Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer stops responding


  • This topic is locked This topic is locked
26 replies to this topic

#1 Kenai

Kenai

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 03 November 2009 - 06:43 PM

Not sure what is causing it but ever since today my computer has had to be restarted twice because my toolbar freezes, then i can't open any folders or files from my desktop, and can't open task manager.

After having to restart at least 4 times within 2 hours I tried to sleep but couldn't, did a combofix because I just couldn't get over how annoying this was so I attached the log from it.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Tommy at 14:19:49.19 on Tue 11/03/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1618 [GMT -8:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\HostsMan\hm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\java.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tommy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mg2.mail.yahoo.com/dc/launch?.rand=39gnl8arvsmpe
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Livestream Procaster] "c:\program files\livestream procaster\Procaster.exe" -autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {1503B5E1-0606-4960-A098-F98B5435B4C5} = 192.168.0.1,192.168.0.40
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com (Virtus Designs)
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - component: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\justintvpublisher@justin.tv\platform\winnt_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\seetooaddon@seetoo.com\plugins\npSeeTooAddon.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\bdfndisf6.sys [2009-8-6 72200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-12-27 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 74480]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-4-1 82696]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-1-19 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-1-19 38296]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-27 73840]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 152328]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2008-12-27 95640]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-12-19 21920]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2009-7-26 31872]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-6-25 183880]

=============== Created Last 30 ================

2009-11-03 00:16:27 215104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2009-10-28 19:29:11 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 19:29:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-25 06:49:33 0 d-----w- c:\program files\Microsoft
2009-10-23 07:47:53 0 d-----w- c:\programdata\McAfee Security Scan
2009-10-23 07:47:52 0 d-----w- c:\program files\McAfee Security Scan
2009-10-23 01:47:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-10-19 20:53:39 0 d-----w- c:\windows\system32\vi-VN
2009-10-19 20:53:39 0 d-----w- c:\windows\system32\eu-ES
2009-10-19 20:53:39 0 d-----w- c:\windows\system32\ca-ES
2009-10-14 23:58:06 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-10-13 22:26:00 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-13 22:24:42 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-13 22:24:40 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-13 22:24:38 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-06 14:46:51 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-06 14:46:38 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-06 14:46:32 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-06 14:46:32 171608 ----a-w- c:\windows\system32\wuwebv.dll

==================== Find3M ====================

2009-11-03 22:10:45 34895 ----a-w- c:\programdata\nvModes.dat
2009-11-03 22:09:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-03 22:01:19 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-03 21:44:49 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-03 13:24:34 72200 ----a-w- c:\windows\system32\drivers\bdfndisf6.sys
2009-11-03 13:24:31 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-11-02 23:02:51 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-29 01:05:43 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-29 01:05:43 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-29 01:05:41 143360 ----a-w- c:\windows\inf\infstor.dat
2009-10-19 20:53:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-19 20:32:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-28 00:47:30 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-28 00:47:00 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-28 00:47:00 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-28 00:47:00 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-28 00:47:00 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-28 00:47:00 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-28 00:47:00 215656 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-28 00:47:00 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-28 00:47:00 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-28 00:47:00 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-28 00:46:00 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-28 00:46:00 13949544 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 23:12:22 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-27 23:12:22 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 23:12:22 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 23:12:22 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-09-27 23:12:22 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 23:12:22 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 23:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 23:12:22 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 23:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 23:12:22 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 23:12:22 10984 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-09-27 23:12:22 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-24 16:24:18 490088 ----a-w- c:\windows\system32\nvuninst.exe
2009-09-22 15:26:51 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-08-29 02:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 09:41:48 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-08-17 07:57:00 155648 ----a-w- c:\windows\system32\nvcod162.dll
2009-08-14 20:36:18 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-08 02:51:54 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-08 02:51:54 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2008-07-02 02:20:11 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2008-06-22 09:36:06 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-13 01:05:11 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-13 01:05:11 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-13 01:05:11 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-29 06:19:49 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-11-13 15:56:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:21:13.29 ===============


Tried twice to get rootrepeal to work but it just restarts my computer after about running for 10-15 minutes.

Attached Files


Edited by Kenai, 04 November 2009 - 06:14 AM.


