Jump to content

Computer Freeze - Possibly Software Hijack?


Recommended Posts

Hello, all.

I'm having with my computer freezing occasionally. Please forgive me if I happen to break some forum rules, but I didn't see any rules posted up to view.

I've consulted with my computer science friend and he said to run a HiJackThis scan and have you kind folks here look at it. He suggests that there's a software problem that's taking over the CPU and won't allow the CPU to continue until the task is completed.

This has been happening since February 2011, a month ago, but I haven't installed any new drivers or major software updates then.

Can you folks help me figure it out?

Here's my HiJackthis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:01:18 PM, on 3/13/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16722)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Users\Mystik\Downloads\HijackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [EPSON WorkForce 610 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_S9C30.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mystik\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: Logitech SetPoint.lnk = ?

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8089 bytes

I see a bunch of system root errors, not sure what they mean.

Thank you!

hijackthis.log

Link to post
Share on other sites

Hello Mystik! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Download DDS and save it to your desktop from here, here or here

Double click dds to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

Okay. I ran the program and this is my DDS log file:

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Mystik at 23:10:42.57 on Sun 03/13/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6134.3755 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Core Temp\Core Temp.exe

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Windows\splwow64.exe

C:\Users\Mystik\Downloads\HijackThis(2).exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Mystik\Downloads\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [EPSON WorkForce 610 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_S9C30.tmp" /EF "HKCU"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Mystik\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-075SK.exe" /REG /REGSVRMODE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mystik\AppData\Roaming\Mozilla\Firefox\Profiles\03goz7gn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\Mystik\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Users\Mystik\AppData\Roaming\Mozilla\Firefox\Profiles\03goz7gn.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 15749852;15749852 Boot Guard Driver;C:\Windows\System32\drivers\15749852.sys [2010-11-26 40464]

R1 15749851;15749851;C:\Windows\System32\drivers\15749851.sys [2010-11-26 157712]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-10-28 273488]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]

R1 setup_9.0.0.722_27.11.2010_00-15drv;setup_9.0.0.722_27.11.2010_00-15drv;C:\Windows\System32\drivers\1574985.sys [2010-11-26 352784]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-10-28 20560]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-10-28 62032]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-2-8 40384]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-6 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-18 155752]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-8-30 14648]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-4 1255736]

.

=============== Created Last 30 ================

.

2011-03-14 06:01:01 709456 ----a-w- C:\Windows\is-075SK.exe

2011-03-13 04:55:15 7947600 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{6D466240-25EC-4170-B0EA-007F455BED25}\mpengine.dll

2011-02-25 05:26:37 -------- d-----w- C:\Users\Mystik\AppData\Roaming\Need for Speed World

2011-02-25 03:57:01 -------- d-----w- C:\Users\Mystik\AppData\Local\Electronic_Arts_Inc

2011-02-25 03:56:40 -------- d-----w- C:\PROGRA~3\Electronic Arts

2011-02-23 10:11:43 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-02-23 10:11:43 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-02-23 03:14:12 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-02-23 03:14:11 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-02-23 03:14:11 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-02-23 03:14:11 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-02-21 04:45:46 -------- d-----w- C:\Program Files (x86)\JDownloader

.

==================== Find3M ====================

.

2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-03 05:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll

2011-01-13 08:47:35 38848 ----a-w- C:\Windows\avastSS.scr

2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-01-08 04:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll

2011-01-08 04:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll

2011-01-08 04:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll

2011-01-08 04:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll

2011-01-08 04:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe

2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys

2010-12-23 06:07:50 1118720 ----a-w- C:\Windows\System32\sbe.dll

2010-12-23 06:07:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2010-12-23 06:07:49 723968 ----a-w- C:\Windows\System32\EncDec.dll

2010-12-23 06:02:33 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2010-12-23 05:28:29 850432 ----a-w- C:\Windows\SysWow64\sbe.dll

2010-12-23 05:28:28 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2010-12-23 05:28:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2010-12-23 05:24:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll

