Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google keeps redirecting...sometimes


  • This topic is locked This topic is locked
13 replies to this topic

#1 mjmj824

mjmj824

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 23 July 2011 - 01:16 PM

A.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Marcus at 14:01:41 on 2011-07-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4058.2052 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.AAA
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TekFax\TekFax.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Marcus\Downloads\PicturesToExe_Deluxe_v6.5.8_Portable\PicturesToExe Deluxe v6.5.8 Portable\PicturesToExe.exe
C:\Users\Marcus\Downloads\PicturesToExe_Deluxe_v6.5.8_Portable\PicturesToExe Deluxe v6.5.8 Portable\PicturesToExe.exe
C:\Users\Marcus\Downloads\PicturesToExe_Deluxe_v6.5.8_Portable\PicturesToExe Deluxe v6.5.8 Portable\PicturesToExe.exe
C:\Users\Marcus\Downloads\PicturesToExe_Deluxe_v6.5.8_Portable\PicturesToExe Deluxe v6.5.8 Portable\PicturesToExe.exe
C:\Users\Marcus\Downloads\PicturesToExe_Deluxe_v6.5.8_Portable\PicturesToExe Deluxe v6.5.8 Portable\PicturesToExe.exe
C:\Users\Marcus\AppData\Roaming\Thinstall\PicturesToExe 6.5\SKEL\b2f2ebf571d25ba0a691e3b5f12df2941752a312\x264.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Marcus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30235FC3-6CA6-414D-843B-9121A37A4B80} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30235FC3-6CA6-414D-843B-9121A37A4B80}\24C61636B63547162737 : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{30235FC3-6CA6-414D-843B-9121A37A4B80}\2544D4 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{30235FC3-6CA6-414D-843B-9121A37A4B80}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{30235FC3-6CA6-414D-843B-9121A37A4B80}\46C696E6B6132333 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D59A0FFC-5C03-4359-BA02-38D595ECAEC1} : DhcpNameServer = 192.168.0.1
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-22 42184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-23 366640]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-2-18 462632]
R2 TekFax;TekFax;C:\Program Files (x86)\TekFax\TekFax.exe [2011-5-20 163840]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-11-2 365336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-23 17:20:55 388096 ----a-r- C:\Users\Marcus\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-23 17:20:55 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-23 16:39:24 -------- d-----w- C:\Users\Marcus\AppData\Roaming\Malwarebytes
2011-07-23 16:39:07 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-23 16:39:07 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-23 16:39:04 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-23 16:39:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-23 15:59:48 -------- d-----w- C:\Program Files (x86)\Fotosizer
2011-07-23 04:32:05 -------- d-----w- C:\Users\Marcus\q
2011-07-23 01:32:22 -------- d-----w- C:\Program Files (x86)\Bulk Rename Utility
2011-07-23 00:18:05 -------- d-----w- C:\Users\Marcus\AppData\Local\Nero_AG
2011-07-23 00:11:16 -------- d-----w- C:\ProgramData\PicturesToExe
2011-07-23 00:00:24 -------- d-----w- C:\Users\Marcus\AppData\Roaming\Thinstall
2011-07-23 00:00:24 -------- d-----w- C:\Users\Marcus\AppData\Local\Thinstall
2011-07-22 23:50:09 -------- d-----w- C:\Users\Marcus\AppData\Local\Nero
2011-07-22 23:35:53 -------- d-----w- C:\ProgramData\Nero
2011-07-22 23:34:40 -------- d-----w- C:\Program Files (x86)\Nero
2011-07-22 23:16:43 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-22 23:16:37 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-07-22 23:16:02 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-22 23:15:52 -------- d-----w- C:\ProgramData\AVAST Software
2011-07-22 23:15:52 -------- d-----w- C:\Program Files\AVAST Software
