Jump to content

Google Redirects, think I've fixed need a quick review.


Recommended Posts

So I've been having some google redirect issues. I've done a full scan of the latest malwarebytes in safemode and it took out some trojans and here are latest DDS logs. I couldn't even run DDS or GMER to obtain logs prior to doing a full scan with a fully update malwarebytes and combinefix. Now at the least I can get the DDS log I couldn't prior. Please advise. TIA!

DDS Log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_18

Run by xxxxxx at 21:28:05 on 2011-11-08

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.1850 [GMT -8:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\SysWOW64\IoctlSvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Eraser\Eraser.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe

C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\xxxxxx\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com

uInternet Settings,ProxyOverride = <local>

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\Users\xxxxx\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe

StartupFolder: C:\Users\xxxxxx\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe

StartupFolder: C:\Users\xxxxxx\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.10

TCP: Interfaces\{A9759BAC-0E51-4214-89BA-FFF658869C1D} : DhcpNameServer = 192.168.1.10

TCP: Interfaces\{C5802C44-DA9B-4640-8A7E-158EE971A5C2} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll

BHO-X64: Browser Defender BHO - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u88adnkq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\xxxxxx\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\xxxxxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\xxxxxx\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-8-15 112592]

R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]

R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-25 2011944]

R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-5-5 583360]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-10-22 44768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 136176]

S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-8-15 366840]

S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-8-15 1142224]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMP110;Linksys WMP110v2 RangePlus Wireless PCI Adapter Service;C:\Windows\system32\DRIVERS\WMP110.sys --> C:\Windows\system32\DRIVERS\WMP110.sys [?]

.

=============== Created Last 30 ================

.

2011-11-09 04:11:10 98816 ----a-w- C:\Windows\sed.exe

2011-11-09 04:11:10 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-09 04:11:10 256000 ----a-w- C:\Windows\PEV.exe

2011-11-09 04:11:10 208896 ----a-w- C:\Windows\MBR.exe

2011-11-09 03:43:51 -------- d-----w- C:\Windows\System32\appmgmt

2011-11-09 03:42:42 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A44E6387-C665-4CA0-B148-DC6FA820D63D}\offreg.dll

2011-11-09 03:17:14 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 03:17:14 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 03:17:11 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 03:17:09 3141120 ----a-w- C:\Windows\System32\win32k.sys

2011-11-09 03:15:09 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A44E6387-C665-4CA0-B148-DC6FA820D63D}\mpengine.dll

2011-11-08 08:26:37 -------- d-----w- C:\Program Files (x86)\STOPzilla!

2011-11-08 08:26:36 -------- d-----w- C:\ProgramData\STOPzilla!

2011-11-08 08:03:36 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5F56A86D-3A5F-4A78-AD9A-87CA81571E6C}\offreg.dll

2011-11-08 07:53:27 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5F56A86D-3A5F-4A78-AD9A-87CA81571E6C}\mpengine.dll

2011-11-08 07:50:57 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-11-08 07:50:14 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-11-08 06:30:26 -------- d-----w- C:\Users\xxxxxx\AppData\Local\ElevatedDiagnostics

2011-10-26 01:56:11 -------- d-----w- C:\Users\xxxxxx\AppData\Roaming\Mumble

2011-10-26 01:56:10 -------- d-----w- C:\Users\xxxxxx\AppData\Local\Mumble

2011-10-26 01:55:46 -------- d-----w- C:\Program Files (x86)\Mumble

2011-10-22 23:53:13 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-10-22 17:51:19 -------- d-----w- C:\Users\xxxxxx\AppData\Local\AMD

2011-10-22 17:51:07 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-10-22 17:50:45 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys

2011-10-22 17:50:43 -------- d-----w- C:\ProgramData\AMD

2011-10-22 17:50:37 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-10-12 01:03:19 613888 ----a-w- C:\Windows\System32\psisdecd.dll

.

==================== Find3M ====================

.

2011-09-14 18:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-09-14 18:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-09-14 18:47:22 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-09-14 18:47:18 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-09-14 18:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll

2011-09-14 18:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-09-14 18:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll

2011-09-14 18:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll

2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll

2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll

2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe

2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll

2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll

2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr

2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-01 01:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax

2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax

2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax

2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax

2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax

2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

.