2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll

2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll

2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll

2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll

2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll

2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll

2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll

2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll

2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll

2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll

2010-12-21 01:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-12-18 06:12:28 3138048 ----a-w- C:\Windows\System32\mstscax.dll

2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll

2010-12-18 06:08:15 1097216 ----a-w- C:\Windows\System32\mstsc.exe

2010-12-18 05:30:20 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll

2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2010-12-18 05:26:55 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe

2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec

2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 23:11:18.72 ===============

Link to post
Share on other sites

Here's my "Attached" log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/1/2010 11:02:13 AM

System Uptime: 3/13/2011 7:42:33 PM (4 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P6T

Processor: Intel® Core i7 CPU 950 @ 3.07GHz | LGA1366 | 3068/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 931 GiB total, 815.58 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP172: 2/25/2011 7:32:40 AM - Windows Update

RP173: 2/26/2011 11:40:14 AM - Windows Update

RP174: 2/27/2011 12:47:08 PM - Windows Update

RP175: 2/27/2011 7:50:51 PM - Windows Update

RP176: 2/28/2011 8:19:35 PM - Windows Update

RP177: 3/2/2011 7:32:44 AM - Windows Update

RP178: 3/3/2011 7:49:41 PM - Windows Update

RP179: 3/5/2011 1:32:25 AM - Windows Update

RP180: 3/6/2011 5:46:35 PM - Windows Update

RP181: 3/7/2011 7:27:00 PM - Windows Update

RP182: 3/9/2011 12:36:09 AM - Windows Update

RP183: 3/9/2011 7:34:03 AM - Windows Update

RP184: 3/10/2011 7:40:46 AM - Windows Update

RP185: 3/11/2011 5:53:16 PM - Windows Update

RP186: 3/12/2011 9:54:54 PM - Windows Update

.

==== Installed Programs ======================

.

Link to post
Share on other sites

Here is my Malwarebytes log, it showed no infections:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6059

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

3/14/2011 7:38:54 PM

mbam-log-2011-03-14 (19-38-54).txt

Scan type: Quick scan

Objects scanned: 160854

Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----END------

Link to post
Share on other sites

Here is my new DDS log:

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Mystik at 19:42:46.45 on Mon 03/14/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6134.4035 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Users\Mystik\Downloads\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [EPSON WorkForce 610 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_S9C30.tmp" /EF "HKCU"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Mystik\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mystik\AppData\Roaming\Mozilla\Firefox\Profiles\03goz7gn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\Mystik\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Users\Mystik\AppData\Roaming\Mozilla\Firefox\Profiles\03goz7gn.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 15749852;15749852 Boot Guard Driver;C:\Windows\System32\drivers\15749852.sys [2010-11-26 40464]

R1 15749851;15749851;C:\Windows\System32\drivers\15749851.sys [2010-11-26 157712]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-10-28 273488]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]

R1 setup_9.0.0.722_27.11.2010_00-15drv;setup_9.0.0.722_27.11.2010_00-15drv;C:\Windows\System32\drivers\1574985.sys [2010-11-26 352784]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-10-28 20560]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-10-28 62032]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-2-8 40384]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-6 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-18 155752]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-8-30 14648]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-4 1255736]

.

=============== Created Last 30 ================

.

2011-03-14 14:37:34 7947600 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{3464F83E-CE9D-47F5-B43C-37E95B1D979F}\mpengine.dll

2011-02-25 05:26:37 -------- d-----w- C:\Users\Mystik\AppData\Roaming\Need for Speed World

2011-02-25 03:57:01 -------- d-----w- C:\Users\Mystik\AppData\Local\Electronic_Arts_Inc

2011-02-25 03:56:40 -------- d-----w- C:\PROGRA~3\Electronic Arts

2011-02-23 10:11:43 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-02-23 10:11:43 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-02-23 03:14:12 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-02-23 03:14:11 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-02-23 03:14:11 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-02-23 03:14:11 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-02-21 04:45:46 -------- d-----w- C:\Program Files (x86)\JDownloader

.