2011-07-22 20:44:45 -------- d--h--w- C:\$AVG
2011-07-22 20:27:44 -------- d-----w- C:\Users\Marcus\AppData\Roaming\AVG
2011-07-22 20:17:23 -------- d-----w- C:\Users\Marcus\AppData\Roaming\AVG10
2011-07-22 20:13:08 -------- d--h--w- C:\ProgramData\Common Files
2011-07-22 20:11:29 -------- d-----w- C:\ProgramData\AVG10
2011-07-22 20:09:37 -------- d-----w- C:\Program Files (x86)\AVG
2011-07-22 20:03:39 -------- d-----w- C:\ProgramData\MFAData
2011-07-22 16:52:54 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-07-22 16:52:52 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-07-22 16:52:50 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-07-22 16:52:48 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll
2011-07-22 16:42:11 66048 --sha-r- C:\Windows\SysWow64\KBDTAJIK7.dll
2011-07-22 16:38:33 24832 ----a-w- C:\Windows\SysWow64\PteVideo.dll
2011-07-21 01:36:15 -------- d-----w- C:\Users\Marcus\AppData\Local\Eclipse
2011-07-21 01:36:01 -------- d-----w- C:\Users\Marcus\workspace
2011-07-20 22:31:18 -------- d-----w- C:\test
2011-07-20 22:27:25 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-07-17 01:49:37 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-17 01:38:58 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-07-17 01:28:13 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-07-17 01:28:07 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-14 16:11:16 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-07-12 14:52:00 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{367670D7-7731-459C-AC81-86355F6AB024}\mpengine.dll
2011-07-11 21:56:03 -------- d-----w- C:\Users\Marcus\.idlerc
2011-07-11 21:53:36 -------- d-----w- C:\Python27
2011-07-11 15:18:34 -------- d-----w- C:\Program Files (x86)\TekFax
2011-07-05 01:38:38 -------- d-----w- C:\Users\Marcus\AppData\Local\Microsoft Games
2011-07-01 05:05:25 -------- d-----w- C:\Users\Marcus\AppData\Local\ElevatedDiagnostics
2011-06-29 15:21:46 -------- d-----w- C:\Program Files\CCleaner
2011-06-23 18:30:41 -------- dc-h--w- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-23 18:30:41 -------- d-----w- C:\Users\Marcus\AppData\Roaming\Uniblue
2011-06-23 18:30:40 -------- d-----w- C:\Program Files (x86)\Uniblue
2011-06-23 18:30:36 -------- d-----w- C:\Users\Marcus\AppData\Local\PackageAware
2011-06-23 18:15:16 -------- d-----w- C:\Users\Marcus\AppData\Roaming\Intuit
2011-06-23 18:12:09 -------- d-----w- C:\Users\Marcus\AppData\Local\IsolatedStorage
2011-06-23 18:12:06 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2011-06-23 18:11:52 -------- d-----w- C:\Program Files (x86)\TurboTax
2011-06-23 18:11:32 -------- d-----w- C:\ProgramData\Intuit
.
==================== Find3M ====================
.
2011-07-22 23:32:08 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-12 19:09:18 2206720 ----a-w- C:\Windows\SysWow64\python27.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-14 07:41:52 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-05-14 07:41:52 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-05-14 07:41:52 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-05-14 07:41:26 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-05-14 07:39:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-05-14 07:32:18 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-05-14 06:35:45 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-05-14 06:34:06 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-05-14 06:33:45 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-05-14 06:32:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-05-14 04:29:25 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-05-14 04:29:25 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 14:05:19.83 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 02 August 2011 - 01:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/410868 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mjmj824