BC AdBot (Login to Remove)

 


#2 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 07 November 2009 - 02:50 PM

I seem to have lost audio now. Some things will work, like music i have downloaded, but sounds like errors and things already on the computer won't play. Videos don't work either. IF I restart I get the same problem that I posted for, forcing me to run combofix, but this time combofix just hung at preparing the log report and wouldn't close. I had access to task manager so I had to end explorer and restart it.

Hello Kenai,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 07 November 2009 - 05:25 PM.


#3 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:02:31 PM

Posted 09 November 2009 - 11:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#4 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 10 November 2009 - 07:48 AM

DDS (Ver_09-10-26.01) - NTFSx86
Run by Tommy at 4:43:54.12 on Tue 11/10/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1835 [GMT -8:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HostsMan\hm.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Explorer.exe
C:\Program Files\Steam\steam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tommy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mg2.mail.yahoo.com/dc/launch?.rand=39gnl8arvsmpe
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Livestream Procaster] "c:\program files\livestream procaster\Procaster.exe" -autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {1503B5E1-0606-4960-A098-F98B5435B4C5} = 192.168.0.1,192.168.0.40
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com (Virtus Designs)
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - component: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\justintvpublisher@justin.tv\platform\winnt_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\seetooaddon@seetoo.com\plugins\npSeeTooAddon.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\bdfndisf6.sys [2009-8-6 72200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-12-27 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 74480]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-4-1 82696]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-1-19 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-1-19 38296]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-27 73840]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 152328]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2008-12-27 95640]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-12-19 21920]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2009-7-26 31872]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-6-25 183880]

=============== Created Last 30 ================

2009-11-08 07:53:26 0 d-----w- C:\ComboFix
2009-11-06 02:14:42 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-04 10:31:11 98816 ----a-w- c:\windows\sed.exe
2009-11-04 10:31:11 77312 ----a-w- c:\windows\MBR.exe
2009-11-04 10:31:11 161792 ----a-w- c:\windows\SWREG.exe
2009-11-03 00:16:27 215104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2009-10-28 19:29:11 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 19:29:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-25 06:49:33 0 d-----w- c:\program files\Microsoft
2009-10-23 07:47:53 0 d-----w- c:\programdata\McAfee Security Scan
2009-10-23 07:47:52 0 d-----w- c:\program files\McAfee Security Scan
2009-10-23 01:47:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-10-19 20:53:39 0 d-----w- c:\windows\system32\vi-VN
2009-10-19 20:53:39 0 d-----w- c:\windows\system32\eu-ES
2009-10-19 20:53:39 0 d-----w- c:\windows\system32\ca-ES
2009-10-13 22:26:00 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-13 22:24:42 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-13 22:24:40 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-13 22:24:38 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

==================== Find3M ====================

2009-11-10 10:24:51 34895 ----a-w- c:\programdata\nvModes.dat
2009-11-08 21:12:42 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-08 20:07:09 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-08 07:52:20 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-05 04:30:36 267264 ----a-w- c:\windows\PEV.exe
2009-11-03 13:24:34 72200 ----a-w- c:\windows\system32\drivers\bdfndisf6.sys
2009-11-03 13:24:31 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-11-02 23:02:51 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-29 01:05:43 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-29 01:05:43 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-29 01:05:41 143360 ----a-w- c:\windows\inf\infstor.dat
2009-10-19 20:53:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-19 20:32:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-28 00:47:30 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-28 00:47:00 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-28 00:47:00 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-28 00:47:00 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-28 00:47:00 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-28 00:47:00 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-28 00:47:00 215656 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-28 00:47:00 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-28 00:47:00 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-28 00:47:00 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-28 00:46:00 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-28 00:46:00 13949544 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 23:12:22 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-27 23:12:22 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 23:12:22 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 23:12:22 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-09-27 23:12:22 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 23:12:22 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 23:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 23:12:22 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 23:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 23:12:22 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 23:12:22 10984 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-09-27 23:12:22 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-24 16:24:18 490088 ----a-w- c:\windows\system32\nvuninst.exe
2009-09-22 15:26:51 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-08-29 02:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 09:41:48 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-08-17 07:57:00 155648 ----a-w- c:\windows\system32\nvcod162.dll
2009-08-14 20:36:18 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-07-02 02:20:11 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2008-06-22 09:36:06 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-13 01:05:11 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-13 01:05:11 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-13 01:05:11 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-11-13 15:56:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 4:45:20.80 ===============

Attached Files



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:31 PM

Posted 14 November 2009 - 02:31 AM

Hello Kenai,

And :( to the Bleeping Computer Malware Removal Forum
, My name is Elise. I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
Please be patient and I'd be grateful if you would note the following:
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem.


Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe, rename it to myscan.exe.
  • Double-click on myscan.exe to launch the program.
  • If that did not work, then try renaming and change the .exe extension in the same way as noted above.
  • Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.
If using Windows Vista, refer to How to Change a File Extension in Windows Vista.


In your next reply, please include the following:
  • MBAM log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 14 November 2009 - 12:39 PM

Malwarebytes' Anti-Malware 1.41
Database version: 3168
Windows 6.0.6002 Service Pack 2

11/14/2009 9:39:09 AM
mbam-log-2009-11-14 (09-39-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 573619
Time elapsed: 3 hour(s), 46 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:31 PM

Posted 14 November 2009 - 01:35 PM

Few questions here:

I see Bitdefender 2010 and PCTools firewall. Is Bitdefenders firewall also enabled? If so, please uninstall PCTools firewall. Two firewalls will fight each other for control and let malware slip unhindered in.

Do you still have the same issues as in your original post? Please explain me whats nor working right at the moment.

SUPERANTISPYWARE
-----------------------------
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 14 November 2009 - 05:42 PM

Haven't run those scans yet, but my problem is every time i restart my whole computer freezes. IF I run combofix it deletes something called logishrd.dll every time after a restart and then it no longer freezes my computer.

I will get the results of those scans back as soon as I can though. I might have to run combofix after restarting though so my computer can run. I have run superantispyware before in safe mode and it keeps getting 2 tracking malware after every restart.

About bitdefender, I never payed for the full thing so i don't know if the firewall installed or not but the free trial ran out so I am not sure if it is still running the firewall or if it had even installed it in the first place. I have tried to close bitdefender before recently but it keeps telling me I need administrator to close it if i try to ends its process. It doesn't show up as a task in the task manager and I can't right click the icon in the corner on the task bar.

Also recently, if i ran combofix it seems the freezing changed to just my computer itself somehow dropping my internet connection for about 5-10 seconds. It makes it impossible to watch anything in one go, stream live video, or play any of my games. Sometimes I can fix it but I don't really know what is wrong. I use a router but it does it either way when its plugged directly into the modem or not. It doesn't effect wireless connections, not even wired connections so something is on my computer is happening every 15-20 minutes and causes me to lose the connection for a few seconds.

Edited by Kenai, 14 November 2009 - 06:14 PM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:31 PM

Posted 15 November 2009 - 04:48 AM

If you are NOT able to complete the steps I asked you to do, just let me know, do not try to fix things on your own!

I asked you before NOT to run any tools on your own. Especially not Combofix

You risk doing irrepairable damage to your OS by doing so. Combofix is way too powerful to just run when you feel like it and any damage done that way is on your account. In other words, you will not have any support when trying to get things back.

If you run Combofix when asked and something goes wrong, you will have the assurance someone qualified will help you get things back in workin order.

For now, delete your old copy of Combofix and follow the steps below!!

COMBOFIX
---------------
Please download ComboFix from one of these locations:Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 15 November 2009 - 05:19 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/15/2009 at 06:23 AM

Application Version : 4.30.1004

Core Rules Database Version : 4274
Trace Rules Database Version: 2154

Scan type : Complete Scan
Total Scan Time : 01:05:09

Memory items scanned : 293
Memory threats detected : 0
Registry items scanned : 8734
Registry threats detected : 0
File items scanned : 54784
File threats detected : 22

Adware.Tracking Cookie
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\tommy@atdmt[9].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@media.expedia[2].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@2o7[1].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@ad.yieldmanager[2].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@serving-sys[2].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@hitbox[2].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@media6degrees[2].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@at.atwola[1].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@ehg-wastemanagement.hitbox[1].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@wastemanagement.122.2o7[1].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@atdmt[2].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@ads.cheapflights[2].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@richmedia.yahoo[2].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommy@mediamall.wireless.att[1].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\tommy@2o7[1].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\tommy@atdmt[5].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\tommy@atdmt[2].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\tommy@atdmt[6].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\tommy@atdmt[3].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\tommy@atdmt[7].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\tommy@atdmt[4].txt
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Cookies\tommy@atdmt[8].txt


I did this around 5 AM and got back to my computer around 2:15pm. My computer had restarted on its own so I don't know is superantispyware did anything itself or someone in my house just restarted the computer. I do notice though that my computer hasn't frozen up though. Since it hasn't frozen yet I have not downloaded and ran combofix, as per you warning against not using it if not needed or told to. Do you still want me to do this?

