Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJack This Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 blufreak

blufreak

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 09 July 2010 - 05:25 PM

[EDITED TO INCLUDE DDS & GMER RESULTS]

i have tried to use several antivirus/spyware programs including Avast, Microsoft Essentials and Spybot all with fully up to date definitions and also have Spyware Blaster immunization, all to no avail on this one.

Noticed when using google.com to search. Firefox url bar briefly displayed results5.google........ on a bit of searching i checked my DNS list via ipconfig/displaydns and got around 20+ results, almost all of them looking very uspect including various "porn" addresses.

After flushing the dns list by both ipconfig and CCleaner they are still present leading me to believe that something somewhere on my pc is actively replacing them.

Strangely i can now no longer detect my own router via wireless scan using that system, all other systems on the network are fine and not affected. The router however had been and also had its DNS IP's changed.

Hopefully thats enough info for you guys to figurere out what the hell is plaguing me lol, so heres the HiJack This log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:50:59, on 09/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.tvcatchup.com
O15 - Trusted Zone: *.tvcatchup.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15112/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TunerFreeMCEService - Unknown owner - C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5535 bytes



GMER Results:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-10 00:12:56
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Tigger\AppData\Local\Temp\pxldapow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A38AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A38104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A383F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A20FB4
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A381DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A38958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A386F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A38F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A391A8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8E43CB9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8E43C9C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8E43CAFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A98599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABCF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwLoadDriver 82BF6279 2 Bytes JMP 8E43CAFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwLoadDriver + 3 82BF627C 4 Bytes [84, 0B, CC, CC] {TEST [EBX], CL; INT 3 ; INT 3 }
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C5DFA7 5 Bytes JMP 8E4385B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82C77CA7 5 Bytes JMP 8E439FD2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 82C85D23 7 Bytes JMP 8E43C9C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82D2FEAA 7 Bytes JMP 8E43CBA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? System32\drivers\qrdfcof.sys The system cannot find the path specified. !
.text bridge.sys 941BF494 519 Bytes [8B, FF, 55, 8B, EC, 81, EC, ...]
.text peauth.sys 99613C9D 28 Bytes [C4, 12, 4E, 82, 44, 8A, B1, ...]
.text peauth.sys 99613CC1 28 Bytes [C4, 12, 4E, 82, 44, 8A, B1, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[712] USER32.dll!TrackPopupMenu 77594B3B 5 Bytes JMP 666805FE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1412] ntdll.dll!LdrLoadDll 7745F625 5 Bytes JMP 001613F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc01ce24
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc01ce24@804c24000839 0x6B 0x68 0xF8 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc01ce24 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc01ce24@804c24000839 0x6B 0x68 0xF8 0x46 ...

---- EOF - GMER 1.0.15 ----


DDS Results:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Tigger at 0:06:00.90 on 10/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2048.1356 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Users\Tigger\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: tvcatchup.com
Trusted Zone: tvcatchup.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\tigger\appdata\roaming\mozilla\firefox\profiles\14pmxrx7.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59563&p=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\tigger\appdata\roaming\mozilla\firefox\profiles\14pmxrx7.default\extensions\{32bcc991-3e17-48ce-9311-3092165fd092}\components\Engine.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-11 165456]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-11 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-11 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-29 40384]
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe -k bthaudiosvc [2009-7-14 20992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-15 1153368]
R2 TunerFreeMCEService;TunerFreeMCEService;c:\program files\milliesoft\tunerfreemce\TunerFreeMCEService.exe [2010-6-11 9216]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-29 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-29 40384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2010-3-23 1812512]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2010-6-12 178913]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\drivers\BthAudioHF.sys [2009-12-21 43008]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2010-6-11 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2010-6-11 20480]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-12 16472]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111v.sys [2010-6-11 904192]