mjmj824
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 02 August 2011 - 01:55 PM

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Marcus at 14:47:49 on 2011-08-02
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4058.1452 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Songbird\songbird.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\FirstClass\fcc32.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtblfs.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Marcus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30235FC3-6CA6-414D-843B-9121A37A4B80} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30235FC3-6CA6-414D-843B-9121A37A4B80}\24C61636B63547162737 : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{30235FC3-6CA6-414D-843B-9121A37A4B80}\2544D4 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{30235FC3-6CA6-414D-843B-9121A37A4B80}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{30235FC3-6CA6-414D-843B-9121A37A4B80}\46C696E6B6132333 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{30235FC3-6CA6-414D-843B-9121A37A4B80}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D59A0FFC-5C03-4359-BA02-38D595ECAEC1} : DhcpNameServer = 192.168.0.1
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-22 42184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-23 366640]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-11-2 365336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-27 02:33:58 -------- d-----w- C:\Program Files (x86)\MagicISO
2011-07-27 02:17:48 -------- d-----w- C:\ubuntu
2011-07-24 21:08:02 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-07-24 21:01:39 -------- d-----w- C:\Users\Marcus\AppData\Local\Songbird2
2011-07-24 21:01:38 -------- d-----w- C:\Users\Marcus\AppData\Roaming\Songbird2
2011-07-24 21:01:35 15664 ----a-w- C:\Windows\SysWow64\drivers\GEARAspiWDM.sys
2011-07-24 21:01:09 -------- d-----w- C:\Program Files (x86)\Songbird
2011-07-24 07:01:01 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-07-23 20:26:52 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9W.DLL
2011-07-23 20:26:52 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9W.DLL
2011-07-23 20:03:23 -------- d-----w- C:\Autoruns
2011-07-23 17:20:55 388096 ----a-r- C:\Users\Marcus\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-23 17:20:55 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-23 16:39:24 -------- d-----w- C:\Users\Marcus\AppData\Roaming\Malwarebytes
2011-07-23 16:39:07 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-23 16:39:07 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-23 16:39:04 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-23 16:39:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-23 04:32:05 -------- d-----w- C:\Users\Marcus\q
2011-07-23 00:18:05 -------- d-----w- C:\Users\Marcus\AppData\Local\Nero_AG
2011-07-23 00:11:16 -------- d-----w- C:\ProgramData\PicturesToExe
2011-07-23 00:00:24 -------- d-----w- C:\Users\Marcus\AppData\Roaming\Thinstall
2011-07-23 00:00:24 -------- d-----w- C:\Users\Marcus\AppData\Local\Thinstall
2011-07-22 23:50:09 -------- d-----w- C:\Users\Marcus\AppData\Local\Nero
2011-07-22 23:35:53 -------- d-----w- C:\ProgramData\Nero
2011-07-22 23:16:43 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-22 23:16:37 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-07-22 23:16:02 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-22 23:15:52 -------- d-----w- C:\ProgramData\AVAST Software
2011-07-22 23:15:52 -------- d-----w- C:\Program Files\AVAST Software
2011-07-22 20:44:45 -------- d--h--w- C:\$AVG
2011-07-22 20:27:44 -------- d-----w- C:\Users\Marcus\AppData\Roaming\AVG
2011-07-22 20:17:23 -------- d-----w- C:\Users\Marcus\AppData\Roaming\AVG10
2011-07-22 20:13:08 -------- d--h--w- C:\ProgramData\Common Files
2011-07-22 20:11:29 -------- d-----w- C:\ProgramData\AVG10
2011-07-22 20:09:37 -------- d-----w- C:\Program Files (x86)\AVG
2011-07-22 20:03:39 -------- d-----w- C:\ProgramData\MFAData
2011-07-22 16:52:54 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-07-22 16:52:52 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-07-22 16:52:50 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-07-22 16:52:48 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll
2011-07-22 16:42:11 66048 --sha-r- C:\Windows\SysWow64\KBDTAJIK7.dll
2011-07-22 16:38:33 24832 ----a-w- C:\Windows\SysWow64\PteVideo.dll
2011-07-21 01:36:15 -------- d-----w- C:\Users\Marcus\AppData\Local\Eclipse
2011-07-21 01:36:01 -------- d-----w- C:\Users\Marcus\workspace
2011-07-20 22:31:18 -------- d-----w- C:\test
2011-07-20 22:27:25 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-07-17 01:49:37 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-17 01:38:58 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-07-17 01:28:13 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-07-17 01:28:07 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-14 16:11:16 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-07-12 14:52:00 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{367670D7-7731-459C-AC81-86355F6AB024}\mpengine.dll
2011-07-11 21:56:03 -------- d-----w- C:\Users\Marcus\.idlerc
2011-07-11 21:53:36 -------- d-----w- C:\Python27
2011-07-11 15:18:34 -------- d-----w- C:\Program Files (x86)\TekFax
2011-07-05 01:38:38 -------- d-----w- C:\Users\Marcus\AppData\Local\Microsoft Games
.
==================== Find3M ====================
.
2011-07-22 23:32:08 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-12 19:09:18 2206720 ----a-w- C:\Windows\SysWow64\python27.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-14 07:41:52 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-05-14 07:41:52 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-05-14 07:41:52 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-05-14 07:41:26 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-05-14 07:39:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-05-14 07:32:18 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-05-14 06:35:45 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-05-14 06:34:06 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-05-14 06:33:45 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-05-14 06:32:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-05-14 04:29:25 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-05-14 04:29:25 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 14:52:32.40 ===============

Running windows 7 64 bit and have original windows cd

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:37 AM

Posted 02 August 2011 - 02:35 PM

Hi mjmj824, and welcome to Bleeping Computer.

