Jump to content

I caught Antivirus Action - Help!


Recommended Posts

So I did something stupid and clicked on the link to some .ru website; I had just read something that since my browser is up to date, it should block the site if there was something bad on it. The website loaded normally and a java request popped up asking if i trusted the publisher and if i wanted to run the java app, I clicked no of course, and immediately my browser closed and this stupid Antivirus Action program popped up.

I ended the Antivirus Action task and tried to run malwarebytes before restarting the computer, however there was some error that a malwarebytes staff member said required some sort of restart. Upon restarting the computer i found that everything was marked as something that could not run, it was 'infected.' I tried to ctrl+alt+delete and end the Antivirus Action task like i did before, but it was even blocking my task manager.

I restarted in safe mode, and ran malwarebytes again, and it's giving me the 'error 6 overflow' every time i try to scan. I was reading a few posts where users were having a similar problem and one of the helpers said not to follow the same instructions for all computers and instead make a new post if you are having a similar problem. So, here is my post, please help.

Thanks,

Goobernut

Link to post
Share on other sites

This is a copy of my HijackThis Log.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:00:08 PM, on 11/30/2010

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Unable to get Internet Explorer version!

Boot mode: Safe mode with network support

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Users\Goobernut\Downloads\HijackThis.exe

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: msiebr Class - {7034E9F0-C72D-4EAF-AC6A-65CFF0808042} - C:\Windows\system32\Direct3DX.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [eawahlei] C:\Users\GOOBER~1\AppData\Local\Temp\obedxydhb\yecogbktsbl.exe

O4 - HKCU\..\Run: [rdavwjej] C:\Users\GOOBER~1\AppData\Local\Temp\hhqtpcbot\ksvuqgetsbl.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = Goobernut\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O15 - Trusted Zone: http://*.mcafee.com

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kingsoft Antivirus WebShield Service - Kingsoft Corporation - C:\ProgramData\kingsoft\kws2\KSWebShield.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 7248 bytes

Link to post
Share on other sites

Hello Goobernut! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Please go to www.virustotal.com and upload this file:

C:\Windows\system32\Direct3DX.dll

Please post the resaults in your next reply.

Step 2

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\Moved Files
    • in most cases this will be C:\_OTL\Moved Files

Link to post
Share on other sites

So, I'm swimming in these things...

This is the C:\Windows\system32\Direct3DX.dll results

AhnLab-V3 2010.12.01.04 2010.12.01 Win-Trojan/Securisk

AntiVir 7.10.14.157 2010.12.01 ADSPY/Navi.N

Antiy-AVL 2.0.3.7 2010.12.01 AdWare/Win32.Navi.gen

Avast 4.8.1351.0 2010.12.01 Win32:Adware-gen

Avast5 5.0.677.0 2010.12.01 Win32:Adware-gen

AVG 9.0.0.851 2010.12.01 Generic4.ZOI

BitDefender 7.2 2010.12.01 Backdoor.Generic.288609

CAT-QuickHeal 11.00 2010.12.01 AdWare.Navi.n (Not a Virus)