============= FINISH: 21:28:50.64 ===============

Link to post
Share on other sites

Hello YikesIamHit and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next post, please include aswMBR log and Attach.txt (from DDS tool).

Link to post
Share on other sites

Below is the aswMBR log and the Attach.txt from DDS is attached as well, thanks for your help!

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-09 17:42:34

-----------------------------

17:42:34.511 OS Version: Windows x64 6.1.7600

17:42:34.511 Number of processors: 4 586 0x502

17:42:34.511 ComputerName: AMD620X4 UserName: xxxxxx

17:42:49.560 Initialize success

17:42:49.638 AVAST engine defs: 11110901

17:42:57.236 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066

17:42:57.236 Disk 0 Vendor: ST375033 AD14 Size: 715403MB BusType: 3

17:42:59.342 Disk 0 MBR read successfully

17:42:59.357 Disk 0 MBR scan

17:42:59.357 Disk 0 Windows 7 default MBR code

17:42:59.373 Service scanning

17:43:18.637 Modules scanning

17:43:18.637 Disk 0 trace - called modules:

17:43:18.699 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys

17:43:18.699 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d4a060]

17:43:18.715 3 CLASSPNP.SYS[fffff8800191343f] -> nt!IofCallDriver -> [0xfffffa8003cf4a20]

17:43:18.730 5 ACPI.sys[fffff88000f7e781] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8004abf060]

17:43:25.688 AVAST engine scan C:\Windows

17:43:32.739 AVAST engine scan C:\Windows\system32

17:45:13.451 AVAST engine scan C:\Windows\system32\drivers

17:45:26.587 AVAST engine scan C:\Users\xxxxxx

17:51:08.663 AVAST engine scan C:\ProgramData

17:52:22.857 Scan finished successfully

18:08:11.073 Disk 0 MBR has been saved successfully to "C:\Users\xxxxxx\Desktop\MBR.dat"

18:08:11.088 The log file has been saved successfully to "C:\Users\xxxxxx\Desktop\aswMBR.txt"

Attach.txt

Link to post
Share on other sites

Step 1

Please read our policy concerning p2p applications such as those you have installed on your system: μTorrent and LimeWire 5.5.7 and then uninstall them.

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

On your system there are remnants of old products to protect, which may impede the normal operation of your current antivirus program. Let us try to clean these remnants using AppRemover. You can download it from here:

http://www.appremover.com/get/appremover.exe

Follow the instructions from 2. How to Use AppRemover to Clean Up a Failed Uninstall:

http://www.appremover.com/faq/about/using-appremover.html

When you are ready, please generate a new fresh log file from DDS and post it with Attach.txt .

Link to post
Share on other sites

I followed the instructions, the appremover program didn't find anything. Here is the new DDS log.

Thanks!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_18

Run by xxxxxx at 19:58:14 on 2011-11-10

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2226 [GMT -8:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\SysWOW64\IoctlSvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Eraser\Eraser.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Digsby\lib\digsby-app.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe

C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com

uInternet Settings,ProxyOverride = <local>

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\Users\xxxxxx\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe

StartupFolder: C:\Users\xxxxxx\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.10

TCP: Interfaces\{A9759BAC-0E51-4214-89BA-FFF658869C1D} : DhcpNameServer = 192.168.1.10

TCP: Interfaces\{C5802C44-DA9B-4640-8A7E-158EE971A5C2} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u88adnkq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\xxxxxx\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\xxxxxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\xxxxxx\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-10-22 44768]

R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]

R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-25 2011944]

R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-5-5 583360]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-19 136176]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMP110;Linksys WMP110v2 RangePlus Wireless PCI Adapter Service;C:\Windows\system32\DRIVERS\WMP110.sys --> C:\Windows\system32\DRIVERS\WMP110.sys [?]

.

=============== Created Last 30 ================

.