Firstly,
Looks like you have two antivirus programs installed and running: Kaspersky Anti-Virus 2011 and Avast! ... It's not recommended to run more than one antivirus program in resident mode because they can conflict with each other.
I strongly suggest you uninstall one of these programs. Please let me know what you decide...

Secondly,
Please go to http://www.virustotal.com/ , click on Browse, and upload the following file for analysis:

C:\Windows\SysWow64\PteVideo.dll

Then click Send File. Allow the file to be uploaded and scanned. Then, please post a link to the results page for me to see.

Thirdly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Finally,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 mjmj824

mjmj824
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 02 August 2011 - 04:00 PM

Antivirus Version Last Update Result
AhnLab-V3 2011.08.02.01 2011.08.02 -
AntiVir 7.11.12.198 2011.08.02 -
Antiy-AVL 2.0.3.7 2011.08.02 -
Avast 4.8.1351.0 2011.08.02 -
Avast5 5.0.677.0 2011.08.02 -
AVG 10.0.0.1190 2011.08.02 -
BitDefender 7.2 2011.08.02 -
CAT-QuickHeal 11.00 2011.08.02 -
ClamAV 0.97.0.0 2011.08.02 -
Commtouch 5.3.2.6 2011.08.02 -
Comodo 9603 2011.08.02 -
DrWeb 5.0.2.03300 2011.08.02 -
Emsisoft 5.1.0.8 2011.08.02 -
eSafe 7.0.17.0 2011.08.01 -
eTrust-Vet 36.1.8479 2011.08.02 -
F-Prot 4.6.2.117 2011.08.02 -
F-Secure 9.0.16440.0 2011.08.02 -
Fortinet 4.2.257.0 2011.08.02 -
GData 22 2011.08.02 -
Ikarus T3.1.1.104.0 2011.08.02 -
Jiangmin 13.0.900 2011.08.02 -
K7AntiVirus 9.109.4973 2011.08.02 -
Kaspersky 9.0.0.837 2011.08.02 -
McAfee 5.400.0.1158 2011.08.02 -
McAfee-GW-Edition 2010.1D 2011.08.02 -
Microsoft 1.7104 2011.08.02 -
NOD32 6345 2011.08.02 -
Norman 6.07.10 2011.08.02 -
nProtect 2011-08-02.01 2011.08.02 -
Panda 10.0.3.5 2011.08.02 -
PCTools 8.0.0.5 2011.08.02 -
Prevx 3.0 2011.08.02 -
Rising 23.69.01.03 2011.08.02 -
Sophos 4.67.0 2011.08.02 -
SUPERAntiSpyware 4.40.0.1006 2011.08.02 -
Symantec 20111.1.0.186 2011.08.02 -
TheHacker 6.7.0.1.267 2011.08.02 -
TrendMicro 9.200.0.1012 2011.08.02 -
TrendMicro-HouseCall 9.200.0.1012 2011.08.02 -
VBA32 3.12.16.4 2011.08.02 -
VIPRE 10044 2011.08.02 -
ViRobot 2011.8.2.4601 2011.08.02 -
VirusBuster 14.0.150.0 2011.08.02 -
Additional informationShow all
MD5 : 0f534bbfd5912659741c988811fcabac
SHA1 : d9682c3da4a20be48e7bd9b968998e4e9934a9c0
SHA256: bf8844ede77ba70fe824a4ecdebd6a2454f062b52c53ab7b5baee085beb6061f
VT Community

#6 mjmj824

mjmj824
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 02 August 2011 - 04:26 PM

OTL logfile created on: 8/2/2011 5:09:41 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Marcus\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 59.87% Memory free
7.92 Gb Paging File | 6.30 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 180.72 Gb Free Space | 60.63% Space Free | Partition Type: NTFS

Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/02 17:08:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Downloads\OTL.exe
PRC - [2011/07/22 19:32:08 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/05/03 11:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2011/01/27 07:07:18 | 000,188,416 | ---- | M] (POTI, Inc.) -- C:\Program Files (x86)\Songbird\songbird.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/01/05 12:32:14 | 012,148,656 | ---- | M] (Open Text Inc.) -- C:\Program Files\FirstClass\fcc32.exe