ClamAV 0.96.4.0 2010.12.01 PUA.Packed.PECompact-1

Command 5.2.11.5 2010.12.01 W32/MalwareF.BFXD

Comodo 6913 2010.12.01 UnclassifiedMalware

DrWeb 5.0.2.03300 2010.12.01 -

Emsisoft 5.0.0.50 2010.12.01 Riskware.AdWare.Win32.Navi!IK

eSafe 7.0.17.0 2010.11.29 Suspicious File

eTrust-Vet 36.1.8011 2010.12.01 -

F-Prot 4.6.2.117 2010.11.30 W32/MalwareF.BFXD

F-Secure 9.0.16160.0 2010.12.01 Backdoor.Generic.288609

Fortinet 4.2.254.0 2010.12.01 Adware/Navi

GData 21 2010.12.01 Backdoor.Generic.288609

Ikarus T3.1.1.90.0 2010.12.01 not-a-virus:AdWare.Win32.Navi

Jiangmin 13.0.900 2010.12.01 AdWare/Navi.d

K7AntiVirus 9.69.3126 2010.11.30 Adware

Kaspersky 7.0.0.125 2010.12.01 not-a-virus:AdWare.Win32.Navi.n

McAfee 5.400.0.1158 2010.12.01 Generic PUP.x!dm

McAfee-GW-Edition 2010.1C 2010.12.01 Generic PUP.x!dm

Microsoft 1.6402 2010.12.01 -

NOD32 5663 2010.12.01 probably a variant of Win32/Agent.LRFTERG

Norman 6.06.10 2010.12.01 Suspicious_Gen2.dam

nProtect 2010-12-01.01 2010.12.01 Trojan-Clicker/W32.Navi.265216.B

Panda 10.0.2.7 2010.11.30 Trj/CI.A

PCTools 7.0.3.5 2010.12.01 Adware.Navihelper!rem

Prevx 3.0 2010.12.01 -

Rising 22.76.01.07 2010.12.01 Trojan.Win32.Generic.52073A0B

Sophos 4.60.0 2010.12.01 -

SUPERAntiSpyware 4.40.0.1006 2010.12.01 -

Symantec 20101.2.0.161 2010.12.01 Adware.Navihelper

TheHacker 6.7.0.1.093 2010.11.30 -

TrendMicro 9.120.0.1004 2010.12.01 TROJ_GEN.R27C3KM

TrendMicro-HouseCall 9.120.0.1004 2010.12.01 TROJ_GEN.R27C3KM

VBA32 3.12.14.2 2010.12.01 -

VIPRE 7463 2010.12.01 Navihelper

ViRobot 2010.12.1.4178 2010.12.01 -

VirusBuster 13.6.67.6 2010.11.30 Adware.Navi!2dkXhRZoY38

Here is the OTL.txt

OTL logfile created on: 12/1/2010 6:56:11 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Goobernut\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16609)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.34 Gb Total Space | 45.79 Gb Free Space | 20.78% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.67 Gb Free Space | 56.69% Space Free | Partition Type: NTFS

Computer Name: TYR | User Name: Goobernut | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Goobernut\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

PRC - C:\ProgramData\kingsoft\kws2\KSWebShield.exe (Kingsoft Corporation)

PRC - C:\Users\Goobernut\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)

PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Goobernut\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\PC Tools Security\PCTGMhk.dll (PC Tools)

MOD - C:\ProgramData\kingsoft\kws2\kwsui.dll (Kingsoft Corporation)

MOD - C:\ProgramData\kingsoft\kws2\kswebshield.dll (Kingsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found

SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe File not found

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_5632d69.dll ()

SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Kingsoft Antivirus WebShield Service) -- C:\ProgramData\kingsoft\kws2\KSWebShield.exe (Kingsoft Corporation)

SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (VMnetAdapter) -- C:\Windows\System32\DRIVERS\vmnetadapter.sys File not found

DRV - (USBAAPL) -- C:\Windows\System32\Drivers\usbaapl.sys File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (cpuz132) -- C:\Users\GOOBER~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)

DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)

DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)

DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)

DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)

DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)

DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.6313.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.6313.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"

FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2

FF - prefs.js..extensions.enabledItems: remove-new-tab-button@forerunnerdesigns.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/01/29 16:17:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/09 13:42:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/09 13:42:26 | 000,000,000 | ---D | M]

[2008/08/01 23:16:39 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Mozilla\Extensions

[2008/08/01 23:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goobernut\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/11/30 18:04:45 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Mozilla\Firefox\Profiles\7ogme69j.default\extensions

[2009/01/08 11:53:09 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Goobernut\AppData\Roaming\Mozilla\Firefox\Profiles\7ogme69j.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}(77)

[2010/03/21 06:41:31 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Goobernut\AppData\Roaming\Mozilla\Firefox\Profiles\7ogme69j.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}

[2009/02/19 19:16:12 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Mozilla\Firefox\Profiles\7ogme69j.default\extensions\moveplayer@movenetworks.com

[2009/08/09 22:31:04 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Mozilla\Firefox\Profiles\7ogme69j.default\extensions\remove-new-tab-button@forerunnerdesigns.com

[2008/08/01 23:27:48 | 000,001,346 | ---- | M] () -- C:\Users\Goobernut\AppData\Roaming\Mozilla\Firefox\Profiles\7ogme69j.default\searchplugins\bulbapedia-english.xml

[2008/09/19 00:45:05 | 000,001,336 | ---- | M] () -- C:\Users\Goobernut\AppData\Roaming\Mozilla\Firefox\Profiles\7ogme69j.default\searchplugins\wiktionary-en.xml

[2008/08/03 14:53:20 | 000,002,109 | ---- | M] () -- C:\Users\Goobernut\AppData\Roaming\Mozilla\Firefox\Profiles\7ogme69j.default\searchplugins\youtube-video-search.xml

[2010/11/30 18:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/11/09 13:42:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/07/19 16:19:39 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/04/12 15:51:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

[2010/11/09 13:42:07 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/11/09 13:42:07 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/04/12 15:50:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/07/07 16:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll

[2009/07/07 16:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

[2010/11/09 13:42:15 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2008/06/30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

[2009/02/27 11:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/02/13 17:22:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/02/13 17:22:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/02/13 17:22:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/02/13 17:22:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/02/13 17:22:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/02/13 17:22:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/02/13 17:22:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/11/09 13:42:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/11/09 13:42:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/11/09 13:42:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/11/09 13:42:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/11/09 13:42:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/11/09 13:42:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/11/09 13:42:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (msiebr Class) - {7034E9F0-C72D-4EAF-AC6A-65CFF0808042} - C:\Windows\System32\Direct3DX.dll (Direct3DX)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [iSTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - Startup: C:\Users\Goobernut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Goobernut\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

O4 - Startup: C:\Users\Goobernut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.211.144.17 141.211.125.17

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\gooberlogoliten.bmp

O24 - Desktop BackupWallPaper: C:\Windows\gooberlogoliten.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1616bec9-44ed-11dd-8a16-00197ed96b2d}\Shell - "" = AutoRun

O33 - MountPoints2\{1616bec9-44ed-11dd-8a16-00197ed96b2d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\{6b42e1c5-c3e2-11dd-8ed3-00197ed96b2d}\Shell - "" = AutoRun