==================== Find3M ====================

.

2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-03 05:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll

2011-01-13 08:47:35 38848 ----a-w- C:\Windows\avastSS.scr

2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-01-08 04:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll

2011-01-08 04:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll

2011-01-08 04:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll

2011-01-08 04:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll

2011-01-08 04:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe

2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys

2010-12-23 06:07:50 1118720 ----a-w- C:\Windows\System32\sbe.dll

2010-12-23 06:07:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2010-12-23 06:07:49 723968 ----a-w- C:\Windows\System32\EncDec.dll

2010-12-23 06:02:33 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2010-12-23 05:28:29 850432 ----a-w- C:\Windows\SysWow64\sbe.dll

2010-12-23 05:28:28 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2010-12-23 05:28:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2010-12-23 05:24:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll

2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll

2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll

2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll

2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll

2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll

2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll

2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll

2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll

2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll

2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll

2010-12-21 01:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-12-18 06:12:28 3138048 ----a-w- C:\Windows\System32\mstscax.dll

2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll

2010-12-18 06:08:15 1097216 ----a-w- C:\Windows\System32\mstsc.exe

2010-12-18 05:30:20 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll

2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2010-12-18 05:26:55 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe

2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec

2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 19:43:22.35 ===============

And here is the "Attached" log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/1/2010 11:02:13 AM

System Uptime: 3/14/2011 7:04:59 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P6T

Processor: Intel® Core i7 CPU 950 @ 3.07GHz | LGA1366 | 3068/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 931 GiB total, 815.536 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP173: 2/26/2011 11:40:14 AM - Windows Update

RP174: 2/27/2011 12:47:08 PM - Windows Update

RP175: 2/27/2011 7:50:51 PM - Windows Update

RP176: 2/28/2011 8:19:35 PM - Windows Update

RP177: 3/2/2011 7:32:44 AM - Windows Update

RP178: 3/3/2011 7:49:41 PM - Windows Update

RP179: 3/5/2011 1:32:25 AM - Windows Update

RP180: 3/6/2011 5:46:35 PM - Windows Update

RP181: 3/7/2011 7:27:00 PM - Windows Update

RP182: 3/9/2011 12:36:09 AM - Windows Update

RP183: 3/9/2011 7:34:03 AM - Windows Update

RP184: 3/10/2011 7:40:46 AM - Windows Update

RP185: 3/11/2011 5:53:16 PM - Windows Update

RP186: 3/12/2011 9:54:54 PM - Windows Update

RP187: 3/14/2011 7:37:21 AM - Windows Update

.

==== Installed Programs ======================

.

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

My Eset Online Scanner log:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=4b93c59466e96849bcd6dab516440526

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-03-17 03:30:11

# local_time=2011-03-16 08:30:11 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 11127600 11127600 0 0

# compatibility_mode=5893 16776574 66 85 51857577 51872494 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=204961

# found=0

# cleaned=0

# scan_time=3567

Link to post
Share on other sites

Okay, I ran the Microsoft Fix It tool as requested.

Here is my new DDS log:

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Mystik at 21:44:05.20 on Thu 03/17/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6134.4051 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskeng.exe

C:\Users\Mystik\Downloads\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [EPSON WorkForce 610 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_S9C30.tmp" /EF "HKCU"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Mystik\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mystik\AppData\Roaming\Mozilla\Firefox\Profiles\03goz7gn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\Mystik\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Users\Mystik\AppData\Roaming\Mozilla\Firefox\Profiles\03goz7gn.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 15749852;15749852 Boot Guard Driver;C:\Windows\System32\drivers\15749852.sys [2010-11-26 40464]

R1 15749851;15749851;C:\Windows\System32\drivers\15749851.sys [2010-11-26 157712]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-16 505176]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-10-28 280408]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]

R1 setup_9.0.0.722_27.11.2010_00-15drv;setup_9.0.0.722_27.11.2010_00-15drv;C:\Windows\System32\drivers\1574985.sys [2010-11-26 352784]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-10-28 22360]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-10-28 64344]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-16 42184]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-6 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-18 155752]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-8-30 14648]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-4 1255736]

.