2011-11-11 02:55:28 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A44E6387-C665-4CA0-B148-DC6FA820D63D}\offreg.dll

2011-11-10 09:47:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-09 08:10:56 -------- d-----w- C:\Program Files (x86)\ESET

2011-11-09 06:05:33 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-09 06:05:08 -------- d-----w- C:\Program Files\CCleaner

2011-11-09 04:11:10 98816 ----a-w- C:\Windows\sed.exe

2011-11-09 04:11:10 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-09 04:11:10 256000 ----a-w- C:\Windows\PEV.exe

2011-11-09 04:11:10 208896 ----a-w- C:\Windows\MBR.exe

2011-11-09 03:43:51 -------- d-----w- C:\Windows\System32\appmgmt

2011-11-09 03:17:14 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 03:17:14 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 03:17:11 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 03:17:09 3141120 ----a-w- C:\Windows\System32\win32k.sys

2011-11-09 03:15:09 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A44E6387-C665-4CA0-B148-DC6FA820D63D}\mpengine.dll

2011-11-08 08:26:37 -------- d-----w- C:\Program Files (x86)\STOPzilla!

2011-11-08 08:26:36 -------- d-----w- C:\ProgramData\STOPzilla!

2011-11-08 06:30:26 -------- d-----w- C:\Users\xxxxxx\AppData\Local\ElevatedDiagnostics

2011-10-26 01:56:11 -------- d-----w- C:\Users\xxxxxx\AppData\Roaming\Mumble

2011-10-26 01:56:10 -------- d-----w- C:\Users\xxxxxx\AppData\Local\Mumble

2011-10-26 01:55:46 -------- d-----w- C:\Program Files (x86)\Mumble

2011-10-22 23:53:13 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-10-22 17:51:19 -------- d-----w- C:\Users\xxxxxx\AppData\Local\AMD

2011-10-22 17:51:07 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-10-22 17:50:45 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys

2011-10-22 17:50:43 -------- d-----w- C:\ProgramData\AMD

2011-10-22 17:50:37 -------- d-----w- C:\Program Files (x86)\ATI Technologies

.

==================== Find3M ====================

.

2011-09-14 18:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-09-14 18:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-09-14 18:47:22 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-09-14 18:47:18 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-09-14 18:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll

2011-09-14 18:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-09-14 18:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll

2011-09-14 18:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll

2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll

2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll

2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe

2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll

2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll

2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr

2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-01 01:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax

2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax

2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax

2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax

2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax

2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

.

============= FINISH: 20:00:46.93 ===============

Attach.txt

Link to post
Share on other sites

Actually not, because compared to your old log file, I see the lack of what I wanted:

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll

and others, which means that the job is done.

Now, please follow the instructions to run ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#use

Finally, post the log.txt

Link to post
Share on other sites

Thank you for the quickly. I tried running the appremover as administrator and scanned again, and it still didn't pick up the left over stuff. I reported as an issue. Below is a combofix that I ran 2 days ago because DDS wouldn't even run. here is the log:

ComboFix 11-11-08.02 - xxxxxx 11/08/2011 20:12:34.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2508 [GMT -8:00]

Running from: c:\users\xxxxxx\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\xxxxxx\AppData\Roaming\install

c:\users\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Index_05970870.dat

c:\users\xxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\IndexIE_05970870.dat

c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u88adnkq.default\extensions\{77cfa8f5-1f3e-4959-97d1-206d99030cdb}

c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u88adnkq.default\extensions\{77cfa8f5-1f3e-4959-97d1-206d99030cdb}\chrome.manifest

c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u88adnkq.default\extensions\{77cfa8f5-1f3e-4959-97d1-206d99030cdb}\chrome\xulcache.jar

c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u88adnkq.default\extensions\{77cfa8f5-1f3e-4959-97d1-206d99030cdb}\defaults\preferences\xulcache.js

c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u88adnkq.default\extensions\{77cfa8f5-1f3e-4959-97d1-206d99030cdb}\install.rdf

c:\users\xxxxxx\Desktop\Setup.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))

.

.

2011-11-09 04:25 . 2011-11-09 04:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- c:\windows\system32\appmgmt

2011-11-09 03:42 . 2011-11-09 03:42 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A44E6387-C665-4CA0-B148-DC6FA820D63D}\offreg.dll

2011-11-09 03:17 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-09 03:17 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-09 03:17 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 03:17 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys

2011-11-09 03:15 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A44E6387-C665-4CA0-B148-DC6FA820D63D}\mpengine.dll

2011-11-08 08:26 . 2011-11-09 03:43 -------- d-----w- c:\program files (x86)\STOPzilla!

2011-11-08 08:26 . 2011-11-09 03:43 -------- d-----w- c:\programdata\STOPzilla!