O33 - MountPoints2\{6b42e1c5-c3e2-11dd-8ed3-00197ed96b2d}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found

O33 - MountPoints2\{76d8f4ad-8107-11dd-9c77-00197ed96b2d}\Shell - "" = AutoRun

O33 - MountPoints2\{76d8f4ad-8107-11dd-9c77-00197ed96b2d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\{d6a9038a-4112-11df-8295-001c238890f4}\Shell - "" = AutoRun

O33 - MountPoints2\{d6a9038a-4112-11df-8295-001c238890f4}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 06:51:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Goobernut\Desktop\OTL.exe

[2010/11/30 18:40:34 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys

[2010/11/30 18:40:34 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys

[2010/11/30 18:40:32 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys

[2010/11/30 18:40:32 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys

[2010/11/30 18:40:25 | 000,237,632 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys

[2010/11/30 18:40:25 | 000,159,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

[2010/11/30 18:40:13 | 000,123,712 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys

[2010/11/30 18:40:13 | 000,087,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys

[2010/11/30 18:40:13 | 000,031,960 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys

[2010/11/30 18:40:11 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys

[2010/11/30 18:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2010/11/30 18:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security

[2010/11/30 18:39:37 | 000,000,000 | ---D | C] -- C:\Users\Goobernut\AppData\Roaming\PC Tools

[2010/11/30 18:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2010/11/30 17:28:26 | 000,603,648 | ---- | C] (PPtJCIHx) -- C:\Users\Goobernut\AppData\Local\syssvc.exe

[2010/11/30 15:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\MBAM Malwarebytes' Anti-Malware

[2010/11/30 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/11/28 00:54:25 | 000,000,000 | ---D | C] -- C:\Users\Goobernut\AppData\Roaming\vlc

[2010/11/27 15:12:24 | 000,000,000 | ---D | C] -- C:\Users\Goobernut\AppData\Roaming\yWorks

[2010/11/17 23:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2005

[2010/11/17 23:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

[2010/11/09 15:53:48 | 000,000,000 | ---D | C] -- C:\Users\Goobernut\Desktop\Flash

[2010/11/09 15:26:58 | 000,000,000 | ---D | C] -- C:\Users\Goobernut\Desktop\Lesson06

[2010/11/09 14:29:24 | 000,000,000 | ---D | C] -- C:\Users\Goobernut\Desktop\Silekadej

[2010/11/07 12:02:05 | 000,000,000 | ---D | C] -- C:\Users\Goobernut\Documents\Flash

[2010/11/07 11:55:58 | 006,547,920 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Goobernut\Desktop\flashplayer_10_sa_debug.exe

[2010/11/07 11:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\FlashDevelop

[2010/11/05 12:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM

[2010/11/05 12:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\AIM

[2010/11/05 12:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility

[2009/04/08 21:32:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Goobernut\AppData\Roaming\pcouffin.sys

[2008/04/30 16:04:31 | 000,008,192 | ---- | C] ( ) -- C:\Windows\System32\cshost.dll

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/01 06:51:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Goobernut\Desktop\OTL.exe

[2010/12/01 06:40:09 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9C974B54-F61D-4974-AC44-07A1D7311627}.job

[2010/12/01 06:38:09 | 000,657,524 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/01 06:38:09 | 000,122,240 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/01 06:35:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/01 06:35:38 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/01 06:35:37 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/30 23:29:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/30 22:43:08 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/11/30 22:38:53 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2010/11/30 22:38:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/30 20:28:23 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010/11/30 18:55:50 | 000,101,376 | ---- | M] () -- C:\Users\Goobernut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/30 18:40:22 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk

[2010/11/30 17:59:31 | 000,507,360 | ---- | M] () -- C:\Users\Goobernut\Desktop\sdsetup_aff.exe

[2010/11/30 17:28:27 | 000,603,648 | ---- | M] (PPtJCIHx) -- C:\Users\Goobernut\AppData\Local\syssvc.exe

[2010/11/30 15:27:32 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/30 12:27:28 | 000,174,063 | ---- | M] () -- C:\Users\Goobernut\AppData\Roaming\nvModes.001

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/11/28 14:32:33 | 000,001,526 | ---- | M] () -- C:\Users\Goobernut\Desktop\suicide.jpg

[2010/11/28 14:29:41 | 000,058,772 | ---- | M] () -- C:\Users\Goobernut\Desktop\became a god.jpg

[2010/11/28 00:53:58 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/11/28 00:50:29 | 019,657,194 | ---- | M] () -- C:\Users\Goobernut\Documents\vlc-1.1.4-win32.exe

[2010/11/27 22:41:58 | 000,024,355 | ---- | M] () -- C:\Users\Goobernut\Desktop\1290894152030.jpg

[2010/11/27 22:41:31 | 000,080,214 | ---- | M] () -- C:\Users\Goobernut\Desktop\1290894194694.jpg

[2010/11/27 11:46:59 | 000,450,353 | ---- | M] () -- C:\Users\Goobernut\Desktop\grass.png

[2010/11/22 15:04:52 | 000,094,720 | ---- | M] () -- C:\Users\Goobernut\Desktop\survey.doc

