Solved Internet Explorer Ad Pops Up Constantly

cxnguyen89 · 2010/12/23

[Resolved] Internet Explorer Ad Pops Up Constantly

My laptop keeps popping up with IE ads when I am not using IE. I'm not sure if it's a spyware problem. I hope someone can help me please!

PeteC · 2010/12/23

Welcome to WindowsBBS

Please read this as indicated at the head of the forum and post the logs requested in this thread.

cxnguyen89 · 2010/12/23

This is the Malware File:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5385

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/23/2010 3:38:09 PM
mbam-log-2010-12-23 (15-38-09).txt

Scan type: Quick scan
Objects scanned: 157249
Time elapsed: 16 minute(s), 36 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 24
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 14

Memory Processes Infected:
c:\program files (x86)\clickpotatolite\bin\10.0.627.0\clickpotatolitesa.exe (Adware.ClickPotato) -> 2612 -> Unloaded process successfully.

Memory Modules Infected:
c:\program files (x86)\clickpotatolite\bin\10.0.627.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClickPotatoLiteSA (Adware.ClickPotato) -> Value: ClickPotatoLiteSA -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\richard por\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.627.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.627.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.627.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.627.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\clickpotatolite\bin\10.0.627.0\clickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.627.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.627.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.627.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.627.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.627.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

cxnguyen89 · 2010/12/23

This is the GMER:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-23 16:07:31
Windows 6.1.7600
Running: p11jkrk6.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0x26 0x34 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0x7F 0x30 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB8 0xFE 0x2E 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0x1D 0xE7 0xBB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0x26 0x34 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0x7F 0x30 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB8 0xFE 0x2E 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0x1D 0xE7 0xBB ...

---- EOF - GMER 1.0.15 ----

cxnguyen89 · 2010/12/23

MBR Check:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1525
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 205):
0x02C19000 \SystemRoot\system32\ntoskrnl.exe
0x031F6000 \SystemRoot\system32\hal.dll
0x00BAD000 \SystemRoot\system32\kdcom.dll
0x00CD0000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D14000 \SystemRoot\system32\PSHED.dll
0x00D28000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E8A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F2E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x010A0000 \SystemRoot\System32\Drivers\spqy.sys
0x011C6000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011CF000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F3D000 \SystemRoot\system32\DRIVERS\pci.sys
0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
0x01083000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0108C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F70000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F85000 \SystemRoot\System32\drivers\volmgrx.sys
0x01098000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00FE1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E1A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E23000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E4D000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00E58000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00D86000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E63000 \SystemRoot\system32\drivers\fileinfo.sys
0x01214000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014E8000 \SystemRoot\System32\Drivers\msrpc.sys
0x01546000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01560000 \SystemRoot\System32\Drivers\cng.sys
0x015D3000 \SystemRoot\System32\drivers\pcw.sys
0x015E4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01604000 \SystemRoot\system32\drivers\ndis.sys
0x016F6000 \SystemRoot\system32\drivers\NETIO.SYS
0x01756000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x01781000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017CB000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017DB000 \SystemRoot\System32\Drivers\spldr.sys
0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
0x017E3000 \SystemRoot\System32\Drivers\mup.sys
0x017F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01486000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x014C0000 \SystemRoot\system32\DRIVERS\disk.sys
0x013B7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00DD2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x013F2000 \SystemRoot\System32\Drivers\Null.SYS
0x00E77000 \SystemRoot\System32\Drivers\Beep.SYS
0x00FF1000 \SystemRoot\System32\drivers\vga.sys
0x03AA0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03AC5000 \SystemRoot\System32\drivers\watchdog.sys
0x03AD5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03ADE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03AE7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03AF0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03AFB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03B0C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03B2A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03B37000 \SystemRoot\system32\drivers\afd.sys
0x03A00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A45000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03A4E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03A74000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03A8A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BC1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BDC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03CBA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03D0B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03D17000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D22000 \SystemRoot\System32\drivers\discache.sys
0x03D31000 \SystemRoot\system32\drivers\csc.sys
0x03DB4000 \SystemRoot\System32\Drivers\dfsc.sys
0x03DD2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03C26000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03E22000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04480000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04574000 \SystemRoot\System32\drivers\dxgmms1.sys
0x045BA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04400000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04456000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x045C7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C3C000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x04879000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x049BD000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04800000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0483E000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x049CA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04C2F000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x04C7B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04C8A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04C99000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04CA6000 \SystemRoot\System32\Drivers\aoo6rf60.SYS
0x04CEB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04CF0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04CF9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04D09000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04D1F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04D43000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04D4F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04D7E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04D99000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04DBA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04DD4000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04DDF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04E2C000 \SystemRoot\system32\DRIVERS\ks.sys
0x04E6F000 \SystemRoot\system32\drivers\WmBEnum.sys
0x04E73000 \SystemRoot\system32\drivers\WmXlCore.sys
0x04E83000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04E95000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04EEF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04F04000 \SystemRoot\system32\DRIVERS\VSTAZL6.SYS
0x05078000 \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
0x05233000 \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
0x052FE000 \SystemRoot\system32\drivers\modem.sys
0x0530D000 \SystemRoot\system32\drivers\HdAudio.sys
0x05369000 \SystemRoot\system32\drivers\portcls.sys
0x053A6000 \SystemRoot\system32\drivers\drmk.sys
0x053C8000 \SystemRoot\system32\drivers\ksthunk.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x053CE000 \SystemRoot\System32\drivers\Dxapi.sys
0x05000000 \SystemRoot\system32\DRIVERS\udfs.sys
0x053DA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x053F7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05200000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0520E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05227000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05054000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05061000 \SystemRoot\System32\Drivers\crashdmp.sys
0x051EC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04F56000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04F61000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04F74000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00460000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x04F82000 \SystemRoot\system32\drivers\luafv.sys
0x04FA5000 \SystemRoot\system32\drivers\WudfPf.sys
0x04FC6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02423000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02476000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02489000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x02495000 \SystemRoot\system32\DRIVERS\purendis.sys
0x024A1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x024B9000 \SystemRoot\system32\drivers\HTTP.sys
0x02581000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0259F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x025B7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x028F8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02945000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02800000 \SystemRoot\system32\drivers\peauth.sys
0x028A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x028B1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x028DE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02968000 \SystemRoot\System32\DRIVERS\srv2.sys
0x046CC000 \SystemRoot\System32\DRIVERS\srv.sys
0x04764000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0479A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x047B5000 \SystemRoot\system32\DRIVERS\wdcsam64.sys
0x047B9000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x047DB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x776A0000 \Windows\System32\ntdll.dll
0x47F70000 \Windows\System32\smss.exe
0xFF9C0000 \Windows\System32\apisetschema.dll
0xFF530000 \Windows\System32\autochk.exe
0xFF990000 \Windows\System32\sechost.dll
0xFF920000 \Windows\System32\gdi32.dll
0xFF880000 \Windows\System32\msvcrt.dll
0xFF7E0000 \Windows\System32\clbcatq.dll
0xFF6B0000 \Windows\System32\rpcrt4.dll
0xFF6A0000 \Windows\System32\nsi.dll
0xFE910000 \Windows\System32\shell32.dll
0x77870000 \Windows\System32\psapi.dll
0x77580000 \Windows\System32\kernel32.dll
0xFE8E0000 \Windows\System32\imm32.dll
0xFE7D0000 \Windows\System32\msctf.dll
0xFE780000 \Windows\System32\ws2_32.dll
0x77480000 \Windows\System32\user32.dll
0xFE6B0000 \Windows\System32\usp10.dll
0xFE4D0000 \Windows\System32\setupapi.dll
0xFE4C0000 \Windows\System32\lpk.dll
0xFE2B0000 \Windows\System32\ole32.dll
0xFE130000 \Windows\System32\urlmon.dll
0xFE050000 \Windows\System32\advapi32.dll
0xFDFD0000 \Windows\System32\shlwapi.dll
0xFDD70000 \Windows\System32\iertutil.dll
0xFDCF0000 \Windows\System32\difxapi.dll
0xFDBC0000 \Windows\System32\wininet.dll
0xFDAE0000 \Windows\System32\oleaut32.dll
0xFDA40000 \Windows\System32\comdlg32.dll
0x77860000 \Windows\System32\normaliz.dll
0xFDA20000 \Windows\System32\imagehlp.dll
0xFD9D0000 \Windows\System32\Wldap32.dll
0xFD990000 \Windows\System32\cfgmgr32.dll
0xFD970000 \Windows\System32\devobj.dll
0xFD900000 \Windows\System32\KernelBase.dll
0xFD8C0000 \Windows\System32\wintrust.dll
0xFD820000 \Windows\System32\comctl32.dll
0xFD6B0000 \Windows\System32\crypt32.dll
0xFD6A0000 \Windows\System32\msasn1.dll
0x76E60000 \Windows\SysWOW64\normaliz.dll