========== Modules (SafeList) ==========

MOD - [2011/08/02 17:08:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Downloads\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/29 02:47:36 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/01/27 07:06:50 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 E9 BA F3 39 51 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: albumart@songbirdnest.com:1.0.10.1959
FF - prefs.js..extensions.enabledItems: gonzo@songbirdnest.com:1.9.3
FF - prefs.js..extensions.enabledItems: purplerain@songbirdnest.com:1.9.3
FF - prefs.js..extensions.enabledItems: mashTape@songbirdnest.com:1.1.6.1959
FF - prefs.js..extensions.enabledItems: shoutcast-radio@songbirdnest.com:1.0.5.1959
FF - prefs.js..extensions.enabledItems: cd-rip@songbirdnest.com:1.0.6.1959
FF - prefs.js..extensions.enabledItems: gracenote@songbirdnest.com:1.0.5.1959
FF - prefs.js..extensions.enabledItems: msc@songbirdnest.com:1.0.6.1985
FF - prefs.js..extensions.enabledItems: mtp@songbirdnest.com:1.0.21.1959
FF - prefs.js..extensions.enabledItems: quicktime@songbirdnest.com:1.0.9.1959
FF - prefs.js..extensions.enabledItems: windowsmedia@songbirdnest.com:1.0.9.1959
FF - prefs.js..extensions.enabledItems: {0ca736c3-42f1-4d7f-9030-4abb1531d0d9}:3.3

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\Marcus\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)


[2011/07/24 17:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\Mozilla\Extensions
[2011/07/24 17:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2011/07/24 17:01:13 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES (X86)\SONGBIRD\EXTENSIONS\ALBUMART@SONGBIRDNEST.COM
[2011/07/24 17:01:13 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES (X86)\SONGBIRD\EXTENSIONS\GONZO@SONGBIRDNEST.COM
[2011/07/24 17:01:14 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES (X86)\SONGBIRD\EXTENSIONS\PURPLERAIN@SONGBIRDNEST.COM
[2011/07/25 00:10:20 | 000,000,000 | ---D | M] (MediaFlow) -- C:\USERS\MARCUS\APPDATA\ROAMING\SONGBIRD2\PROFILES\DNUZBXGM.DEFAULT\EXTENSIONS\{0CA736C3-42F1-4D7F-9030-4ABB1531D0D9}
[2011/07/24 19:46:58 | 000,000,000 | ---D | M] (CD Rip Support) -- C:\USERS\MARCUS\APPDATA\ROAMING\SONGBIRD2\PROFILES\DNUZBXGM.DEFAULT\EXTENSIONS\CD-RIP@SONGBIRDNEST.COM
[2011/07/24 19:46:58 | 000,000,000 | ---D | M] (Gracenote Metadata Lookup Provider) -- C:\USERS\MARCUS\APPDATA\ROAMING\SONGBIRD2\PROFILES\DNUZBXGM.DEFAULT\EXTENSIONS\GRACENOTE@SONGBIRDNEST.COM
[2011/07/24 19:46:58 | 000,000,000 | ---D | M] (mashTape) -- C:\USERS\MARCUS\APPDATA\ROAMING\SONGBIRD2\PROFILES\DNUZBXGM.DEFAULT\EXTENSIONS\MASHTAPE@SONGBIRDNEST.COM
[2011/07/24 19:46:58 | 000,000,000 | ---D | M] (MSC Device Support) -- C:\USERS\MARCUS\APPDATA\ROAMING\SONGBIRD2\PROFILES\DNUZBXGM.DEFAULT\EXTENSIONS\MSC@SONGBIRDNEST.COM
[2011/07/24 19:46:58 | 000,000,000 | ---D | M] (MTP Device Support) -- C:\USERS\MARCUS\APPDATA\ROAMING\SONGBIRD2\PROFILES\DNUZBXGM.DEFAULT\EXTENSIONS\MTP@SONGBIRDNEST.COM
[2011/07/24 19:46:57 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\USERS\MARCUS\APPDATA\ROAMING\SONGBIRD2\PROFILES\DNUZBXGM.DEFAULT\EXTENSIONS\QUICKTIME@SONGBIRDNEST.COM
[2011/07/24 19:46:58 | 000,000,000 | ---D | M] (SHOUTcast Radio) -- C:\USERS\MARCUS\APPDATA\ROAMING\SONGBIRD2\PROFILES\DNUZBXGM.DEFAULT\EXTENSIONS\SHOUTCAST-RADIO@SONGBIRDNEST.COM
[2011/07/24 19:46:57 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\USERS\MARCUS\APPDATA\ROAMING\SONGBIRD2\PROFILES\DNUZBXGM.DEFAULT\EXTENSIONS\WINDOWSMEDIA@SONGBIRDNEST.COM