Edited by Kenai, 15 November 2009 - 05:20 PM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:31 PM

Posted 16 November 2009 - 02:46 AM

Good to hear everything runs better. :(

Yes, I want to see a Combofix log. I need to see if that file you mentioned is still detected. So please delete your old copy first, download a new one and run it.

Do you have any Logitech hardware?

Please post me the Combofix log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 16 November 2009 - 07:27 PM

Is there a way to get the log if it wasn't saved after a restart? I let it run on its own and went to bed and when i woke up I assume the computer had restarted on its own but there was no log. I think someone in my house once again closed it without asking me.

I notice that bitdefender is still running on my taskbar and in my processes tab in task manager even though i went to msconfig and made sure it didn't start when the computer gets turned on. I can't end its process either. "The operation could not be completed. Access is denied." I am on the Vista and on the only account for this computer and its the admin account.

Computer randomly drops my internet again now. Still something with the computer nothing else connected wirelessly loses internet but this one.

Found the log


ComboFix 09-11-16.05 - Tommy 11/16/2009 7:10.11.2 - FAT32x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2150 [GMT -8:00]
Running from: c:\users\Tommy\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-16 15:26 . 2009-11-16 15:30 4096 d-----w- c:\users\Tommy\AppData\Local\temp
2009-11-16 15:26 . 2009-11-16 15:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-16 15:26 . 2009-11-16 15:26 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-11-16 15:26 . 2009-11-16 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-14 11:05 . 2009-09-01 02:16 52224 ----a-w- c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
2009-11-14 11:05 . 2009-09-01 02:16 114688 ----a-w- c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\npmozax.dll
2009-11-13 23:10 . 2009-11-13 23:10 -------- d-----w- c:\users\Tommy\AppData\Local\Apple
2009-11-13 13:24 . 2009-11-13 13:24 4096 d-----w- c:\program files\Microsoft SharedView
2009-11-13 09:13 . 2009-11-13 09:13 -------- d-----w- c:\users\Tommy\AppData\Local\Apple Computer
2009-11-13 07:20 . 2009-11-13 07:20 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-12 01:05 . 2009-11-12 01:05 -------- d-----w- c:\program files\PFPortChecker
2009-11-11 03:56 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 03:56 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-09 21:54 . 2009-03-09 23:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-11-09 21:54 . 2009-03-09 23:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-11-09 21:54 . 2009-03-16 22:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-11-09 21:54 . 2009-03-16 22:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-11-09 21:54 . 2009-03-09 23:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-11-09 21:54 . 2009-03-16 22:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-11-09 21:54 . 2008-10-15 14:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-11-09 21:54 . 2008-10-15 14:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-11-09 21:54 . 2008-10-15 14:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-11-08 23:08 . 2009-11-08 23:43 54179488 ----a-w- c:\programdata\Xfire\downloads\Fallout3_1.7_English_US.exe
2009-11-06 02:14 . 2009-11-06 02:14 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-10-29 09:38 . 2009-10-29 09:38 138240 ----a-w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-10-29 09:38 . 2009-10-29 09:38 138240 ----a-w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-10-29 09:38 . 2009-10-29 09:38 138240 ----a-w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-10-29 09:38 . 2009-10-29 09:38 138240 ----a-w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-10-28 19:29 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 19:29 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-25 06:49 . 2009-10-25 06:49 -------- d-----w- c:\program files\Microsoft
2009-10-23 07:47 . 2009-11-04 07:01 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-23 07:47 . 2009-10-23 07:47 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-19 20:53 . 2009-10-19 20:53 -------- d-----w- c:\windows\system32\ca-ES
2009-10-19 20:53 . 2009-10-19 20:53 -------- d-----w- c:\windows\system32\eu-ES
2009-10-19 20:53 . 2009-10-19 20:53 -------- d-----w- c:\windows\system32\vi-VN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 15:29 . 2009-09-27 07:21 34895 ----a-w- c:\programdata\nvModes.dat
2009-11-16 15:29 . 2007-11-13 16:16 4096 d-----w- c:\programdata\NVIDIA
2009-11-16 15:28 . 2009-07-03 12:16 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-16 15:08 . 2008-02-23 21:42 40960 d-----w- c:\program files\Steam
2009-11-15 19:50 . 2009-09-30 16:07 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-11-15 12:04 . 2009-08-01 22:11 117760 ----a-w- c:\users\Tommy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-12 15:27 . 2009-11-12 15:27 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys.upd
2009-11-12 15:26 . 2009-11-12 15:26 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys.upd
2009-11-12 11:45 . 2009-08-01 22:09 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-11-12 08:50 . 2008-02-19 22:38 4096 d-----w- c:\users\Tommy\AppData\Roaming\Xfire
2009-11-11 11:24 . 2008-02-19 22:38 4096 d-----w- c:\programdata\Xfire
2009-11-11 11:24 . 2008-02-19 22:38 12288 d-----w- c:\program files\Xfire
2009-11-11 11:22 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-08 21:12 . 2008-02-20 01:51 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-08 20:07 . 2008-02-20 01:52 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-08 10:00 . 2007-11-13 16:12 12288 d--h--w- c:\program files\InstallShield Installation Information
2009-11-04 07:01 . 2008-05-29 07:05 4096 d-----w- c:\users\Tommy\AppData\Roaming\uTorrent
2009-11-04 07:01 . 2008-02-20 02:55 4096 d-----w- c:\users\Tommy\AppData\Roaming\teamspeak2
2009-11-04 07:01 . 2008-05-29 07:05 -------- d-----w- c:\program files\uTorrent
2009-11-04 07:01 . 2008-12-27 23:23 12288 d-----w- c:\program files\PC Tools Firewall Plus