Processes (total 72):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
356 csrss.exe
408 C:\Windows\System32\wininit.exe
420 csrss.exe
464 C:\Windows\System32\winlogon.exe
512 C:\Windows\System32\services.exe
520 C:\Windows\System32\lsass.exe
528 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\svchost.exe
720 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
376 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\spoolsv.exe
1228 C:\Windows\System32\svchost.exe
1316 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1368 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1432 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
1456 C:\Windows\System32\svchost.exe
1492 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
1548 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
1728 C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
1784 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
1936 C:\Windows\System32\taskhost.exe
1992 C:\Windows\System32\dwm.exe
2012 C:\Windows\explorer.exe
2056 C:\Program Files\DellTPad\Apoint.exe
2084 C:\Program Files (x86)\uTorrent\uTorrent.exe
2132 C:\Program Files\Logitech\Profiler 64\LWEMon.exe
2144 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
2164 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
2172 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
2392 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2412 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2428 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
2456 C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
2528 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2596 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2660 C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
2980 C:\Windows\System32\SearchIndexer.exe
3264 C:\Program Files\iPod\bin\iPodService.exe
3296 C:\Windows\System32\svchost.exe
3540 C:\Program Files\DellTPad\ApMsgFwd.exe
3592 C:\Program Files\DellTPad\ApntEx.exe
3600 C:\Program Files\DellTPad\hidfind.exe
3616 C:\Windows\System32\conhost.exe
3240 C:\Windows\System32\svchost.exe
3556 C:\Program Files\Windows Media Player\wmpnetwk.exe
3536 C:\Windows\System32\svchost.exe
1704 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
680 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
4684 C:\Windows\System32\conhost.exe
404 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
4860 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
5052 <unknown>
4388 <unknown>
1336 C:\Windows\System32\audiodg.exe
4868 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
3792 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
4136 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
3988 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
2360 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
4940 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
4824 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
1240 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
4428 C:\Users\Richard Por\Desktop\Downloads\MBRCheck.exe
1040 C:\Windows\System32\conhost.exe
848 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`73800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM160HI, Rev: HH100-11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

cxnguyen89 · 2010/12/23

DDS:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Richard Por at 16:12:43.87 on Thu 12/23/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.778 [GMT -5:00]

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Logitech\Profiler 64\LWEMon.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Richard Por\Desktop\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
uRun: [Google Update] "C:\Users\Richard Por\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe "
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler 64\lwemon.exe" /noui
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [PSNUpd] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\psnupd.exe" /UpgradeNotification
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
mRun: [PocketCloud Location] C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - C:\Users\Richard Por\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-12-23 83120]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);C:\Windows\System32\drivers\V0400Vid.sys [2010-5-13 242816]

=============== Created Last 30 ================

2010-12-23 20:26:08 -------- d-----w- C:\Users\RICHAR~1\AppData\Roaming\Avira
2010-12-23 20:22:10 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-12-23 20:21:44 -------- d-----w- C:\Program Files (x86)\Avira
2010-12-23 20:21:44 -------- d-----w- C:\PROGRA~3\Avira
2010-12-23 20:16:54 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 01:34:32 -------- d-----w- C:\Program Files (x86)\Wyse
2010-12-20 01:31:40 -------- d-----w- C:\Users\RICHAR~1\AppData\Local\Downloaded Installations
2010-12-09 16:57:03 815104 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2010-12-09 16:57:03 77824 ----a-w- C:\Windows\SysWow64\xvid.ax
2010-12-09 16:57:02 180224 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2010-12-09 16:57:02 -------- d-----w- C:\Program Files (x86)\Xvid
2010-12-01 04:02:25 -------- d-----w- C:\Program Files\iPod
2010-12-01 04:02:23 -------- d-----w- C:\Program Files\iTunes
2010-12-01 04:02:23 -------- d-----w- C:\Program Files (x86)\iTunes
2010-12-01 03:55:27 -------- d-----w- C:\Program Files\Bonjour
2010-12-01 03:55:27 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-11-24 03:19:37 -------- d-----w- C:\Program Files (x86)\Recycle
2010-11-24 03:19:16 331263 ----a-w- C:\Windows\LOOP.exe

