool.sys [?] R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;C:\Windows\system32\pnusbvirtualhubwssrv.exe --> C:\Windows\system32\pnusbvirtualhubwssrv.exe [?] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 11032] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-11-25 189984] R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-5-16 259192] R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-11-25 104960] R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 pnusbd;Quest RDP USB Driver;\??\C:\Windows\system32\Drivers\pnusbd.sys --> C:\Windows\system32\Drivers\pnusbd.sys [?] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?] R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-11-25 571248] R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-16 44736] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 129976] S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392] S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840] S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-11-25 120104] S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-11-25 70952] S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-11-25 427304] S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-11-25 75048] S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-11-25 91432] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-11-25 480624] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-11-25 361840] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-11-25 110960] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128] S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-06-11 01:23:30 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-11 01:23:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-11 01:12:08 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-06-11 01:12:07 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys . ============= FINISH: 22:59:35.67 =============== I'm also posting the defogger log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:57 on 13/06/2012 (iop) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Attach.zip
  24. tqh
    Thanks for the reply. Yes. I googled and I am suspicious of this program and publisher. I came here to find out if anyone had any direct experience. The Pando website instructs you to go to Programs and Features which, as previously stated, does not show Pando. Now, I realize that might suggest that I have already uninstalled it, but there are two Pando processes running in the background. This thing is potentially using bandwidth for no reason. Regardless, I would like to get rid of it altogether at this point. Any recommendations on how to uninstall?
  25. tqh
    Does anyone know anything about the usefulness of Pando Media Booster? It appears to be some kind of P2P software. I have no idea how it was installed on my computer unless you need it for Hulu or Crackle. I have never used it to my knowledge (even opened it). It looks like it has two processes associated that run all the time. It does not appear under Programs/Features (Win 7), so I was wondering if anyone here uninstalled it and if so how they uninstalled it. Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.