2009-11-03 13:24 . 2009-08-06 23:34 72200 ----a-w- c:\windows\system32\drivers\bdfndisf6.sys
2009-11-03 13:24 . 2009-06-29 21:12 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-11-02 23:02 . 2008-02-20 01:51 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-01 22:28 . 2008-02-23 21:42 -------- d-----w- c:\program files\Common Files\Steam
2009-10-29 09:38 . 2008-12-28 00:38 4096 d-----w- c:\program files\SystemRequirementsLab
2009-10-29 09:38 . 2008-12-28 00:38 8192 d-----w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab
2009-10-24 01:43 . 2008-05-07 21:15 4096 d-----w- c:\program files\Common Files\Adobe
2009-10-23 01:47 . 2009-10-23 01:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-10-19 20:54 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-10-19 20:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-19 20:54 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-10-19 20:54 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-10-19 20:54 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-10-19 20:54 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-10-19 20:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-16 16:54 . 2008-11-22 00:12 4096 d-----w- c:\users\Tommy\AppData\Roaming\Skype
2009-10-16 15:06 . 2008-11-22 00:14 -------- d-----w- c:\users\Tommy\AppData\Roaming\skypePM
2009-10-14 10:02 . 2007-11-13 16:30 28672 d-----w- c:\program files\Microsoft Works
2009-10-09 12:37 . 2008-10-13 11:14 4096 d-----w- c:\program files\AutoHotkey
2009-10-08 03:26 . 2009-07-16 06:01 4096 d-----w- c:\users\Tommy\AppData\Roaming\vlc
2009-10-05 11:04 . 2009-10-05 11:01 4096 d-----w- c:\users\Tommy\AppData\Roaming\Winamp
2009-10-05 11:02 . 2009-10-05 11:01 4096 d-----w- c:\program files\Winamp
2009-09-28 00:47 . 2009-09-28 00:47 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-28 00:47 . 2009-09-28 00:47 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-28 00:47 . 2009-09-28 00:47 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-28 00:47 . 2009-09-28 00:47 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-28 00:47 . 2009-09-28 00:47 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-28 00:47 . 2009-09-28 00:47 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-28 00:47 . 2009-09-28 00:47 215656 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-28 00:47 . 2009-09-28 00:47 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-28 00:47 . 2009-09-28 00:47 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-28 00:47 . 2009-09-28 00:47 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-28 00:46 . 2009-09-28 00:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-28 00:46 . 2009-09-28 00:46 13949544 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 23:12 . 2009-09-27 23:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-27 23:12 . 2009-09-27 23:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 23:12 . 2009-09-27 23:12 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-09-27 23:12 . 2009-09-27 23:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 23:12 . 2009-09-27 23:12 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 23:12 . 2009-09-27 23:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 23:12 . 2009-09-27 23:12 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 23:12 . 2009-09-27 23:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 23:12 . 2009-09-27 23:12 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 23:12 . 2009-09-27 23:12 10984 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-09-27 23:12 . 2008-07-26 04:48 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 23:12 . 2007-11-13 16:12 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 07:16 . 2009-09-27 07:16 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-27 07:14 . 2008-02-23 19:18 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-27 07:14 . 2008-09-11 01:37 12288 d-----w- c:\program files\AGEIA Technologies
2009-09-27 06:54 . 2009-09-27 06:54 290816 ----a-w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-09-27 06:54 . 2009-09-27 06:54 290816 ----a-w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-09-27 06:54 . 2009-09-27 06:54 290816 ----a-w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-09-27 06:54 . 2009-09-27 06:54 290816 ----a-w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-09-26 04:19 . 2009-09-26 04:19 138240 ----a-w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_13_0_d.dll
2009-09-26 04:19 . 2009-09-26 04:19 138240 ----a-w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_13_0_c.dll
2009-09-26 04:19 . 2009-09-26 04:19 138240 ----a-w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_13_0_b.dll
2009-09-26 04:19 . 2009-09-26 04:19 138240 ----a-w- c:\users\Tommy\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_13_0_a.dll
2009-09-24 16:24 . 2007-08-28 08:59 490088 ----a-w- c:\windows\system32\nvuninst.exe
2009-09-22 15:26 . 2009-06-29 21:12 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-09-22 01:48 . 2008-10-26 18:24 -------- d-----w- c:\users\Tommy\AppData\Roaming\Apple Computer
2009-09-22 01:45 . 2009-09-22 01:44 4096 d-----w- c:\program files\iTunes
2009-09-22 01:45 . 2009-09-22 01:44 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 01:44 . 2009-09-22 01:44 -------- d-----w- c:\program files\iPod
2009-09-22 01:44 . 2008-10-26 18:14 -------- d-----w- c:\program files\Common Files\Apple
2009-09-22 01:44 . 2008-10-26 18:14 -------- d-----w- c:\programdata\Apple Computer
2009-09-22 01:42 . 2009-09-22 01:41 4096 d-----w- c:\program files\QuickTime
2009-09-22 01:30 . 2009-09-22 01:30 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-20 05:02 . 2009-09-20 05:02 8192 d-----w- c:\program files\Livestream Procaster
2009-09-20 04:42 . 2008-03-18 20:37 2032 ----a-w- c:\users\Tommy\AppData\Local\d3d9caps.dat
2009-09-14 09:29 . 2009-10-13 22:24 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 22:54 . 2008-12-26 21:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 22:53 . 2008-12-26 21:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 18:17 . 2009-09-10 18:17 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbAF7B.tmp.exe
2009-09-10 16:48 . 2009-10-13 22:26 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 03:02 . 2009-09-10 03:02 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5FC8.tmp.exe