==================== Find3M ====================

2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-10 22:04:44 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-10-07 17:36:16 96544 ----a-w- C:\Windows\System32\dnssd.dll
2010-10-07 17:36:16 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2010-10-07 17:36:16 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2010-10-07 17:36:16 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2010-10-07 17:23:02 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2010-10-07 17:23:02 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2010-10-07 17:23:02 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2010-10-07 17:23:02 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2010-09-28 20:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 20:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll

============= FINISH: 16:13:48.64 ===============

ATTACH:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 5/13/2010 4:01:03 AM
System Uptime: 12/23/2010 12:22:59 PM (4 hours ago)

Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | Microprocessor | 784/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 137 GiB total, 59.932 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.572 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
G: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_022F1028&REV_12\4&277C618&0&4BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_022F1028&REV_12\4&277C618&0&4BF0
Service:

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_022F1028&REV_12\4&277C618&0&4AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_022F1028&REV_12\4&277C618&0&4AF0
Service:

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_022F1028&REV_12\4&277C618&0&4CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_022F1028&REV_12\4&277C618&0&4CF0
Service:

==== System Restore Points ===================

RP43: 10/25/2010 3:26:26 PM - Scheduled Checkpoint
RP44: 11/1/2010 7:45:39 PM - Scheduled Checkpoint
RP45: 11/8/2010 10:56:36 AM - avast! Free Antivirus Setup
RP46: 11/8/2010 4:00:18 PM - avast! Free Antivirus Setup
RP47: 11/8/2010 4:10:28 PM - avast! Pro Antivirus Setup
RP48: 11/17/2010 2:39:47 PM - Scheduled Checkpoint
RP49: 11/25/2010 12:00:11 AM - Scheduled Checkpoint
RP50: 12/1/2010 11:02:46 PM - avast! Pro Antivirus Setup
RP51: 12/6/2010 10:52:43 PM - Removed Safari
RP52: 12/15/2010 5:26:26 PM - Scheduled Checkpoint
RP53: 12/19/2010 8:32:10 PM - Installed Microsoft Primary Interoperability Assemblies 2005
RP54: 12/19/2010 8:33:59 PM - Installed PocketCloud Windows Companion.
RP55: 12/23/2010 3:20:34 PM - Avira AntiVir Personal - 12/23/2010 15:19

==== Installed Programs ======================

µTorrent
Adobe Audition 1.5
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
AIM 7
AIM Toolbar
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Cisco Network Magic
DAEMON Tools Toolbar
DivX Setup
Download Updater (AOL LLC)
DVDVideoSoftTB Toolbar
Free Audio CD Burner version 1.4
Free Video to iPhone Converter version 3.0
Free YouTube to MP3 Converter version 3.7
FrostWire 4.20.6
Garmin Communicator Plugin
Garmin USB Drivers
Garmin VoiceStudio v2.10
Google Chrome
Java Auto Updater
Java(TM) 6 Update 20
Logitech Gaming Software 64
Malwarebytes' Anti-Malware
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVC80_x86_v2
Network Magic
PocketCloud Windows Companion
Pure Networks Platform
QuickTime
Reason 4.0
ReCycle v2.1
Skype Toolbars
Skype™ 4.2
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Windows Media Player Firefox Plugin
Xvid 1.2.1 final uninstall
Yahoo! BrowserPlus 2.9.8

==== Event Viewer Messages From Past Week ========

12/23/2010 3:24:52 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/23/2010 11:56:42 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/23/2010 11:56:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
12/23/2010 11:37:09 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/21/2010 1:31:21 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
12/21/2010 1:31:21 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
12/21/2010 1:31:18 AM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/21/2010 1:31:18 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
12/20/2010 7:37:17 PM, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
12/20/2010 10:23:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
12/19/2010 9:17:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD SmartWare Background Service service to connect.
12/19/2010 8:34:33 PM, Error: Service Control Manager [7030] - The Wyse PocketCloud service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/16/2010 10:43:12 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147024882

==== End Of File ===========================

broni · 2010/12/23

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

cxnguyen89 · 2010/12/23

COMBO FIX:

ComboFix 10-12-23.02 - Richard Por 12/23/2010 16:28:16.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.902 [GMT -5:00]
Running from: c:\users\Richard Por\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-23 21:34 . 2010-12-23 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-23 20:26 . 2010-12-23 20:26 -------- d-----w- c:\users\Richard Por\AppData\Roaming\Avira
2010-12-23 20:22 . 2010-12-13 13:40 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-23 20:22 . 2010-12-13 13:40 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-23 20:21 . 2010-12-23 20:21 -------- d-----w- c:\programdata\Avira
2010-12-23 20:21 . 2010-12-23 20:21 -------- d-----w- c:\program files (x86)\Avira
2010-12-23 20:16 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 01:34 . 2010-12-20 01:34 -------- d-----w- c:\program files (x86)\Wyse
2010-12-20 01:31 . 2010-12-20 01:31 -------- d-----w- c:\users\Richard Por\AppData\Local\Downloaded Installations
2010-12-09 16:57 . 2008-12-14 01:01 77824 ----a-w- c:\windows\SysWow64\xvid.ax
2010-12-09 16:57 . 2008-12-05 02:42 815104 ----a-w- c:\windows\SysWow64\xvidcore.dll
2010-12-09 16:57 . 2010-12-09 16:57 -------- d-----w- c:\program files (x86)\Xvid
2010-12-09 16:57 . 2008-12-05 02:46 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2010-12-01 04:02 . 2010-12-01 04:02 -------- d-----w- c:\program files\iPod
2010-12-01 04:02 . 2010-12-01 04:03 -------- d-----w- c:\program files\iTunes
2010-12-01 04:02 . 2010-12-01 04:03 -------- d-----w- c:\program files (x86)\iTunes
2010-12-01 03:55 . 2010-12-01 03:55 -------- d-----w- c:\program files\Bonjour
2010-12-01 03:55 . 2010-12-01 03:55 -------- d-----w- c:\program files (x86)\Bonjour
2010-11-24 03:19 . 2010-11-24 03:19 -------- d-----w- c:\program files (x86)\Recycle
2010-11-24 03:19 . 2004-02-07 06:48 331263 ----a-w- c:\windows\LOOP.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:08 . 2010-11-08 16:01 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 22:04 . 2010-11-10 22:04 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-07 17:36 . 2010-10-07 17:36 96544 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:36 . 2010-10-07 17:36 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 17:36 . 2010-10-07 17:36 237856 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 17:36 . 2010-10-07 17:36 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2010-10-07 17:23 . 2010-10-07 17:23 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2010-09-28 20:44 . 2010-09-28 20:44 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2010-09-28 20:44 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