=============== Created Last 30 ================

2010-07-09 22:18:28 0 d-----w- c:\users\tigger\appdata\roaming\Malwarebytes
2010-07-09 22:18:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 22:18:19 0 d-----w- c:\programdata\Malwarebytes
2010-07-09 22:18:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 22:18:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 20:50:22 0 d-----w- c:\program files\Trend Micro
2010-07-02 14:45:17 0 d-----w- c:\program files\XBCD 360
2010-07-02 14:43:04 0 d-----w- c:\program files\XBox 360 Controller for Windows Software
2010-07-02 11:25:39 0 d-----w- c:\users\tigger\Games
2010-07-02 11:25:21 20228 ----a-w- c:\windows\system32\x360ce.ini
2010-07-01 17:55:54 0 d-----w- c:\users\tigger\appdata\roaming\Bioshock2
2010-07-01 17:32:02 0 d-sh--w- c:\programdata\SecuROM
2010-07-01 17:16:20 0 d-----w- c:\windows\system32\xlive
2010-07-01 17:16:19 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-01 17:00:01 0 d-----w- c:\program files\2K Games
2010-06-30 15:06:21 50 ----a-w- c:\windows\MegaManager.INI
2010-06-29 11:34:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-25 00:04:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
2010-06-24 14:10:14 0 d-----w- c:\programdata\nHancer
2010-06-24 13:59:32 0 d-----w- c:\programdata\NVIDIA
2010-06-24 13:56:00 0 d-----w- c:\programdata\NVIDIA Corporation
2010-06-24 13:55:56 0 d-----w- c:\program files\NVIDIA Corporation
2010-06-24 13:43:28 0 d-----w- c:\programdata\Caphyon
2010-06-24 12:29:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-24 12:05:47 0 d--h--w- c:\windows\msdownld.tmp
2010-06-24 12:05:43 0 d-----w- c:\windows\system32\directx
2010-06-24 11:39:19 0 d-----w- c:\program files\SystemRequirementsLab
2010-06-24 11:38:42 0 d-----w- c:\programdata\Sun
2010-06-24 11:38:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-22 22:58:35 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-06-22 21:06:01 0 d-----w- c:\program files\TVCatchup Ltd
2010-06-22 20:21:31 0 d-----w- c:\programdata\MillieSoft
2010-06-22 20:21:29 0 d-----w- c:\program files\MillieSoft
2010-06-22 17:40:05 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-22 17:40:03 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-22 17:40:02 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-22 17:40:01 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-06-22 17:40:01 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-06-22 12:01:44 0 d-----w- c:\programdata\Yahoo! Companion
2010-06-22 12:01:28 0 d-----w- c:\programdata\Yahoo!
2010-06-22 11:53:36 0 d-----w- c:\program files\Yahoo!
2010-06-22 11:50:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-21 23:26:36 0 d-----w- c:\program files\Elastomania
2010-06-19 16:38:44 0 d-----w- c:\program files\Astonsoft
2010-06-18 15:38:26 0 d-----w- c:\program files\PlayReady
2010-06-18 15:18:22 40 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-16 19:52:09 0 d-----w- c:\program files\MPC HomeCinema
2010-06-15 13:08:14 0 d-----w- c:\program files\Microsoft Security Essentials
2010-06-15 12:04:49 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-15 12:04:49 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-14 14:53:51 0 d-----w- c:\windows\system32\appmgmt
2010-06-14 14:49:54 0 d-----w- c:\programdata\SlySoft
2010-06-14 14:48:12 0 d-----w- c:\program files\SlySoft
2010-06-14 11:48:42 0 d-----w- c:\program files\ePSXe
2010-06-14 11:39:36 0 d-----w- c:\users\tigger\appdata\roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-06-14 11:39:31 0 d-----w- c:\program files\BBC iPlayer Desktop
2010-06-13 21:00:55 0 d-----w- c:\program files\PLAYLOGIC
2010-06-12 21:47:01 0 d-----w- c:\users\tigger\appdata\roaming\OpenOffice.org
2010-06-12 21:07:23 0 d-----w- c:\programdata\Messenger Plus!
2010-06-12 21:07:10 0 d-----w- c:\program files\Messenger Plus! Live
2010-06-12 20:57:54 0 d-----w- c:\users\tigger\appdata\roaming\MessengerDiscovery 2
2010-06-12 20:57:49 0 d-----w- c:\programdata\MessengerDiscovery 2
2010-06-12 20:57:49 0 d-----w- c:\program files\MessengerDiscovery 2
2010-06-12 13:06:17 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-06-12 13:03:40 0 d-----w- c:\program files\Creative
2010-06-12 02:02:18 0 d-----w- c:\windows\Panther
2010-06-12 00:28:41 0 d-----w- c:\windows\pss
2010-06-12 00:01:00 0 d-----w- c:\users\tigger\appdata\roaming\TomTom
2010-06-12 00:00:43 0 d-----w- c:\program files\TomTom HOME 2
2010-06-11 23:58:41 0 d-----w- c:\program files\Elaborate Bytes
2010-06-11 23:55:24 0 d-----w- c:\program files\PeerBlock
2010-06-11 23:54:41 0 d-----w- c:\program files\uTorrent
2010-06-11 23:53:36 0 d-----w- c:\users\tigger\appdata\roaming\uTorrent
2010-06-11 23:52:08 0 d-----w- c:\program files\OpenOffice.org 3
2010-06-11 23:50:14 0 d---a-w- c:\programdata\TEMP
2010-06-11 23:50:10 0 d-----w- c:\program files\SpywareBlaster
2010-06-11 23:36:53 0 d-----w- c:\users\tigger\appdata\roaming\Spotify
2010-06-11 23:36:50 0 d-----w- c:\program files\Spotify
2010-06-11 23:34:50 0 d-----r- c:\program files\Skype
2010-06-11 23:34:48 0 d-----w- c:\programdata\Skype
2010-06-11 23:32:51 0 d-----w- c:\program files\CCleaner
2010-06-11 23:29:25 0 d-----w- c:\programdata\Adobe
2010-06-11 22:37:56 0 d-----w- c:\users\tigger\Tracing
2010-06-11 22:37:17 0 d-----w- c:\program files\Microsoft
2010-06-11 22:37:01 0 d-----w- c:\program files\Windows Live SkyDrive
2010-06-11 22:36:25 0 d-----w- c:\windows\PCHEALTH
2010-06-11 22:31:41 0 d-----w- c:\program files\common files\Windows Live
2010-06-11 21:15:20 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-11 21:14:28 0 d-----w- c:\programdata\Alwil Software
2010-06-11 21:03:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-11 21:00:26 766 ----a-w- c:\windows\system32\Uninstall.ico
2010-06-11 21:00:26 0 d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-06-11 21:00:24 0 d-----w- c:\program files\Samsung
2010-06-11 20:24:37 0 d-----w- C:\MGADiagToolOutput
2010-06-11 20:24:16 0 d-----w- c:\programdata\Office Genuine Advantage
2010-06-11 19:32:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-11 19:20:12 21504 ----a-w- c:\windows\system32\drivers\DNIMP50.sys
2010-06-11 19:20:12 20480 ----a-w- c:\windows\system32\drivers\DNISP50.sys
2010-06-11 19:20:11 904192 ----a-w- c:\windows\system32\drivers\WPN111v.sys
2010-06-11 19:20:11 0 d-----w- c:\program files\NETGEAR
2010-06-11 17:20:36 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-11 17:20:36 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-11 17:20:36 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-11 17:20:36 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-11 17:20:36 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-11 17:17:59 0 d-----w- c:\windows\system32\wbem\Performance
2010-06-11 17:16:13 791434 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-06-11 17:15:01 0 d-----w- c:\windows\system32\URTTEMP
2010-06-11 17:14:54 0 d-sh--w- c:\windows\Installer
2010-06-11 17:14:19 0 d-sh--w- C:\Recovery