2009-09-08 19:45 . 2009-09-08 19:48 38208 ----a-w- c:\users\Tommy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-08 19:45 . 2009-09-08 19:46 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-05 01:44 . 2009-11-14 01:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-05 01:44 . 2009-11-14 01:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-05 01:44 . 2009-11-14 01:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-22 15:23 . 2009-08-27 00:08 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2007-11-13 15:56 . 2007-11-13 15:51 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot_2009-11-11_22.52.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-14 01:40 . 2008-10-27 18:04 70992 c:\windows\System32\XAPOFX1_2.dll
- 2009-11-09 21:54 . 2008-10-15 15:03 70992 c:\windows\System32\XAPOFX1_2.dll
- 2009-09-08 19:48 . 2008-07-31 17:41 68616 c:\windows\System32\XAPOFX1_1.dll
+ 2009-11-14 01:40 . 2008-07-31 18:41 68616 c:\windows\System32\XAPOFX1_1.dll
+ 2009-11-14 01:40 . 2008-10-27 18:04 23376 c:\windows\System32\X3DAudio1_5.dll
- 2009-11-09 21:54 . 2008-10-15 15:03 23376 c:\windows\System32\X3DAudio1_5.dll
+ 2007-11-13 16:08 . 2009-11-16 15:30 69656 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-16 15:30 72012 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-02-19 21:46 . 2009-11-16 15:30 15040 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-543014975-2786251972-929394339-1001_UserData.bin
- 2008-02-19 21:42 . 2009-11-11 22:52 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-02-19 21:42 . 2009-11-16 15:29 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-19 21:42 . 2009-11-11 22:52 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-02-19 21:42 . 2009-11-16 15:29 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-14 01:39 . 2009-11-14 01:39 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-11-14 01:39 . 2009-11-14 01:39 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-11-11 22:51 . 2009-11-11 22:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-16 15:28 . 2009-11-16 15:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-16 15:28 . 2009-11-16 15:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-11 22:51 . 2009-11-11 22:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-09 21:54 . 2008-10-15 15:03 514384 c:\windows\System32\XAudio2_3.dll
+ 2009-11-14 01:40 . 2008-10-27 18:04 514384 c:\windows\System32\XAudio2_3.dll
- 2009-09-08 19:48 . 2008-07-31 17:40 509448 c:\windows\System32\XAudio2_2.dll
+ 2009-11-14 01:40 . 2008-07-31 18:40 509448 c:\windows\System32\XAudio2_2.dll
- 2009-11-09 21:54 . 2008-10-15 15:03 235856 c:\windows\System32\xactengine3_3.dll
+ 2009-11-14 01:40 . 2008-10-27 18:04 235856 c:\windows\System32\xactengine3_3.dll
+ 2009-11-14 01:40 . 2008-07-31 18:41 238088 c:\windows\System32\xactengine3_2.dll
- 2009-11-09 21:54 . 2008-07-30 14:20 238088 c:\windows\System32\xactengine3_2.dll
- 2006-11-02 10:33 . 2009-11-11 22:59 598350 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-16 15:36 598350 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-11 22:59 101988 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-11-16 15:36 101988 c:\windows\System32\perfc009.dat
+ 2009-11-14 01:40 . 2009-09-05 01:29 235344 c:\windows\System32\d3dx11_42.dll
+ 2009-11-14 01:40 . 2009-09-05 01:29 453456 c:\windows\System32\d3dx10_42.dll
+ 2008-02-19 21:42 . 2009-11-16 15:29 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-02-19 21:42 . 2009-11-11 22:52 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-13 13:24 . 2009-11-13 13:24 974336 c:\windows\Installer\b0f4d2.msi
+ 2009-11-14 01:39 . 2009-11-14 01:39 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-11-14 01:40 . 2009-11-14 01:40 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-11-14 01:40 . 2009-11-14 01:40 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-11-14 01:40 . 2009-11-14 01:40 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-11-14 01:40 . 2009-11-14 01:40 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 01:40 . 2009-11-14 01:40 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 01:39 . 2009-11-14 01:39 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 01:39 . 2009-11-14 01:39 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 01:39 . 2009-11-14 01:39 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 01:39 . 2009-11-14 01:39 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 01:39 . 2009-11-14 01:39 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 01:39 . 2009-11-14 01:39 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 01:39 . 2009-11-14 01:39 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 01:39 . 2009-11-14 01:39 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-11-14 01:40 . 2009-09-05 01:29 1892184 c:\windows\System32\D3DX9_42.dll
+ 2009-11-14 01:40 . 2009-09-05 01:29 5501792 c:\windows\System32\d3dcsx_42.dll
+ 2009-11-14 01:40 . 2009-09-05 01:29 1974616 c:\windows\System32\D3DCompiler_42.dll
+ 2008-02-19 22:11 . 2009-11-16 15:27 3495048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-02-19 22:11 . 2009-11-11 11:22 3495048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-11-09 21:54 . 2009-11-09 21:54 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 01:39 . 2009-11-14 01:39 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-09 21:54 . 2009-11-09 21:54 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-14 01:39 . 2009-11-14 01:39 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-12 2001648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-04-13 2652056]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2009-05-20 221184]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-08 1511424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 15:12 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Caledos Wallpaper (startup).lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Caledos Wallpaper (startup).lnk
backup=c:\windows\pss\Caledos Wallpaper (startup).lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WeGame.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WeGame.lnk
backup=c:\windows\pss\WeGame.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Tommy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk]
path=c:\users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:f0,35,e9,e6,fe,50,ca,01