------- Sigcheck -------

[-] 2010-05-13 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[-] 2010-05-13 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll

[-] 2010-05-13 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] . . c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[-] 2010-05-13 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] . . c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5} "= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 14:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5} "= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update "= "c:\users\Richard Por\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-13 136176]
"uTorrent "= "c:\program files (x86)\uTorrent\uTorrent.exe" [2010-09-28 328056]
"AlcoholAutomount "= "c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"Start WingMan Profiler "= "c:\program files\Logitech\Profiler 64\lwemon.exe" [2005-04-18 94208]
"DAEMON Tools Lite "= "c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"nmctxth "= "c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp "= "c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2010-07-09 472112]
"PSNUpd "= "c:\program files (x86)\Panda Security\Panda Cloud Antivirus\psnupd.exe" [2010-07-14 152896]
"DivXUpdate "= "c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"AppleSyncNotifier "= "c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"PocketCloud Location "= "c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2010-11-19 386560]
"avgnt "= "c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\DRIVERS\V0400Vid.sys [2010-01-04 242816]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-13 834544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2010-11-19 74240]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
.
Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3262449-3168069788-176425238-1000Core.job
- c:\users\Richard Por\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-13 08:41]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3262449-3168069788-176425238-1000UA.job
- c:\users\Richard Por\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-13 08:41]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2010-01-25 369152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs "=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Richard Por\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-23 16:37:39
ComboFix-quarantined-files.txt 2010-12-23 21:37

Pre-Run: 64,271,765,504 bytes free
Post-Run: 64,015,613,952 bytes free

- - End Of File - - 40FB81CC5A979F21B186EF9C1231831C

broni · 2010/12/23

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
FCopy::
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll | c:\windows\SysWOW64\user32.dll
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll | c:\windows\system32\user32.dll
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

cxnguyen89 · 2010/12/23

Combofix. txt

ComboFix 10-12-23.02 - Richard Por 12/23/2010 17:29:52.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1003 [GMT -5:00]
Running from: c:\users\Richard Por\Desktop\ComboFix.exe
Command switches used :: c:\users\Richard Por\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll --> c:\windows\SysWOW64\user32.dll
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --> c:\windows\system32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-23 22:36 . 2010-12-23 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-23 20:26 . 2010-12-23 20:26 -------- d-----w- c:\users\Richard Por\AppData\Roaming\Avira
2010-12-23 20:22 . 2010-12-13 13:40 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-23 20:22 . 2010-12-13 13:40 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-23 20:21 . 2010-12-23 20:21 -------- d-----w- c:\programdata\Avira
2010-12-23 20:21 . 2010-12-23 20:21 -------- d-----w- c:\program files (x86)\Avira
2010-12-23 20:16 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 01:34 . 2010-12-20 01:34 -------- d-----w- c:\program files (x86)\Wyse
2010-12-20 01:31 . 2010-12-20 01:31 -------- d-----w- c:\users\Richard Por\AppData\Local\Downloaded Installations
2010-12-09 16:57 . 2008-12-14 01:01 77824 ----a-w- c:\windows\SysWow64\xvid.ax
2010-12-09 16:57 . 2008-12-05 02:42 815104 ----a-w- c:\windows\SysWow64\xvidcore.dll
2010-12-09 16:57 . 2010-12-09 16:57 -------- d-----w- c:\program files (x86)\Xvid
2010-12-09 16:57 . 2008-12-05 02:46 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2010-12-01 04:02 . 2010-12-01 04:02 -------- d-----w- c:\program files\iPod
2010-12-01 04:02 . 2010-12-01 04:03 -------- d-----w- c:\program files\iTunes
2010-12-01 04:02 . 2010-12-01 04:03 -------- d-----w- c:\program files (x86)\iTunes
2010-12-01 03:55 . 2010-12-01 03:55 -------- d-----w- c:\program files\Bonjour
2010-12-01 03:55 . 2010-12-01 03:55 -------- d-----w- c:\program files (x86)\Bonjour
2010-11-24 03:19 . 2010-11-24 03:19 -------- d-----w- c:\program files (x86)\Recycle
2010-11-24 03:19 . 2004-02-07 06:48 331263 ----a-w- c:\windows\LOOP.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:08 . 2010-11-08 16:01 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 22:04 . 2010-11-10 22:04 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-07 17:36 . 2010-10-07 17:36 96544 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:36 . 2010-10-07 17:36 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 17:36 . 2010-10-07 17:36 237856 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 17:36 . 2010-10-07 17:36 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2010-10-07 17:23 . 2010-10-07 17:23 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2010-09-28 20:44 . 2010-09-28 20:44 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2010-09-28 20:44 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5} "= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 14:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5} "= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update "= "c:\users\Richard Por\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-13 136176]
"uTorrent "= "c:\program files (x86)\uTorrent\uTorrent.exe" [2010-09-28 328056]
"AlcoholAutomount "= "c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"Start WingMan Profiler "= "c:\program files\Logitech\Profiler 64\lwemon.exe" [2005-04-18 94208]
"DAEMON Tools Lite "= "c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"nmctxth "= "c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp "= "c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2010-07-09 472112]
"PSNUpd "= "c:\program files (x86)\Panda Security\Panda Cloud Antivirus\psnupd.exe" [2010-07-14 152896]
"DivXUpdate "= "c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"AppleSyncNotifier "= "c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"PocketCloud Location "= "c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2010-11-19 386560]
"avgnt "= "c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\DRIVERS\V0400Vid.sys [2010-01-04 242816]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-13 834544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2010-11-19 74240]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
.
Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3262449-3168069788-176425238-1000Core.job
- c:\users\Richard Por\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-13 08:41]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3262449-3168069788-176425238-1000UA.job
- c:\users\Richard Por\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-13 08:41]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2010-01-25 369152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Richard Por\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-23 17:38:47
ComboFix-quarantined-files.txt 2010-12-23 22:38
ComboFix2.txt 2010-12-23 21:37