2011-11-08 08:03 . 2011-11-08 08:03 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F56A86D-3A5F-4A78-AD9A-87CA81571E6C}\offreg.dll

2011-11-08 07:53 . 2011-10-07 05:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F56A86D-3A5F-4A78-AD9A-87CA81571E6C}\mpengine.dll

2011-11-08 07:50 . 2011-11-08 07:50 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-11-08 07:50 . 2011-11-08 07:51 -------- d-----w- c:\program files\Microsoft Security Client

2011-11-08 06:30 . 2011-11-08 06:30 -------- d-----w- c:\users\xxxxxx\AppData\Local\ElevatedDiagnostics

2011-11-08 06:19 . 2011-11-08 06:19 -------- d-----w- c:\windows\Sun

2011-10-26 01:56 . 2011-10-26 02:42 -------- d-----w- c:\users\xxxxxx\AppData\Roaming\Mumble

2011-10-26 01:56 . 2011-10-26 01:56 -------- d-----w- c:\users\xxxxxx\AppData\Local\Mumble

2011-10-26 01:55 . 2011-10-26 01:55 -------- d-----w- c:\program files (x86)\Mumble

2011-10-22 23:53 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe

2011-10-22 23:53 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-10-22 17:51 . 2011-10-22 17:51 -------- d-----w- c:\users\xxxxxx\AppData\Local\AMD

2011-10-22 17:51 . 2011-10-22 17:51 -------- d-----w- c:\programdata\ATI

2011-10-22 17:51 . 2011-10-22 17:51 -------- d-----w- c:\program files (x86)\AMD APP

2011-10-22 17:50 . 2010-02-18 16:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys

2011-10-22 17:50 . 2011-10-22 17:50 -------- d-----w- c:\programdata\AMD

2011-10-22 17:50 . 2011-10-22 17:50 -------- d-----w- c:\program files (x86)\ATI Technologies

2011-10-12 01:03 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-14 18:47 . 2011-09-14 18:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll

2011-09-14 18:47 . 2011-09-14 18:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll

2011-09-14 18:47 . 2011-09-14 18:47 51200 ----a-w- c:\windows\system32\OpenCL.dll

2011-09-14 18:47 . 2011-09-14 18:47 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-09-14 18:47 . 2011-09-14 18:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll

2011-09-14 18:46 . 2011-09-14 18:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll

2011-09-14 18:38 . 2011-09-14 18:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll

2011-09-14 18:38 . 2011-09-14 18:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll

2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll

2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll

2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-09-08 17:34 . 2011-09-08 17:34 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll

2011-09-08 17:32 . 2010-03-03 04:15 862720 ----a-w- c:\windows\system32\aticfx64.dll

2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe

2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe

2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll

2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll

2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll

2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll

2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll

2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll

2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll

2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll

2011-09-08 17:16 . 2010-03-03 03:57 4944896 ----a-w- c:\windows\system32\atidxx64.dll

2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll

2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll

2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll

2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll

2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll

2011-09-08 16:59 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll

2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll

2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll

2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll

2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll

2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-09-08 16:52 . 2010-03-03 03:06 40960 ----a-w- c:\windows\system32\atiuxp64.dll

2011-09-08 16:51 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2011-09-08 16:51 . 2011-09-08 16:51 38912 ----a-w- c:\windows\system32\atiu9p64.dll

2011-09-08 16:51 . 2011-09-08 16:51 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll

2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2011-09-06 20:45 . 2010-11-22 07:25 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2010-04-06 02:28 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-09-06 20:38 . 2010-04-06 02:29 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2010-04-06 02:29 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2010-04-06 02:29 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2010-04-06 02:29 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 20:36 . 2010-04-06 02:29 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-01 01:00 . 2010-03-16 04:57 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-10-18 328056]

"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-02 1242448]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-04-10 2937528]

"eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2009-08-17 95744]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-29 1828136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-11-15 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-11-15 821144]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]

.

c:\users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]

eFax 4.4.lnk - c:\program files (x86)\eFax Messenger 4.4\J2GTray.exe [2009-8-17 656896]

LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-3-16 503808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 136176]

R3 ALSysIO;ALSysIO;c:\users\xxxxxx\AppData\Local\Temp\ALSysIO64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 136176]

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMP110;Linksys WMP110v2 RangePlus Wireless PCI Adapter Service;c:\windows\system32\DRIVERS\WMP110.sys [x]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 06:26]

.