[2010/11/21 10:43:12 | 000,000,087 | ---- | M] () -- C:\Users\Goobernut\mm.cfg

[2010/11/16 14:30:13 | 000,000,218 | ---- | M] () -- C:\Users\Goobernut\.recently-used.xbel

[2010/11/14 22:32:07 | 000,180,196 | ---- | M] () -- C:\Users\Goobernut\large state.png

[2010/11/14 22:31:56 | 000,039,962 | ---- | M] () -- C:\Users\Goobernut\large state.svg

[2010/11/07 16:30:44 | 001,563,585 | ---- | M] () -- C:\Users\Goobernut\Desktop\IMAG0069.jpg

[2010/11/07 16:30:40 | 001,476,853 | ---- | M] () -- C:\Users\Goobernut\Desktop\IMAG0068.jpg

[2010/11/07 14:57:17 | 000,033,888 | ---- | M] () -- C:\Users\Goobernut\Desktop\terrain.png

[2010/11/07 11:56:11 | 006,547,920 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Goobernut\Desktop\flashplayer_10_sa_debug.exe

[2010/11/07 11:50:51 | 000,001,780 | ---- | M] () -- C:\Users\Goobernut\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashDevelop.lnk

[2010/11/07 11:50:51 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\FlashDevelop.lnk

[2010/11/05 12:11:46 | 000,001,941 | -H-- | M] () -- C:\IPH.PH

[2010/11/05 12:11:27 | 000,001,722 | ---- | M] () -- C:\Users\Goobernut\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

[2010/11/05 12:11:27 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk

[2010/11/03 22:52:01 | 000,020,432 | ---- | M] () -- C:\Users\Goobernut\Desktop\Brian McClure How to.docx

[2010/11/02 19:20:26 | 000,033,722 | ---- | M] () -- C:\Users\Goobernut\terrain.png

[2010/11/02 18:37:45 | 000,022,224 | ---- | M] () -- C:\Users\Goobernut\Desktop\pumpkinblur.png

[2010/11/02 16:03:36 | 000,001,037 | ---- | M] () -- C:\Users\Goobernut\Desktop\char.png

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/30 18:40:22 | 000,001,788 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk

[2010/11/30 18:37:39 | 000,507,360 | ---- | C] () -- C:\Users\Goobernut\Desktop\sdsetup_aff.exe

[2010/11/28 14:32:29 | 000,001,526 | ---- | C] () -- C:\Users\Goobernut\Desktop\suicide.jpg

[2010/11/28 14:29:41 | 000,058,772 | ---- | C] () -- C:\Users\Goobernut\Desktop\became a god.jpg

[2010/11/28 00:53:58 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/11/28 00:50:14 | 019,657,194 | ---- | C] () -- C:\Users\Goobernut\Documents\vlc-1.1.4-win32.exe

[2010/11/28 00:29:33 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/27 22:41:58 | 000,024,355 | ---- | C] () -- C:\Users\Goobernut\Desktop\1290894152030.jpg

[2010/11/27 22:41:30 | 000,080,214 | ---- | C] () -- C:\Users\Goobernut\Desktop\1290894194694.jpg

[2010/11/27 11:46:58 | 000,450,353 | ---- | C] () -- C:\Users\Goobernut\Desktop\grass.png

[2010/11/22 15:04:50 | 000,094,720 | ---- | C] () -- C:\Users\Goobernut\Desktop\survey.doc

[2010/11/20 14:36:37 | 000,032,537 | ---- | C] () -- C:\Users\Goobernut\Desktop\xiaotong suo.png

[2010/11/16 14:30:13 | 000,000,218 | ---- | C] () -- C:\Users\Goobernut\.recently-used.xbel

[2010/11/14 22:32:06 | 000,180,196 | ---- | C] () -- C:\Users\Goobernut\large state.png

[2010/11/14 22:27:07 | 000,039,962 | ---- | C] () -- C:\Users\Goobernut\large state.svg

[2010/11/07 17:09:27 | 000,070,535 | ---- | C] () -- C:\Users\Goobernut\Desktop\kz.png

[2010/11/07 16:28:50 | 001,476,853 | ---- | C] () -- C:\Users\Goobernut\Desktop\IMAG0068.jpg

[2010/11/07 16:28:43 | 001,563,585 | ---- | C] () -- C:\Users\Goobernut\Desktop\IMAG0069.jpg

[2010/11/07 11:59:49 | 000,000,087 | ---- | C] () -- C:\Users\Goobernut\mm.cfg

[2010/11/07 11:50:51 | 000,001,780 | ---- | C] () -- C:\Users\Goobernut\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashDevelop.lnk

[2010/11/07 11:50:51 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\FlashDevelop.lnk

[2010/11/05 12:11:27 | 000,001,722 | ---- | C] () -- C:\Users\Goobernut\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

[2010/11/05 12:11:27 | 000,001,698 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk

[2010/11/03 16:24:59 | 000,020,432 | ---- | C] () -- C:\Users\Goobernut\Desktop\Brian McClure How to.docx

[2010/11/02 19:20:25 | 000,033,722 | ---- | C] () -- C:\Users\Goobernut\terrain.png

[2010/11/02 19:10:33 | 000,033,888 | ---- | C] () -- C:\Users\Goobernut\Desktop\terrain.png