Pre-Run: 64,071,790,592 bytes free
Post-Run: 64,012,177,408 bytes free

- - End Of File - - 036D5BC54FA5B726A1CC9841235D0932

broni · 2010/12/23

Good job

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

cxnguyen89 · 2010/12/23

The computer feels like its been fixed but I'm no computer genius! Thank you for the help so far. I have another computer with the same problems and I will probably be back for more help tomorrow. Here's the two files you asked for:

OTL:

OTL logfile created on: 12/23/2010 5:54:30 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Richard Por\Desktop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.74 Gb Total Space | 59.68 Gb Free Space | 43.65% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.57 Gb Free Space | 57.06% Space Free | Partition Type: NTFS
Drive E: | 6.89 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RICHARDPOR-PC | User Name: Richard Por | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/23 17:53:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Por\Desktop\Downloads\OTL.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/28 09:44:52 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/09/01 01:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

========== Modules (SafeList) ==========

MOD - [2010/12/23 17:53:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Por\Desktop\Downloads\OTL.exe
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/13 13:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/19 11:33:58 | 000,074,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe -- (WysePocketCloud)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pfc.sys -- (pfc)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/12/13 08:40:21 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/12/13 08:40:21 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/05/13 12:41:22 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/22 15:38:52 | 000,284,720 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/01/04 03:05:00 | 000,242,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0400Vid.sys -- (VF0400Vid) Live! Cam Notebook Pro (VF0400)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/07 13:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 13:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/13 13:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2005/04/12 07:21:54 | 000,061,824 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2005/04/12 07:21:54 | 000,008,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2005/04/12 07:21:52 | 000,029,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2005/04/12 07:21:52 | 000,015,872 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/01 18:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 79 D0 A8 A3 0D CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PocketCloud Location] C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe ()
O4 - HKLM..\Run: [PSNUpd] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\psnupd.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Profiler 64\lwemon.exe (Logitech Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Richard Por\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Richard Por\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/10/03 11:27:48 | 000,000,103 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - G:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/23 17:38:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/23 17:28:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/12/23 17:27:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/23 16:26:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/23 16:26:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/23 16:26:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/23 16:26:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/23 16:25:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/23 15:26:08 | 000,000,000 | ---D | C] -- C:\Users\Richard Por\AppData\Roaming\Avira
[2010/12/23 15:22:10 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/12/23 15:22:10 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/12/23 15:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/12/23 15:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/12/23 15:16:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/19 20:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wyse
[2010/12/19 20:31:40 | 000,000,000 | ---D | C] -- C:\Users\Richard Por\AppData\Local\Downloaded Installations
[2010/12/09 11:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2010/12/08 10:58:22 | 000,000,000 | ---D | C] -- C:\Users\Richard Por\Documents\FrostWire
[2010/11/30 23:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/30 23:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/30 23:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/30 22:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/30 22:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/11/23 22:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Recycle

========== Files - Modified Within 30 Days ==========

[2010/12/23 17:25:05 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3262449-3168069788-176425238-1000UA.job
[2010/12/23 16:23:25 | 003,997,850 | R--- | M] () -- C:\Users\Richard Por\Desktop\ComboFix.exe
[2010/12/23 15:24:19 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/23 15:16:54 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/23 14:45:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/23 11:30:45 | 1602,781,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/20 20:28:31 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/20 20:28:31 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/20 20:25:17 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3262449-3168069788-176425238-1000Core.job
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/13 08:40:21 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/12/13 08:40:21 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/12/08 11:47:19 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/08 11:47:19 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/08 11:47:19 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/08 11:31:44 | 000,019,963 | ---- | M] () -- C:\Users\Richard Por\Desktop\paper3.docx
[2010/12/08 00:13:30 | 000,011,611 | ---- | M] () -- C:\Users\Richard Por\Desktop\Piano.docx
[2010/11/30 23:03:46 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/30 22:54:03 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2010/11/23 22:19:40 | 000,000,932 | ---- | M] () -- C:\Users\Richard Por\Desktop\ReCycle.lnk

========== Files Created - No Company Name ==========

[2010/12/23 16:26:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/23 16:26:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/23 16:26:26 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/23 16:26:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/23 16:26:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/23 16:23:25 | 003,997,850 | R--- | C] () -- C:\Users\Richard Por\Desktop\ComboFix.exe
[2010/12/23 15:24:19 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/23 15:16:54 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/15 14:34:00 | 000,011,881 | ---- | C] () -- C:\Users\Richard Por\Desktop\Suicide Note.docx
[2010/12/09 11:57:03 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/09 11:57:03 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/12/09 11:57:02 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/08 11:31:41 | 000,019,963 | ---- | C] () -- C:\Users\Richard Por\Desktop\paper3.docx
[2010/12/06 21:16:55 | 000,011,611 | ---- | C] () -- C:\Users\Richard Por\Desktop\Piano.docx
[2010/11/30 23:03:46 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/23 22:19:40 | 000,000,932 | ---- | C] () -- C:\Users\Richard Por\Desktop\ReCycle.lnk
[2010/11/23 22:19:16 | 000,331,263 | ---- | C] () -- C:\Windows\LOOP.exe
[2010/05/13 15:54:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/27 00:45:40 | 000,000,680 | ---- | C] () -- C:\Users\Richard Por\AppData\Roaming\coreavc.ini