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\System32\drivers\bdfndisf6.sys [8/6/2009 3:34 PM 72200]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [12/27/2008 3:24 PM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 9:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 9:53 AM 74480]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [4/1/2009 10:25 AM 82696]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [9/3/2006 10:32 AM 208896]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [1/19/2009 4:01 PM 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [1/19/2009 4:02 PM 38296]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [12/27/2008 3:24 PM 73840]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [9/27/2009 3:48 PM 240232]
R3 BDFM;BDFM;c:\windows\System32\drivers\bdfm.sys [6/29/2009 1:12 PM 152328]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [12/27/2008 3:23 PM 95640]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 9:53 AM 7408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [12/19/2007 12:09 AM 21920]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\System32\drivers\superwebcam.sys [7/26/2009 12:45 PM 31872]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [5/10/2006 9:13 AM 29696]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 11:43 AM 204800]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [6/25/2009 3:04 PM 183880]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-11-16 c:\windows\Tasks\User_Feed_Synchronization-{B213D993-DC23-4111-ACBE-1D2D4BE08E56}.job
- c:\windows\system32\msfeedssync.exe [2009-10-13 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg2.mail.yahoo.com/dc/launch?.rand=39gnl8arvsmpe
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {1503B5E1-0606-4960-A098-F98B5435B4C5} = 192.168.0.1,192.168.0.40
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com (Virtus Designs)
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsharedview.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\extensions\seetooaddon@seetoo.com\plugins\npSeeTooAddon.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-16 07:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-543014975-2786251972-929394339-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A27DB33D-AACD-21A9-A864-0CC56008E48A}*]
"haiofilpaeobidai"=hex:63,62,64,6a,69,6f,6f,63,6b,65,64,68,6b,6a,69,63,63,6d,
66,6e,66,65,67,6a,66,6c,6c,6e,62,67,6f,61,63,63,6e,6d,61,67,00,00
"iaonpbpkbmoomjpfgk"=hex:63,62,64,6a,69,6f,6f,63,6b,65,64,68,6b,6a,69,63,62,6d,
62,6e,67,66,6b,6a,63,6a,69,68,68,64,6f,66,63,67,6f,66,63,70,00,00