[2010/11/02 18:14:18 | 000,022,224 | ---- | C] () -- C:\Users\Goobernut\Desktop\pumpkinblur.png

[2010/07/13 03:01:44 | 000,299,008 | ---- | C] () -- C:\Windows\System32\TcpIpDogR0.dll

[2010/07/13 03:01:44 | 000,299,008 | ---- | C] () -- C:\Windows\System32\TcpIpDog0.dll

[2010/07/08 11:29:48 | 000,000,003 | RH-- | C] () -- C:\ProgramData\LoJackNotifier.txt

[2010/06/22 14:07:04 | 000,004,990 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe

[2010/06/01 00:53:01 | 000,000,683 | ---- | C] () -- C:\Users\Goobernut\AppData\Roaming\MPQEditor.ini

[2010/03/28 16:39:40 | 000,000,000 | ---- | C] () -- C:\Windows\MSYS.INI

[2010/02/22 14:36:10 | 000,000,011 | ---- | C] () -- C:\Windows\System32\KB.DLL

[2010/01/13 22:01:27 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS7A.DLL

[2009/08/07 11:57:08 | 000,000,552 | ---- | C] () -- C:\Users\Goobernut\AppData\Local\d3d8caps.dat

[2009/05/21 18:29:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/05/07 00:54:14 | 000,000,566 | ---- | C] () -- C:\Windows\crackpdf.INI

[2009/05/06 02:34:39 | 000,000,075 | ---- | C] () -- C:\Windows\winDecrypt.INI

[2009/05/02 16:13:07 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2009/04/28 23:27:23 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/04/08 21:37:29 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009/04/08 21:33:23 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll

[2009/04/08 21:33:15 | 000,000,033 | ---- | C] () -- C:\Users\Goobernut\AppData\Roaming\pcouffin.log

[2009/04/08 21:32:28 | 000,087,608 | ---- | C] () -- C:\Users\Goobernut\AppData\Roaming\inst.exe

[2009/04/08 21:32:28 | 000,007,887 | ---- | C] () -- C:\Users\Goobernut\AppData\Roaming\pcouffin.cat

[2009/04/08 21:32:28 | 000,001,144 | ---- | C] () -- C:\Users\Goobernut\AppData\Roaming\pcouffin.inf

[2009/04/03 14:55:31 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll

[2009/04/03 14:55:31 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll

[2009/04/03 14:55:31 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll

[2008/12/07 00:59:48 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008/12/06 16:58:29 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2008/11/29 15:51:00 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini

[2008/08/29 00:27:59 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini

[2008/08/06 16:37:30 | 000,000,761 | ---- | C] () -- C:\Windows\m3jp2k.ini

[2008/08/06 16:37:30 | 000,000,702 | ---- | C] () -- C:\Windows\mmtvmj.ini

[2008/08/06 16:37:29 | 000,000,714 | ---- | C] () -- C:\Windows\m3jpeg.ini

[2008/08/06 16:37:27 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll

[2008/08/06 16:37:26 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2008/08/06 16:37:25 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2008/08/02 08:47:40 | 000,007,592 | ---- | C] () -- C:\Users\Goobernut\AppData\Local\d3d9caps.dat

[2008/07/04 05:07:34 | 000,101,376 | ---- | C] () -- C:\Users\Goobernut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/05/25 04:50:51 | 000,174,063 | ---- | C] () -- C:\Users\Goobernut\AppData\Roaming\nvModes.dat

[2008/05/25 04:50:51 | 000,174,063 | ---- | C] () -- C:\Users\Goobernut\AppData\Roaming\nvModes.001

[2008/05/21 15:57:29 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/11/26 20:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/11/14 13:19:23 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\.minecraft

[2008/05/26 05:29:05 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\acccore

[2010/03/10 18:44:56 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Autodesk

[2009/12/20 18:04:15 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Blender Foundation

[2010/06/22 14:07:06 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Carambis

[2009/01/19 06:21:34 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\DAEMON Tools

[2008/10/27 12:00:06 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Dev-Cpp

[2010/12/01 00:11:50 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Dropbox

[2009/04/09 18:22:30 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Empire XP

[2010/05/31 14:10:03 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\FALCOM

[2009/06/09 06:26:16 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\FrostWire

[2009/04/13 01:33:26 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\GetRightToGo

[2008/09/18 00:22:09 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Grammatica

[2010/11/16 14:16:59 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\gtk-2.0

[2008/11/10 18:05:21 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Inkscape

[2010/09/20 14:55:05 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\LolClient

[2009/12/07 19:35:16 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\MilkShape 3D 1.x.x

[2010/10/08 14:52:42 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Mumble

[2008/09/18 23:22:35 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\OpenVanilla

[2008/10/11 16:11:54 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\QQ

[2008/11/29 15:52:01 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\QQ Games Plugin

[2010/01/18 20:39:01 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\ScreenShot

[2010/06/30 17:02:31 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\SoarDebugger

[2008/12/10 21:39:53 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\SPORE

[2008/08/10 21:03:11 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\SPORE Creature Creator

[2010/03/30 03:01:18 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\SSH

[2009/12/13 15:57:37 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Subversion