==================== Find3M ====================

2010-06-09 00:48:27 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 00:48:07 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-09 00:47:53 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-06-09 00:47:35 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-06-09 00:47:35 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-09 00:47:19 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-09 00:47:19 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-09 00:47:18 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-09 00:47:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 00:47:06 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 00:46:26 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-09 00:46:26 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-09 00:46:13 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 00:46:00 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 00:45:48 132608 ----a-w- c:\windows\system32\cabview.dll
2010-06-09 00:45:35 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-09 00:45:35 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-09 00:45:35 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-09 00:45:35 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-09 00:45:34 369152 ----a-w- c:\windows\system32\secproc.dll
2010-06-09 00:45:34 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-09 00:45:33 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-09 00:45:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-09 00:45:18 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-09 00:45:05 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-09 00:44:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-09 00:44:08 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-06-09 00:44:08 2614272 ----a-w- c:\windows\explorer.exe
2010-06-09 00:43:39 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-06-09 00:43:11 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-06-09 00:43:11 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-06-09 00:43:11 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-06-09 00:43:11 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-06-09 00:43:11 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-06-09 00:43:11 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-06-09 00:43:11 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-06-09 00:43:11 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-06-09 00:42:57 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-06-09 00:42:45 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-09 00:42:32 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-06-09 00:42:12 507568 ----a-w- c:\windows\system32\winload.exe
2010-06-09 00:42:12 442920 ----a-w- c:\windows\system32\winresume.exe
2010-06-09 00:42:12 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-09 00:42:11 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-06-09 00:42:11 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-06-09 00:41:49 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-06-09 00:41:49 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-06-09 00:41:36 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-09 00:41:35 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-07 16:47:34 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-06-07 16:47:34 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
2010-06-07 16:47:34 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 16:47:34 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 16:47:34 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 16:47:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-02 03:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 03:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 03:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 10:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 10:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 10:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 10:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 10:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-04-16 21:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:06:57.13 ===============




Thanks for any assistance

Edited by blufreak, 09 July 2010 - 06:17 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 12 July 2010 - 06:26 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


In your reply, please post both OTL logs.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 17 July 2010 - 06:30 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users