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/23 16:03:23 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{eba85b2f-89c0-11e0-a1bd-a4badb9779a6}\Shell - "" = AutoRun
O33 - MountPoints2\{eba85b2f-89c0-11e0-a1bd-a4badb9779a6}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.ptev - C:\Windows\SysWow64\PteVideo.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/02 14:47:39 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Marcus\Desktop\dds (1).scr
[2011/07/29 21:08:43 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\InstallShield
[2011/07/26 22:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/07/26 22:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2011/07/26 22:17:48 | 000,000,000 | ---D | C] -- C:\ubuntu
[2011/07/26 21:37:16 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Desktop\New folder
[2011/07/26 21:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/07/26 21:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011/07/24 17:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/07/24 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011/07/24 17:02:02 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Mozilla
[2011/07/24 17:01:39 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Songbird2
[2011/07/24 17:01:38 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Songbird2
[2011/07/24 17:01:35 | 000,015,664 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\drivers\GEARAspiWDM.sys
[2011/07/24 17:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songbird
[2011/07/24 17:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Songbird
[2011/07/24 03:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/07/23 16:26:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011/07/23 16:03:23 | 000,000,000 | ---D | C] -- C:\Autoruns
[2011/07/23 13:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/23 13:20:55 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/23 12:39:24 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes
[2011/07/23 12:39:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/23 12:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/23 12:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/23 12:39:04 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/23 12:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/23 01:58:35 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Desktop\final
[2011/07/23 00:32:05 | 000,000,000 | ---D | C] -- C:\Users\Marcus\q
[2011/07/22 22:30:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/22 20:18:05 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Nero_AG
[2011/07/22 20:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PicturesToExe
[2011/07/22 20:00:24 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Thinstall
[2011/07/22 20:00:24 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Thinstall
[2011/07/22 19:50:09 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Nero
[2011/07/22 19:48:22 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\NeroVision
[2011/07/22 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Nero
[2011/07/22 19:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011/07/22 19:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/07/22 19:16:50 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/22 19:16:49 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/22 19:16:45 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/22 19:16:44 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/22 19:16:43 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/22 19:16:37 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/22 19:16:37 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/22 19:16:02 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/22 19:16:01 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/22 19:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/07/22 19:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/22 16:44:45 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/07/22 16:27:44 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\AVG
[2011/07/22 16:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/07/22 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\AVG10
[2011/07/22 16:13:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/22 16:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/22 16:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/07/22 16:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/22 15:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/07/22 12:52:54 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/07/22 12:52:52 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/07/22 12:52:50 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/07/22 12:52:48 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/07/20 21:36:15 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Eclipse
[2011/07/20 21:36:01 | 000,000,000 | ---D | C] -- C:\Users\Marcus\workspace
[2011/07/20 21:34:12 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Desktop\eclipse
[2011/07/20 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/07/20 18:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/07/20 18:33:27 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Notepad++
[2011/07/20 18:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2011/07/20 18:31:18 | 000,000,000 | ---D | C] -- C:\test
[2011/07/20 18:27:25 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/07/20 18:27:25 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/07/20 18:27:25 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/07/20 18:27:25 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/07/20 18:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/17 11:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/07/17 11:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/07/17 03:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/14 12:16:20 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\vlc
[2011/07/14 12:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/07/14 12:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/07/14 01:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/14 01:49:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/07/14 01:49:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/07/14 01:49:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/07/12 22:13:33 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/12 22:13:33 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/12 22:13:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/12 22:13:33 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/12 22:13:33 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/12 22:13:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/12 22:13:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/12 22:13:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/12 22:13:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/12 22:13:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/12 22:13:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/12 22:13:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/12 22:13:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/12 22:13:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/12 22:13:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/12 22:13:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/12 22:13:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/12 22:13:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/12 22:13:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/12 22:13:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/12 22:13:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/12 22:13:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/12 22:13:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/12 22:13:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/12 22:13:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/12 22:13:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/12 22:13:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/12 22:13:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/12 22:13:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/12 22:13:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/12 22:13:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/12 22:13:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/12 22:13:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/12 22:13:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/12 22:13:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/12 22:13:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/12 22:13:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/12 22:13:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/12 22:13:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/12 22:13:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/12 22:13:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/12 22:13:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/12 22:13:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/12 22:13:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/12 22:13:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/12 22:13:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/11 17:56:03 | 000,000,000 | ---D | C] -- C:\Users\Marcus\.idlerc
[2011/07/11 17:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2011/07/11 17:53:36 | 000,000,000 | ---D | C] -- C:\Python27
[2011/07/11 11:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TekFax
[2011/07/11 11:11:08 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Documents\Scanned Documents
[2011/07/11 11:11:07 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\Fax
[2011/07/04 21:38:38 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Microsoft Games