[2008/11/29 15:51:41 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Tencent

[2010/10/17 22:05:46 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\uTorrent

[2009/05/14 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Vso

[2010/02/21 14:50:37 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\Wireshark

[2010/11/27 15:12:24 | 000,000,000 | ---D | M] -- C:\Users\Goobernut\AppData\Roaming\yWorks

[2010/11/18 13:45:57 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/12/01 06:40:09 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9C974B54-F61D-4974-AC44-07A1D7311627}.job

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2010/07/15 07:35:00 | 000,000,000 | ---D | M](C:\Program Files\

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Here is the combo-fix log:

ComboFix 10-12-03.03 - Goobernut 4/2010 Sat 15:27:31.1.2 - x86

????: c:\users\Goobernut\Desktop\Combo-Fix.exe

SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

ADS - Windows: deleted 96 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( ?????? )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Goobernut\AppData\Local\Microsoft\Windows\Temporary Internet Files\bestwiner.stt

c:\users\Goobernut\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts

c:\users\Goobernut\AppData\Roaming\inst.exe

c:\users\Goobernut\GoToAssistDownloadHelper.exe

c:\windows\system32\DiREct3dx.dll

c:\windows\system32\images

c:\windows\system32\images\toolbar\calendar.gif

c:\windows\system32\images\toolbar\crlogo.gif

c:\windows\system32\images\toolbar\export.gif

c:\windows\system32\images\toolbar\export_over.gif

c:\windows\system32\images\toolbar\exportd.gif

c:\windows\system32\images\toolbar\First.gif

c:\windows\system32\images\toolbar\first_over.gif

c:\windows\system32\images\toolbar\Firstd.gif

c:\windows\system32\images\toolbar\gotopage.gif

c:\windows\system32\images\toolbar\gotopage_over.gif

c:\windows\system32\images\toolbar\gotopaged.gif

c:\windows\system32\images\toolbar\grouptree.gif

c:\windows\system32\images\toolbar\grouptree_over.gif

c:\windows\system32\images\toolbar\grouptreed.gif

c:\windows\system32\images\toolbar\grouptreepressed.gif

c:\windows\system32\images\toolbar\Last.gif

c:\windows\system32\images\toolbar\last_over.gif

c:\windows\system32\images\toolbar\Lastd.gif

c:\windows\system32\images\toolbar\Next.gif

c:\windows\system32\images\toolbar\next_over.gif

c:\windows\system32\images\toolbar\Nextd.gif

c:\windows\system32\images\toolbar\Prev.gif

c:\windows\system32\images\toolbar\prev_over.gif

c:\windows\system32\images\toolbar\Prevd.gif

c:\windows\system32\images\toolbar\print.gif

c:\windows\system32\images\toolbar\print_over.gif

c:\windows\system32\images\toolbar\printd.gif

c:\windows\system32\images\toolbar\Refresh.gif

c:\windows\system32\images\toolbar\refresh_over.gif

c:\windows\system32\images\toolbar\refreshd.gif

c:\windows\system32\images\toolbar\Search.gif

c:\windows\system32\images\toolbar\search_over.gif

c:\windows\system32\images\toolbar\searchd.gif

c:\windows\system32\images\toolbar\up.gif

c:\windows\system32\images\toolbar\up_over.gif

c:\windows\system32\images\toolbar\upd.gif

c:\windows\system32\images\tree\begindots.gif

c:\windows\system32\images\tree\beginminus.gif

c:\windows\system32\images\tree\beginplus.gif

c:\windows\system32\images\tree\blank.gif

c:\windows\system32\images\tree\blankdots.gif

c:\windows\system32\images\tree\dots.gif

c:\windows\system32\images\tree\lastdots.gif

c:\windows\system32\images\tree\lastminus.gif

c:\windows\system32\images\tree\lastplus.gif

c:\windows\system32\images\tree\Magnify.gif

c:\windows\system32\images\tree\minus.gif

c:\windows\system32\images\tree\minusbox.gif

c:\windows\system32\images\tree\plus.gif

c:\windows\system32\images\tree\plusbox.gif

c:\windows\system32\images\tree\singleminus.gif

c:\windows\system32\images\tree\singleplus.gif

.

((((((((((((((((((((((((( 2010-11-04 ? 2010-12-04 ????? )))))))))))))))))))))))))))))))

.

2010-12-04 20:58 . 2010-12-04 21:01 -------- d-----w- c:\users\Goobernut\AppData\Local\temp

2010-12-04 20:58 . 2010-12-04 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-11-30 23:40 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2010-11-30 22:28 . 2010-11-30 22:28 603648 ----a-w- c:\users\Goobernut\AppData\Local\syssvc.exe

2010-11-30 20:27 . 2010-11-30 20:27 -------- d-----w- c:\program files\MBAM Malwarebytes' Anti-Malware

2010-11-28 05:54 . 2010-11-28 06:00 -------- d-----w- c:\users\Goobernut\AppData\Roaming\vlc

2010-11-27 20:12 . 2010-11-27 20:12 -------- d-----w- c:\users\Goobernut\AppData\Roaming\yWorks

2010-11-18 04:36 . 2010-11-18 04:37 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2005

2010-11-18 04:36 . 2010-11-18 04:36 -------- d-----w- c:\program files\MSECache

2010-11-07 16:50 . 2010-11-12 17:50 -------- d-----w- c:\program files\FlashDevelop

2010-11-05 17:11 . 2010-11-05 17:11 -------- d-----w- c:\programdata\AIM

2010-11-05 17:11 . 2010-11-05 17:11 -------- d-----w- c:\program files\AIM

2010-11-05 17:10 . 2010-11-05 17:10 -------- d-----w- c:\program files\Common Files\Software Update Utility

.