=============== Created Last 30 ================

.

2011-03-18 04:43:19 20702 ----a-w- C:\FixitRegBackup.reg

2011-03-17 03:34:06 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-03-17 03:33:26 7947600 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{708CAF50-1931-44D9-A115-C591B3DDEAAA}\mpengine.dll

2011-03-17 02:27:20 -------- d-----w- C:\Program Files (x86)\ESET

2011-02-25 05:26:37 -------- d-----w- C:\Users\Mystik\AppData\Roaming\Need for Speed World

2011-02-25 03:57:01 -------- d-----w- C:\Users\Mystik\AppData\Local\Electronic_Arts_Inc

2011-02-25 03:56:40 -------- d-----w- C:\PROGRA~3\Electronic Arts

2011-02-23 10:11:43 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-02-23 10:11:43 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-02-23 03:14:12 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-02-23 03:14:11 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-02-23 03:14:11 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-02-23 03:14:11 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-02-21 04:45:46 -------- d-----w- C:\Program Files (x86)\JDownloader

.

==================== Find3M ====================

.

2011-02-23 14:04:21 40648 ----a-w- C:\Windows\avastSS.scr

2011-02-23 13:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-03 05:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll

2011-01-08 04:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll

2011-01-08 04:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll

2011-01-08 04:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll

2011-01-08 04:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll

2011-01-08 04:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe

2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys

2010-12-23 06:07:50 1118720 ----a-w- C:\Windows\System32\sbe.dll

2010-12-23 06:07:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2010-12-23 06:07:49 723968 ----a-w- C:\Windows\System32\EncDec.dll

2010-12-23 06:02:33 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2010-12-23 05:28:29 850432 ----a-w- C:\Windows\SysWow64\sbe.dll

2010-12-23 05:28:28 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2010-12-23 05:28:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2010-12-23 05:24:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll

2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll

2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll

2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll

2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll

2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll

2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll

2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll

2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll

2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll

2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll

2010-12-21 01:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-12-18 06:12:28 3138048 ----a-w- C:\Windows\System32\mstscax.dll

2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll

2010-12-18 06:08:15 1097216 ----a-w- C:\Windows\System32\mstsc.exe

2010-12-18 05:30:20 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll

2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2010-12-18 05:26:55 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe

2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec

.

============= FINISH: 21:45:44.38 ===============

And here is my "Attached" log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/1/2010 11:02:13 AM

System Uptime: 3/17/2011 7:28:42 PM (2 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P6T

Processor: Intel® Core i7 CPU 950 @ 3.07GHz | LGA1366 | 3068/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 931 GiB total, 815.703 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP176: 2/28/2011 8:19:35 PM - Windows Update

RP177: 3/2/2011 7:32:44 AM - Windows Update

RP178: 3/3/2011 7:49:41 PM - Windows Update

RP179: 3/5/2011 1:32:25 AM - Windows Update

RP180: 3/6/2011 5:46:35 PM - Windows Update

RP181: 3/7/2011 7:27:00 PM - Windows Update

RP182: 3/9/2011 12:36:09 AM - Windows Update

RP183: 3/9/2011 7:34:03 AM - Windows Update

RP184: 3/10/2011 7:40:46 AM - Windows Update

RP185: 3/11/2011 5:53:16 PM - Windows Update

RP186: 3/12/2011 9:54:54 PM - Windows Update

RP187: 3/14/2011 7:37:21 AM - Windows Update

RP188: 3/15/2011 7:44:28 PM - Windows Update

RP189: 3/16/2011 8:33:11 PM - Windows Update

RP190: 3/17/2011 9:43:07 PM - Installed Microsoft Fix it 50535

.

==== Installed Programs ======================

.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.