========== LOP Check ==========

[2010/05/13 00:52:43 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\acccore
[2010/08/24 20:51:12 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\BitZipper
[2010/08/24 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\DAEMON Tools Lite
[2010/05/16 21:39:53 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/12/19 12:51:49 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\FrostWire
[2010/07/13 22:11:18 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\GARMIN
[2010/06/16 09:28:01 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\Nokia
[2010/05/13 05:10:34 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\Panda Security
[2010/06/16 01:02:40 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\PC Suite
[2010/11/23 22:21:01 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\Propellerhead Software
[2010/12/23 17:55:44 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\uTorrent
[2010/05/13 03:40:46 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\Western Digital
[2010/07/07 22:47:23 | 000,000,000 | ---D | M] -- C:\Users\Richard Por\AppData\Roaming\Xilisoft Corporation
[2010/09/23 15:24:29 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/11/16 18:48:28 | 000,000,892 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/05/13 03:45:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/12/23 17:38:47 | 000,011,461 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/07/15 12:15:35 | 000,003,455 | RH-- | M] () -- C:\dell.sdr
[2010/12/23 11:30:45 | 1602,781,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/13 00:51:35 | 000,001,054 | -H-- | M] () -- C:\IPH.PH
[2010/06/17 11:17:01 | 000,000,356 | ---- | M] () -- C:\LGSInst.Log
[2008/07/15 09:38:11 | 000,026,927 | ---- | M] () -- C:\newfile.enc
[2008/07/15 09:38:11 | 000,026,927 | ---- | M] () -- C:\newkey
[2010/12/23 11:30:52 | 2137,042,944 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/13 03:39:36 | 000,000,221 | -HS- | M] () -- C:\Users\Richard Por\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/12/23 16:23:25 | 003,997,850 | R--- | M] () -- C:\Users\Richard Por\Desktop\ComboFix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/23 11:50:06 | 000,000,137 | ---- | M] () -- C:\Users\Richard Por\Favorites\.dat0e04.006
[2010/05/13 03:03:07 | 000,000,402 | -HS- | M] () -- C:\Users\Richard Por\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

cxnguyen89 · 2010/12/23

Extras:

OTL Extras logfile created on: 12/23/2010 5:54:30 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Richard Por\Desktop\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.74 Gb Total Space | 59.68 Gb Free Space | 43.65% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.57 Gb Free Space | 57.06% Space Free | Partition Type: NTFS
Drive E: | 6.89 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RICHARDPOR-PC | User Name: Richard Por | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{58BF5D14-CBCF-473C-B0E0-A7955A23224E}" = Logitech Gaming Software 64
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"Creative VF0400" = Creative Live! Cam Notebook Pro (VF0400) Driver (1.05.03.00)
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A63C62F3-2F5B-4B4C-937C-A49B059CBDCA}" = PocketCloud Windows Companion
"{AB4EDC19-3B5E-4838-80E7-92454323B0FE}" = Garmin VoiceStudio v2.10
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"FrostWire" = FrostWire 4.20.6
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{58BF5D14-CBCF-473C-B0E0-A7955A23224E}" = Logitech Gaming Software 64
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Network MagicUninstall" = Network Magic
"Reason4_is1" = Reason 4.0
"ReCycle v2.1" = ReCycle v2.1
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/18/2010 10:31:45 AM | Computer Name = RichardPor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 12/19/2010 10:16:06 AM | Computer Name = RichardPor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 12/19/2010 8:25:16 PM | Computer Name = RichardPor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 12/20/2010 11:20:16 AM | Computer Name = RichardPor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 12/20/2010 8:01:53 PM | Computer Name = RichardPor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 12/20/2010 10:36:11 PM | Computer Name = RichardPor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 12/23/2010 12:31:13 PM | Computer Name = RichardPor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 12/23/2010 3:45:25 PM | Computer Name = RichardPor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/23/2010 3:45:27 PM | Computer Name = RichardPor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3025873

Error - 12/23/2010 3:45:27 PM | Computer Name = RichardPor-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3025873

[ Media Center Events ]
Error - 8/28/2010 12:27:15 PM | Computer Name = RichardPor-PC | Source = MCUpdate | ID = 0
Description = 12:27:15 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 8/28/2010 12:27:16 PM | Computer Name = RichardPor-PC | Source = MCUpdate | ID = 0
Description = 12:27:16 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: An unexpected error occurred on a send.)

Error - 8/28/2010 12:27:16 PM | Computer Name = RichardPor-PC | Source = MCUpdate | ID = 0
Description = 12:27:16 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: An unexpected error occurred on a send.)

Error - 8/28/2010 12:27:16 PM | Computer Name = RichardPor-PC | Source = MCUpdate | ID = 0
Description = 12:27:16 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 8/28/2010 12:27:28 PM | Computer Name = RichardPor-PC | Source = MCUpdate | ID = 0
Description = 12:27:16 PM - Failed to retrieve Broadband (Error: The underlying
connection was closed: An unexpected error occurred on a send.)

Error - 8/29/2010 6:55:10 PM | Computer Name = RichardPor-PC | Source = MCUpdate | ID = 0
Description = 6:55:10 PM - Error connecting to the internet. 6:55:10 PM - Unable
to contact server..

Error - 8/29/2010 6:55:33 PM | Computer Name = RichardPor-PC | Source = MCUpdate | ID = 0
Description = 6:55:16 PM - Error connecting to the internet. 6:55:16 PM - Unable
to contact server..

Error - 8/30/2010 10:40:23 AM | Computer Name = RichardPor-PC | Source = MCUpdate | ID = 0
Description = 10:39:39 AM - Error connecting to the internet. 10:39:40 AM - Unable
to contact server..

Error - 8/31/2010 10:52:23 AM | Computer Name = RichardPor-PC | Source = MCUpdate | ID = 0
Description = 10:52:23 AM - Error connecting to the internet. 10:52:23 AM - Unable
to contact server..

Error - 8/31/2010 10:52:45 AM | Computer Name = RichardPor-PC | Source = MCUpdate | ID = 0
Description = 10:52:29 AM - Error connecting to the internet. 10:52:29 AM - Unable
to contact server..