(((((((((((((((((((((((((((((((((((((((( ??????????? ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 22:42 . 2009-05-26 23:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 22:42 . 2009-05-26 23:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-07 04:03 . 2010-10-07 04:03 44544 ----a-w- c:\windows\system32\agremove.exe

.

((((((((((((((((((((((((((((((((((((( ????? ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*??* ???????????????

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Goobernut\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Goobernut\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Goobernut\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-16 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]

"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2010-09-29 1588184]

c:\users\Goobernut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Goobernut\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-22 50688]

hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-15 599592]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\551205626]

wscript [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\$.adahfbvbkkc]

2010-02-24 01:17 63489 ----a-w- c:\windows\System32\$.adahfbvbkkc\adahfbvbkkc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-07-30 19:40 16384 ----a-w- c:\dell\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 10:50 155648 ----a-r- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-12-21 15:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2008-05-21 20:40 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-13 21:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-07-19 13:39 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-137720064-3493471926-931785146-1000]

"EnableNotificationsRef"=dword:00000004

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]

R2 Kingsoft Antivirus WebShield Service;Kingsoft Antivirus WebShield Service;c:\programdata\kingsoft\kws2\KSWebShield.exe [2010-04-06 202136]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-08-18 237632]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-06 717296]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016]

S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-29 38224]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

Akamai REG_MULTI_SZ Akamai

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

File::
c:\users\Goobernut\AppData\Local\syssvc.exe
c:\windows\system32\agremove.exe

Folder::
c:\windows\System32\$.adahfbvbkkc

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\551205626]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\$.adahfbvbkkc]

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Ok, here is the latest one, sorry for the random chinese.

ComboFix 10-12-03.03 - Goobernut 4/2010 Sat 22:57:00.2.2 - x86

????: c:\users\Goobernut\Desktop\Combo-Fix.exe

Command switches used :: c:\users\Goobernut\Desktop\CFScript.txt.txt

SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( ?????? )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\System32\$.adahfbvbkkc

c:\windows\System32\$.adahfbvbkkc\0kjett-temp.exe

c:\windows\System32\$.adahfbvbkkc\adahfbvbkkc.bat

c:\windows\System32\$.adahfbvbkkc\adahfbvbkkc.exe

c:\windows\System32\$.adahfbvbkkc\SRSA.exe

c:\windows\System32\$.adahfbvbkkc\XL\1D75507734 2010-2-23 18.17.11(C1)

c:\windows\System32\$.adahfbvbkkc\XL\1D75507734 2010-2-23 20.20.18(C1)

c:\windows\System32\$.adahfbvbkkc\XL\1D75507734 2010-2-24 23.34.47(C1)

c:\windows\System32\$.adahfbvbkkc\XL\1D75507734 2010-222 14.4220

c:\windows\System32\$.adahfbvbkkc\XL\1D75507734 2010-222 17.3439

c:\windows\System32\$.adahfbvbkkc\XL\1D75507734 2010-222 21.1356

c:\windows\System32\$.adahfbvbkkc\XL\1D75507734 2010-222 22.1650

c:\windows\System32\$.adahfbvbkkc\XL\1D75507734 2010-223 0.4735

c:\windows\System32\$.adahfbvbkkc\XL\russ

.

((((((((((((((((((((((((( 2010-11-05 ? 2010-12-05 ????? )))))))))))))))))))))))))))))))

.

2010-12-05 04:22 . 2010-12-05 04:23 -------- d-----w- c:\users\Goobernut\AppData\Local\temp

2010-12-05 04:22 . 2010-12-05 04:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-04 20:22 . 2010-12-04 21:08 -------- d-----w- C:\Combo-Fix

2010-11-30 23:40 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2010-11-30 22:28 . 2010-11-30 22:28 603648 ----a-w- c:\users\Goobernut\AppData\Local\syssvc.exe

2010-11-30 20:27 . 2010-11-30 20:27 -------- d-----w- c:\program files\MBAM Malwarebytes' Anti-Malware

2010-11-28 05:54 . 2010-11-28 06:00 -------- d-----w- c:\users\Goobernut\AppData\Roaming\vlc

2010-11-27 20:12 . 2010-11-27 20:12 -------- d-----w- c:\users\Goobernut\AppData\Roaming\yWorks

2010-11-18 04:36 . 2010-11-18 04:37 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2005

2010-11-18 04:36 . 2010-11-18 04:36 -------- d-----w- c:\program files\MSECache

2010-11-07 16:50 . 2010-11-12 17:50 -------- d-----w- c:\program files\FlashDevelop

2010-11-05 17:11 . 2010-11-05 17:11 -------- d-----w- c:\programdata\AIM

2010-11-05 17:11 . 2010-11-05 17:11 -------- d-----w- c:\program files\AIM

2010-11-05 17:10 . 2010-11-05 17:10 -------- d-----w- c:\program files\Common Files\Software Update Utility

.