========== Files - Modified Within 30 Days ==========

[2011/08/02 17:13:15 | 000,009,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 17:13:15 | 000,009,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 16:50:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3465892717-3240548608-1662604358-1001UA.job
[2011/08/02 16:33:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/02 14:47:27 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Marcus\Desktop\dds (1).scr
[2011/08/02 13:50:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3465892717-3240548608-1662604358-1001Core.job
[2011/08/02 07:57:47 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\SGIV.job
[2011/08/02 07:57:25 | 3191,623,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/31 12:21:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/28 21:44:50 | 000,745,794 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/28 21:44:50 | 000,637,088 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/28 21:44:50 | 000,112,492 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/26 22:47:51 | 842,606,591 | ---- | M] () -- C:\Users\Marcus\Documents\WIN_7_HOMEPREMIUM.ISO
[2011/07/26 22:47:51 | 842,606,591 | ---- | M] () -- C:\Users\Marcus\Desktop\WIN_7_HOMEPREMIUM.ISO
[2011/07/26 22:47:51 | 000,008,414 | ---- | M] () -- C:\Users\Marcus\Documents\WIN_7_HOMEPREMIUM.MDS
[2011/07/26 22:47:51 | 000,008,414 | ---- | M] () -- C:\Users\Marcus\Desktop\WIN_7_HOMEPREMIUM.MDS
[2011/07/26 22:29:23 | 000,148,208 | ---- | M] () -- C:\wubildr
[2011/07/26 22:29:23 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2011/07/26 21:59:40 | 000,026,448 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/07/26 21:59:40 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/07/24 23:55:41 | 000,230,296 | ---- | M] () -- C:\Users\Marcus\Desktop\directions.xps
[2011/07/23 18:03:09 | 164,463,105 | ---- | M] () -- C:\Users\Marcus\Desktop\TheDom-huhuh9-TPL.mp4
[2011/07/23 14:33:19 | 128,242,688 | ---- | M] () -- C:\Users\Marcus\Desktop\TheDom-huhuh9-TPL_vid178.avi
[2011/07/23 14:00:48 | 000,000,000 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2011/07/23 14:00:26 | 000,050,477 | ---- | M] () -- C:\Users\Marcus\Desktop\Defogger.exe
[2011/07/23 13:37:32 | 001,670,308 | ---- | M] () -- C:\Users\Marcus\Desktop\TheDom-huhuh9-TPL.pte
[2011/07/23 13:35:10 | 024,811,431 | ---- | M] () -- C:\Users\Marcus\Desktop\TheDom-huhuh9-TPL.exe
[2011/07/23 13:20:55 | 000,002,981 | ---- | M] () -- C:\Users\Marcus\Desktop\HiJackThis.lnk
[2011/07/22 23:02:00 | 019,730,917 | ---- | M] () -- C:\Users\Marcus\Desktop\TheDom-PhotoPiles4_16-9-TPL.exe
[2011/07/22 22:41:53 | 004,953,864 | ---- | M] () -- C:\Users\Marcus\Desktop\Maze-BeforeILetGoOriginalLPVersion.mp3
[2011/07/22 22:41:07 | 012,210,443 | ---- | M] () -- C:\Users\Marcus\Desktop\1-07 Southern Girl.mp3
[2011/07/22 19:32:08 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/07/22 19:16:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/22 15:57:29 | 000,016,996 | ---- | M] () -- C:\Users\Marcus\Documents\cc_20110722_155725.reg
[2011/07/22 15:56:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/22 12:42:11 | 000,066,048 | RHS- | M] () -- C:\Windows\SysWow64\KBDTAJIK7.dll