[HKEY_USERS\S-1-5-21-543014975-2786251972-929394339-1001\Software\SecuROM\License information*]
"datasecu"=hex:13,d3,cb,18,f9,40,45,5d,c7,3b,d9,f4,2c,74,df,c0,4c,26,4b,16,4a,
1e,be,66,c3,94,24,32,3a,a3,5e,fa,6a,16,14,ba,9e,55,96,67,ad,ea,db,8f,37,f4,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5456)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\BitDefender\BitDefender 2010\bdagent.exe
c:\program files\HostsMan\hm.exe
c:\program files\BitDefender\BitDefender 2010\seccenter.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-11-16 07:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-16 15:46
ComboFix2.txt 2009-11-13 10:30
ComboFix3.txt 2009-11-12 08:03
ComboFix4.txt 2009-11-11 23:13
ComboFix5.txt 2009-11-16 15:09

Pre-Run: 231,251,501,056 bytes free
Post-Run: 231,535,087,616 bytes free

- - End Of File - - 99AFDD64D08E2427F1A3818D0BCF23A3

Edited by Kenai, 16 November 2009 - 10:56 PM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:31 PM

Posted 17 November 2009 - 03:13 AM

Hello again :(

The combofix log can be found at c:\combofix.txt

Lets see if we can get rid of that file that keeps showing up and of those BitDefender leftovers.

TFC
--------
Download TFC by OldTimer to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.
Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

NOTE:
It's normal after running TFC cleaner that the PC will be slower to boot the first time.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.



Now please uninstall BitDefender Internet Security using Add/Remove programs (click start > run, type appwiz.cpl and press enter, look in the list for BitDefender).


If you were able to uninstall Bitdefender, please re-run Combofix and post me the log. If you were not able to uninstall, please let me know.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 18 November 2009 - 03:44 AM

I uninstalled bitdefender successfully and Ran TFC and everything went accordingly. Deleted over 1300 mb's worth of stuff. I posted the combo fix from before on the post above yours.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:31 PM

Posted 18 November 2009 - 03:48 AM

Computer randomly drops my internet again now. Still something with the computer nothing else connected wirelessly loses internet but this one.

Is this still happening?

Please let me know at this oint what other problems you have.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users