(((((((((((((((((((((((((((((((((((((((( ??????????? ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 22:42 . 2009-05-26 23:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 22:42 . 2009-05-26 23:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-07 04:03 . 2010-10-07 04:03 44544 ----a-w- c:\windows\system32\agremove.exe

.

((((((((((((((((((((((((((((((((((((( ????? ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*??* ???????????????

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Goobernut\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Goobernut\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Goobernut\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-16 2969496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]

"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2010-09-29 1588184]

c:\users\Goobernut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Goobernut\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-22 50688]

hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-15 599592]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-07-30 19:40 16384 ----a-w- c:\dell\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 10:50 155648 ----a-r- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-12-21 15:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2008-05-21 20:40 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-13 21:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-07-19 13:39 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-137720064-3493471926-931785146-1000]

"EnableNotificationsRef"=dword:00000004

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]

R2 Kingsoft Antivirus WebShield Service;Kingsoft Antivirus WebShield Service;c:\programdata\kingsoft\kws2\KSWebShield.exe [2010-04-06 202136]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-08-18 237632]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-06 717296]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016]

S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-29 38224]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

Akamai REG_MULTI_SZ Akamai

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Link to post
Share on other sites

Please click on Start => Run... and type:

chkdsk /r

Press Enter button. Type Y and again press Enter to schedule a disk check for the next reboot.

Restart your computer and let the disk check run unhindered.

Note: This may take some time.

This seems odd, but I can get my computer to say it will run chksdk during a restart, but when I restart it doesn't run.

Link to post
Share on other sites

Step 1

Windows Vista and Windows 7:

  • Click on the Start vista-7-start.png button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • NOTE: If you get SHGetValue failed with error code 0, that only means that the tool has nothing to perform, continue on with the next step....
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

ComboFix 10-12-12.03 - Goobernut 3/2010 Mon 4:29.3.2 - x86

????: c:\users\Goobernut\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((( 2010-11-13 ? 2010-12-13 ????? )))))))))))))))))))))))))))))))

.

2010-12-13 09:53 . 2010-12-13 09:53 -------- d-----w- c:\users\Goobernut\AppData\Local\temp

2010-12-13 09:53 . 2010-12-13 09:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-13 08:59 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-13 08:59 . 2010-12-13 08:59 -------- d-----w- c:\program files\MBAM

2010-12-13 08:59 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-12 15:07 . 2006-11-02 08:44 640000 ----a-w- c:\windows\system32\autochk.exe

2010-12-12 14:52 . 2010-12-12 14:52 -------- d-----w- C:\$UPGRADE.~OS

2010-12-12 14:46 . 2010-12-12 14:47 -------- d-----w- c:\users\Goobernut\AppData\Local\MigWiz

2010-12-07 17:56 . 2010-12-07 17:56 -------- d-----w- c:\windows\Sun

2010-12-04 20:22 . 2010-12-04 21:08 -------- d-----w- C:\Combo-Fix

2010-11-30 23:40 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2010-11-30 22:28 . 2010-11-30 22:28 603648 ----a-w- c:\users\Goobernut\AppData\Local\syssvc.exe

2010-11-28 05:54 . 2010-11-28 06:00 -------- d-----w- c:\users\Goobernut\AppData\Roaming\vlc

2010-11-27 20:12 . 2010-11-27 20:12 -------- d-----w- c:\users\Goobernut\AppData\Roaming\yWorks

2010-11-18 04:36 . 2010-11-18 04:37 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2005

2010-11-18 04:36 . 2010-11-18 04:36 -------- d-----w- c:\program files\MSECache

.

(((((((((((((((((((((((((((((((((((((((( ??????????? ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-07 04:03 . 2010-10-07 04:03 44544 ----a-w- c:\windows\system32\agremove.exe

.

((((((((((((((((((((((((((((((((((((( ????? ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*??* ???????????????

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2009-08-13 23:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Goobernut\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Goobernut\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Goobernut\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]

"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2010-09-29 1588184]

c:\users\Goobernut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Goobernut\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-22 50688]

hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-15 599592]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-07-30 19:40 16384 ----a-w- c:\dell\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 04:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 10:50 155648 ----a-r- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-09-16 20:33 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-12-21 15:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2008-05-21 20:40 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-13 21:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-07-19 13:39 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-137720064-3493471926-931785146-1000]

"EnableNotificationsRef"=dword:00000004

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]

R2 Kingsoft Antivirus WebShield Service;Kingsoft Antivirus WebShield Service;c:\programdata\kingsoft\kws2\KSWebShield.exe [2010-04-06 202136]

R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-08-18 237632]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-06 717296]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016]

--- Other Services/Drivers In Memory ---

*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

Akamai REG_MULTI_SZ Akamai

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

http://forums.malwarebytes.org/index.php?showtopic=69073

Collect::[8]
c:\windows\system32\autochk.exe
c:\users\Goobernut\AppData\Local\syssvc.exe
c:\windows\system32\agremove.exe

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.