2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 06:26]

.

2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1591793056-1843773748-1626240318-1000Core.job

- c:\users\xxxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-24 03:26]

.

2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1591793056-1843773748-1626240318-1000UA.job

- c:\users\xxxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-24 03:26]

.

2011-11-07 c:\windows\Tasks\Norton Security Scan for xxxxxx.job

- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-14 18:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2009-12-15 976784]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 192.168.1.10

FF - ProfilePath - c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u88adnkq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1591793056-1843773748-1626240318-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):4c,f7,72,4a,5a,f5,35,39,91,dc,d2,57,4c,f4,40,07,9a,cc,1f,d1,c2,

fb,51,8b,ba,75,a5,97,4d,95,9f,1e,4e,b0,82,be,91,02,0d,7a,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-1591793056-1843773748-1626240318-1000_Classes\Wow6432Node\CLSID\{89674b53-63d6-4818-9aa1-d89bba1625df}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000bb

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,b0,3a,88,dc,53,4c,9f,87,ae,27,98,b4,06,01,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-11-08 20:40:38

ComboFix-quarantined-files.txt 2011-11-09 04:40

.

Pre-Run: 32,535,937,024 bytes free

Post-Run: 32,130,150,400 bytes free

.

- - End Of File - - 2D15D4FC2C4A6C64CE689A5BDC0DC962

Link to post
Share on other sites

No, it is okay, but take care for them, don't forget!

Open Notepad and copy and paste the text in the code box below into it:

SecCenter::
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

Driver::
PCTCore64
sdAuxService

File::
c:\users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

Folder::
c:\program files (x86)\Spyware Doctor
c:\program files (x86)\LimeWire

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites

Here is the latest combofix log. My computer doesn't exhibit any symptoms anymore and actually runs pretty well. Thanks in Advance!

ComboFix 11-11-11.06 - xxxxxx 11/11/2011 18:25:45.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2497 [GMT -8:00]

Running from: c:\users\xxxxxx\Desktop\ComboFix.exe

Command switches used :: c:\users\xxxxxx\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_KXESCORE

-------\Legacy_SDAUXSERVICE

.

.

((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))

.

.

2011-11-12 03:02 . 2011-11-12 03:02 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6105E8B-3F70-4527-A8D1-1558B6E18CA0}\offreg.dll

2011-11-12 03:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6105E8B-3F70-4527-A8D1-1558B6E18CA0}\mpengine.dll

2011-11-12 02:56 . 2011-11-12 02:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-10 09:47 . 2011-11-10 09:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-10 09:46 . 2011-11-10 09:46 -------- d-----w- c:\windows\system32\Macromed

2011-11-09 08:10 . 2011-11-09 08:10 -------- d-----w- c:\program files (x86)\ESET

2011-11-09 06:05 . 2011-11-09 06:05 -------- d-----w- c:\program files\CCleaner

2011-11-09 03:43 . 2011-11-09 03:43 -------- d-----w- c:\windows\system32\appmgmt

2011-11-09 03:17 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-09 03:17 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-09 03:17 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 03:17 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys

2011-11-08 08:26 . 2011-11-09 03:43 -------- d-----w- c:\program files (x86)\STOPzilla!

2011-11-08 08:26 . 2011-11-09 03:43 -------- d-----w- c:\programdata\STOPzilla!

2011-11-08 06:30 . 2011-11-08 06:30 -------- d-----w- c:\users\xxxxxx\AppData\Local\ElevatedDiagnostics

2011-11-08 06:19 . 2011-11-08 06:19 -------- d-----w- c:\windows\Sun

2011-10-26 01:56 . 2011-10-26 02:42 -------- d-----w- c:\users\xxxxxx\AppData\Roaming\Mumble

2011-10-26 01:56 . 2011-10-26 01:56 -------- d-----w- c:\users\xxxxxx\AppData\Local\Mumble

2011-10-26 01:55 . 2011-10-26 01:55 -------- d-----w- c:\program files (x86)\Mumble

2011-10-22 23:53 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe

2011-10-22 23:53 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-10-22 17:51 . 2011-10-22 17:51 -------- d-----w- c:\users\xxxxxx\AppData\Local\AMD