[ System Events ]
Error - 12/23/2010 12:30:46 PM | Computer Name = RichardPor-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 12/23/2010 12:30:50 PM | Computer Name = RichardPor-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 12/23/2010 12:37:09 PM | Computer Name = RichardPor-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 12/23/2010 12:56:38 PM | Computer Name = RichardPor-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 12/23/2010 12:56:42 PM | Computer Name = RichardPor-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 12/23/2010 4:24:52 PM | Computer Name = RichardPor-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 12/23/2010 5:25:50 PM | Computer Name = RichardPor-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/23/2010 5:34:33 PM | Computer Name = RichardPor-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/23/2010 6:28:15 PM | Computer Name = RichardPor-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/23/2010 6:36:07 PM | Computer Name = RichardPor-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

< End of report >

broni · 2010/12/23

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

==============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

cxnguyen89 · 2010/12/23

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Richard Por
->Temp folder emptied: 115583 bytes
->Temporary Internet Files folder emptied: 13132663 bytes
->Java cache emptied: 7595653 bytes
->Google Chrome cache emptied: 393777286 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 23108 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 72513647 bytes

Total Files Cleaned = 465.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Public

User: Richard Por
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.18.0 log created on 12232010_223557

Files\Folders moved on Reboot...
C:\Users\Richard Por\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cxnguyen89 · 2010/12/23

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

broni · 2010/12/23

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

cxnguyen89 · 2010/12/23

I could not get the ESET to download virus database because it says the proxy isn't configured.

broni · 2010/12/23

Please run a BitDefender Online Scan

Disable your antivirus program.

Click Start Scanner button.

Click Start scan button

Allow browser plug-in to be installed when prompted.

Click I Agree to agree to the EULA.

Please refrain from using the computer until the scan is finished.

When the scan is finished, click on View log.

Notepad will open with scan results.

Save the report to your desktop and post its content in your next reply.

cxnguyen89 · 2010/12/24

QuickScan Beta 32-bit v0.9.9.63
-------------------------------
Scan date: Fri Dec 24 10:29:07 2010
Machine ID: 4C1DCDC4

No infection found.
-------------------

Processes
---------
(unsigned) Network Magic 2808 C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

(verified) AntiVir Desktop 1392 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(verified) DAEMON Tools Lite 2584 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(verified) DivX Update 2852 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(verified) Google Chrome 836 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3336 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3480 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3704 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3720 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3740 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3748 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3776 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3792 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3836 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4012 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4544 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4888 C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) iTunes 3012 C:\Program Files (x86)\iTunes\iTunesHelper.exe
(verified) Java(TM) Platform SE Auto Updater 2 0 348 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Pure Networks Platform 2756 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(verified) µTorrent 2400 C:\Program Files (x86)\uTorrent\uTorrent.exe

Network activity
----------------
Process chrome.exe (836) connected on port 80 (HTTP) --> 66.220.147.33
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.9
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.9
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.9
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.9
Process chrome.exe (836) connected on port 80 (HTTP) --> 74.125.227.14
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.9
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.9
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.247.21.229
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.247.21.229
Process chrome.exe (836) connected on port 443 (HTTP over SSL) --> 66.220.147.31
Process chrome.exe (836) connected on port 443 (HTTP over SSL) --> 69.192.2.110
Process chrome.exe (836) connected on port 443 (HTTP over SSL) --> 69.192.2.110
Process chrome.exe (836) connected on port 443 (HTTP over SSL) --> 69.192.2.110
Process chrome.exe (836) connected on port 443 (HTTP over SSL) --> 69.192.2.110
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.215.224.66
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.215.224.66
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.215.224.66
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.215.224.66
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.215.224.66
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.215.224.66
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.215.224.17
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.215.224.17
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.215.224.17
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.215.224.75
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.25
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.215.224.32
Process chrome.exe (836) connected on port 80 (HTTP) --> 74.125.227.27
Process chrome.exe (836) connected on port 80 (HTTP) --> 74.125.227.59
Process chrome.exe (836) connected on port 80 (HTTP) --> 74.125.227.19
Process chrome.exe (836) connected on port 80 (HTTP) --> 74.125.227.19
Process chrome.exe (836) connected on port 80 (HTTP) --> 74.125.227.41
Process chrome.exe (836) connected on port 80 (HTTP) --> 74.125.227.47
Process chrome.exe (836) connected on port 80 (HTTP) --> 66.220.158.11
Process chrome.exe (836) connected on port 80 (HTTP) --> 66.220.158.11
Process chrome.exe (836) connected on port 80 (HTTP) --> 66.220.158.11
Process chrome.exe (836) connected on port 80 (HTTP) --> 66.220.158.11
Process chrome.exe (836) connected on port 80 (HTTP) --> 66.220.151.74
Process chrome.exe (836) connected on port 80 (HTTP) --> 74.125.227.8
Process chrome.exe (836) connected on port 80 (HTTP) --> 72.14.235.100
Process chrome.exe (836) connected on port 443 (HTTP over SSL) --> 74.125.45.95
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.32
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.32
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.32
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.32
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.32
Process chrome.exe (836) connected on port 80 (HTTP) --> 174.76.224.32
Process chrome.exe (836) connected on port 443 (HTTP over SSL) --> 74.125.67.96
Process chrome.exe (836) connected on port 80 (HTTP) --> 66.40.145.200
Process chrome.exe (836) connected on port 443 (HTTP over SSL) --> 74.125.227.6
Process chrome.exe (836) connected on port 443 (HTTP over SSL) --> 74.125.157.132

Process uTorrent.exe (2400) listens on ports: 42875

Autoruns and critical files
---------------------------
(unsigned) Application C:\Users\Richard Por\AppData\Local\Google\Chrome\Application
(unsigned) Logitech WingMan Software C:\Program Files\Logitech\Profiler 64\lwemon.exe
(unsigned) Network Magic C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
(unsigned) QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
(unsigned) WyseBrowser C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe

(verified) Alcohol Virual Drive Auto-mount Service C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
(verified) AntiVir Desktop C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(verified) DAEMON Tools Lite C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(verified) DivX Update C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(verified) Google Update C:\Users\Richard Por\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
(verified) Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) MobileMe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
(verified) Panda Cloud Antivirus C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\psnupd.exe
(verified) Pure Networks Platform C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(verified) WD Drive Manager C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(verified) WD SmartWare C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(verified) Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verified) µTorrent C:\Program Files (x86)\uTorrent\uTorrent.exe