2011-10-22 17:51 . 2011-10-22 17:51 -------- d-----w- c:\programdata\ATI

2011-10-22 17:51 . 2011-10-22 17:51 -------- d-----w- c:\program files (x86)\AMD APP

2011-10-22 17:50 . 2010-02-18 16:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys

2011-10-22 17:50 . 2011-10-22 17:50 -------- d-----w- c:\programdata\AMD

2011-10-22 17:50 . 2011-10-22 17:50 -------- d-----w- c:\program files (x86)\ATI Technologies

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-14 18:47 . 2011-09-14 18:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll

2011-09-14 18:47 . 2011-09-14 18:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll

2011-09-14 18:47 . 2011-09-14 18:47 51200 ----a-w- c:\windows\system32\OpenCL.dll

2011-09-14 18:47 . 2011-09-14 18:47 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-09-14 18:47 . 2011-09-14 18:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll

2011-09-14 18:46 . 2011-09-14 18:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll

2011-09-14 18:38 . 2011-09-14 18:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll

2011-09-14 18:38 . 2011-09-14 18:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll

2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll

2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll

2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-09-08 17:34 . 2011-09-08 17:34 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll

2011-09-08 17:32 . 2010-03-03 04:15 862720 ----a-w- c:\windows\system32\aticfx64.dll

2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe

2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe

2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll

2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll

2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll

2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll

2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll

2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll

2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll

2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll

2011-09-08 17:16 . 2010-03-03 03:57 4944896 ----a-w- c:\windows\system32\atidxx64.dll

2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll

2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll

2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll

2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll

2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll

2011-09-08 16:59 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll

2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll

2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll

2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll

2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll

2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-09-08 16:52 . 2010-03-03 03:06 40960 ----a-w- c:\windows\system32\atiuxp64.dll

2011-09-08 16:51 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2011-09-08 16:51 . 2011-09-08 16:51 38912 ----a-w- c:\windows\system32\atiu9p64.dll

2011-09-08 16:51 . 2011-09-08 16:51 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll

2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2011-09-06 20:45 . 2010-11-22 07:25 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2010-04-06 02:28 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-09-06 20:38 . 2010-04-06 02:29 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2010-04-06 02:29 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2010-04-06 02:29 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2010-04-06 02:29 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 20:36 . 2010-04-06 02:29 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-01 05:24 . 2011-10-12 08:44 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 05:17 . 2011-10-12 08:44 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 05:12 . 2011-10-12 08:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-01 02:35 . 2011-10-12 08:44 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-09-01 02:28 . 2011-10-12 08:44 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-09-01 02:22 . 2011-10-12 08:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-09-01 01:00 . 2010-03-16 04:57 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-27 05:40 . 2011-10-12 01:03 861184 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 05:40 . 2011-10-12 01:03 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-08-27 04:43 . 2011-10-12 01:03 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-27 04:43 . 2011-10-12 01:03 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-08-17 05:32 . 2011-10-12 01:03 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-08-17 05:27 . 2011-10-12 01:03 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-08-17 05:27 . 2011-10-12 01:03 288256 ----a-w- c:\windows\system32\MSNP.ax

2011-08-17 05:27 . 2011-10-12 01:03 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-08-17 05:27 . 2011-10-12 01:03 75776 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-08-17 04:26 . 2011-10-12 01:03 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-08-17 04:22 . 2011-10-12 01:03 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-08-17 04:22 . 2011-10-12 01:03 204288 ----a-w- c:\windows\SysWow64\MSNP.ax

2011-08-17 04:22 . 2011-10-12 01:03 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax

2011-08-17 04:22 . 2011-10-12 01:03 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-09_04.26.42 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-11-09 03:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-11-12 06:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-11-09 03:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-12 06:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-12 06:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-11-09 03:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-03-06 00:30 . 2011-11-12 02:20 69284 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-11-12 02:20 35676 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-11-09 03:39 35676 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2010-03-05 21:14 . 2011-11-09 03:39 24296 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1591793056-1843773748-1626240318-1000_UserData.bin

+ 2010-03-05 21:14 . 2011-11-12 02:20 24296 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1591793056-1843773748-1626240318-1000_UserData.bin