Browser plugins
---------------
(unsigned) Java(TM) Platform SE 6 U23 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

(verified) AIM Toolbar for Internet Explorer c:\program files (x86)\aim toolbar\aimtb.dll
(verified) BitDefender QuickScan C:\Users\Richard Por\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.63_0\npqscan.dll
(verified) BitDefender QuickScan C:\Users\Richard Por\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.63_0\npqslauncher.dll
(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
(verified) BrowserPlus (from Yahoo!) v2.9.8 C:\Users\Richard Por\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
(verified) Conduit Toolbar c:\program files (x86)\dvdvideosofttb\tbdvdv.dll
(verified) DivX Web Player C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
(verified) Foxit Reader Plugin for Mozilla C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
(verified) Garmin Communicator Plug-In C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
(verified) Google Update C:\Users\Richard Por\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
(verified) Java(TM) Platform SE 6 U23 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
(verified) NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
(verified) Skype Toolbars c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
(verified) ToolBand Module c:\program files (x86)\daemon tools toolbar\dttoolbar.dll
(verified) Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll

Scan
----
(unsigned) MD5: e5c796b621f6fba8616511063d7f0ffe C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(unsigned) MD5: 7488bce9f9c852f0931d29b0d76292bd C:\Program Files (x86)\Avira\AntiVir Desktop\ccgen.dll
(unsigned) MD5: e65e277c50bd5967b5e92c7744dba7bc C:\Program Files (x86)\Avira\AntiVir Desktop\ccguard.dll
(unsigned) MD5: 54ceee9d7aa46f3311d247bf57bbee36 C:\Program Files (x86)\Avira\AntiVir Desktop\cclic.dll
(unsigned) MD5: 400ab97179f05ba68b755d8971f262f2 C:\Program Files (x86)\Avira\AntiVir Desktop\ccmsg.dll
(unsigned) MD5: 7d541c5e5cdfb46d68ac60012c5d7acd C:\Program Files (x86)\Avira\AntiVir Desktop\ccupdate.dll
(unsigned) MD5: 47766f6b79a25af04ed3f6f2b02aa4cb C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll
(unsigned) MD5: 7464c6694036b42ba237eb723a34d0f4 C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll
(unsigned) MD5: b80933a7e3d63277a23f9882bf839db5 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
(unsigned) MD5: 6bcbed73231f5d30b92dee591b6679e9 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
(unsigned) MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
(unsigned) MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) MD5: ea8fcf30d2961369435c84ce3b3063f1 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) MD5: f46f1ebc3f9dc2559b24aeefc3d8206c C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
(unsigned) MD5: 5a7b88ea8c103d1d1519f193fe177df9 C:\Program Files (x86)\Pure Networks\Network Magic\nmapplb.dll
(unsigned) MD5: 4a98fdc9bc93e663bdb1b55f847cdce1 C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll
(unsigned) MD5: 66c91a227660d474dc1a8158631c0deb C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
(unsigned) MD5: 4facb6ce4087d2b816151d35e85bb3c9 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
(unsigned) MD5: ebe617e3c658f4bffb4e6254d658ce5f C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
(unsigned) MD5: 69581380e69c8dce30ede2a463c912ee C:\Program Files (x86)\QuickTime\QTTask.exe
(unsigned) MD5: 138ab06adbbf300aa804d7974a5aec82 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(unsigned) MD5: 0e3f365b1b6b73d44d69d66fc225e518 C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(unsigned) MD5: 93c37808063944859df25b81ca112a92 C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
(unsigned) MD5: 12eae4eeb77fa2cdee25cedc38e4d22d C:\Program Files\Logitech\Profiler 64\lwemon.exe
(unsigned) MD5: 334e5ed94d3faff3c44f4d36b1fe1c90 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(unsigned) MD5: f02c4aaa6ac913faab0eaa74ead94d9a C:\Users\Richard Por\AppData\Local\Google\Chrome\Application\8.0.552.224\gcswf32.dll
(unsigned) MD5: 444f122e68db44c0589227781f3c8b3f C:\Windows\system32\drivers\pfc.sys
(unsigned) MD5: 686b224b4987c22b153fbb545fee9657 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll

No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.03 MB sent, 0.36 KB recvd
Scanned 561 files and modules - 192 seconds

==============================================================================

Log in or Sign up

Solved Internet Explorer Ad Pops Up Constantly

cxnguyen89 Inactive Thread Starter

PeteC SuperGeek Staff

cxnguyen89 Inactive Thread Starter

cxnguyen89 Inactive Thread Starter

cxnguyen89 Inactive Thread Starter

cxnguyen89 Inactive Thread Starter

broni Moderator Malware Analyst

cxnguyen89 Inactive Thread Starter

broni Moderator Malware Analyst

cxnguyen89 Inactive Thread Starter

broni Moderator Malware Analyst

cxnguyen89 Inactive Thread Starter

cxnguyen89 Inactive Thread Starter

broni Moderator Malware Analyst

cxnguyen89 Inactive Thread Starter

cxnguyen89 Inactive Thread Starter

broni Moderator Malware Analyst

cxnguyen89 Inactive Thread Starter

broni Moderator Malware Analyst

cxnguyen89 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Internet Explorer Ad Pops Up Constantly

cxnguyen89 Inactive Thread Starter

PeteC SuperGeek Staff

cxnguyen89 Inactive Thread Starter

cxnguyen89 Inactive Thread Starter

cxnguyen89 Inactive Thread Starter

cxnguyen89 Inactive Thread Starter

broni Moderator Malware Analyst

cxnguyen89 Inactive Thread Starter

broni Moderator Malware Analyst

cxnguyen89 Inactive Thread Starter

broni Moderator Malware Analyst

cxnguyen89 Inactive Thread Starter

cxnguyen89 Inactive Thread Starter

broni Moderator Malware Analyst

cxnguyen89 Inactive Thread Starter

cxnguyen89 Inactive Thread Starter

broni Moderator Malware Analyst

cxnguyen89 Inactive Thread Starter

broni Moderator Malware Analyst

cxnguyen89 Inactive Thread Starter

Share This Page

Useful Searches