- 2010-03-05 01:05 . 2011-11-03 02:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-05 01:05 . 2011-11-11 03:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-05 01:05 . 2011-11-11 03:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-05 01:05 . 2011-11-03 02:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-11-03 02:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-11 03:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2011-11-12 02:26 71944 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-11-12 02:57 . 2011-11-12 02:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-11-09 03:37 . 2011-11-09 03:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-12 02:57 . 2011-11-12 02:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-09 03:37 . 2011-11-09 03:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-11-10 09:47 . 2011-11-10 09:47 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe

+ 2011-11-10 09:47 . 2011-11-10 09:47 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_0_1_Plugin.exe

- 2011-10-22 17:52 . 2011-11-09 03:20 263712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-10-22 17:52 . 2011-11-12 02:56 263712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2011-11-09 03:20 477668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-11-12 02:56 477668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-01-27 01:07 . 2011-11-10 09:47 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

- 2009-07-14 04:45 . 2011-11-09 03:42 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2011-11-11 07:45 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-04-25 07:49 . 2011-11-11 08:13 1720100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1591793056-1843773748-1626240318-1000-12288.dat

+ 2009-07-14 02:34 . 2011-11-12 03:12 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2011-11-09 03:54 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2011-11-10 09:47 . 2011-11-10 09:47 11328672 c:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll

+ 2010-04-28 08:30 . 2011-11-12 02:56 12707861 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1591793056-1843773748-1626240318-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-02 1242448]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-04-10 2937528]

"eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2009-08-17 95744]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-29 1828136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-11-15 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-11-15 821144]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]

.

c:\users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]

eFax 4.4.lnk - c:\program files (x86)\eFax Messenger 4.4\J2GTray.exe [2009-8-17 656896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]

R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 136176]

R3 ALSysIO;ALSysIO;c:\users\xxxxxx\AppData\Local\Temp\ALSysIO64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 136176]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMP110;Linksys WMP110v2 RangePlus Wireless PCI Adapter Service;c:\windows\system32\DRIVERS\WMP110.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 06:26]

.

2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 06:26]

.

2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1591793056-1843773748-1626240318-1000Core.job

- c:\users\xxxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-24 03:26]

.

2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1591793056-1843773748-1626240318-1000UA.job

- c:\users\xxxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-24 03:26]

.

2011-11-07 c:\windows\Tasks\Norton Security Scan for xxxxxx.job

- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-14 18:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2009-12-15 976784]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]

"combofix"="c:\combofix\CF3021.3XE" [2009-07-14 344576]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.10

FF - ProfilePath - c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\u88adnkq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1591793056-1843773748-1626240318-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):4c,f7,72,4a,5a,f5,35,39,91,dc,d2,57,4c,f4,40,07,9a,cc,1f,d1,c2,

fb,51,8b,ba,75,a5,97,4d,95,9f,1e,4e,b0,82,be,91,02,0d,7a,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-1591793056-1843773748-1626240318-1000_Classes\Wow6432Node\CLSID\{89674b53-63d6-4818-9aa1-d89bba1625df}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000bb

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,b0,3a,88,dc,53,4c,9f,87,ae,27,98,b4,06,01,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\SysWOW64\IoctlSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Digsby\lib\digsby-app.exe

c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files (x86)\Common Files\Steam\SteamService.exe

c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2011-11-11 23:38:46 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-12 07:38

ComboFix2.txt 2011-11-09 04:40

.

Pre-Run: 34,368,118,784 bytes free

Post-Run: 33,859,387,392 bytes free

.

- - End Of File - - 24A4ABEA4E60DFC272C043265ECBB76C

Link to post
Share on other sites

Sounds good! Let's make some additional scans to be sure.

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next:

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next post, please include both the log file specified above.

Link to post
Share on other sites

Thanks again for your help!

This is the log that was there, didn't save another for ESET. It did find some things and they were all quarantined

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Below is the log for Malwarebytes, it didn't find anything

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8136

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

11/12/2011 10:53:01 AM

mbam-log-2011-11-12 (10-53-01).txt

Scan type: Quick scan

Objects scanned: 174478

Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

You sure that you have copied everything from the log file to ESET Online Scanner? Lack of information worries me, so would you re-scan to make sure that whatever it was, it is gone now?

ESET returned clean on the 2nd run. The log file did up date this time:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

esets_scanner_update returned -1 esets_gle=53251

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.