[2011/07/20 18:33:28 | 000,001,059 | ---- | M] () -- C:\Users\Marcus\Desktop\Notepad++.lnk
[2011/07/20 18:27:14 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/07/20 18:27:14 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/07/20 18:27:14 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/07/20 18:27:14 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Marcus\Desktop\gmer.exe
[2011/07/16 15:20:24 | 000,010,478 | ---- | M] () -- C:\Users\Marcus\Documents\Untitled%201.odt_1.odt
[2011/07/14 21:33:54 | 000,012,556 | ---- | M] () -- C:\Users\Marcus\Documents\untitled_0.odt
[2011/07/13 16:08:51 | 000,305,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/11 20:23:41 | 000,000,102 | -H-- | M] () -- C:\Users\Marcus\Documents\.~lock.Untitled 1.odt#
[2011/07/11 02:53:25 | 000,010,382 | ---- | M] () -- C:\Users\Marcus\Documents\Untitled 1.odt
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 07:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/04 07:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/04 07:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/04 07:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/04 07:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 07:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/07/31 12:21:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/26 23:17:41 | 000,008,414 | ---- | C] () -- C:\Users\Marcus\Documents\WIN_7_HOMEPREMIUM.MDS
[2011/07/26 23:13:00 | 842,606,591 | ---- | C] () -- C:\Users\Marcus\Documents\WIN_7_HOMEPREMIUM.ISO
[2011/07/26 22:47:51 | 000,008,414 | ---- | C] () -- C:\Users\Marcus\Desktop\WIN_7_HOMEPREMIUM.MDS
[2011/07/26 22:37:08 | 842,606,591 | ---- | C] () -- C:\Users\Marcus\Desktop\WIN_7_HOMEPREMIUM.ISO
[2011/07/26 22:29:23 | 000,148,208 | ---- | C] () -- C:\wubildr
[2011/07/26 22:29:23 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2011/07/26 21:55:56 | 000,026,448 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/07/26 21:55:56 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/07/24 23:55:38 | 000,230,296 | ---- | C] () -- C:\Users\Marcus\Desktop\directions.xps
[2011/07/23 18:03:09 | 164,463,105 | ---- | C] () -- C:\Users\Marcus\Desktop\TheDom-huhuh9-TPL.mp4
[2011/07/23 14:32:46 | 128,242,688 | ---- | C] () -- C:\Users\Marcus\Desktop\TheDom-huhuh9-TPL_vid178.avi
[2011/07/23 14:08:36 | 000,302,592 | ---- | C] () -- C:\Users\Marcus\Desktop\gmer.exe
[2011/07/23 14:00:48 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\defogger_reenable
[2011/07/23 14:00:30 | 000,050,477 | ---- | C] () -- C:\Users\Marcus\Desktop\Defogger.exe
[2011/07/23 13:35:07 | 024,811,431 | ---- | C] () -- C:\Users\Marcus\Desktop\TheDom-huhuh9-TPL.exe
[2011/07/23 13:20:55 | 000,002,981 | ---- | C] () -- C:\Users\Marcus\Desktop\HiJackThis.lnk
[2011/07/23 04:00:58 | 001,670,308 | ---- | C] () -- C:\Users\Marcus\Desktop\TheDom-huhuh9-TPL.pte
[2011/07/22 23:01:58 | 019,730,917 | ---- | C] () -- C:\Users\Marcus\Desktop\TheDom-PhotoPiles4_16-9-TPL.exe
[2011/07/22 22:41:35 | 004,953,864 | ---- | C] () -- C:\Users\Marcus\Desktop\Maze-BeforeILetGoOriginalLPVersion.mp3
[2011/07/22 22:41:01 | 012,210,443 | ---- | C] () -- C:\Users\Marcus\Desktop\1-07 Southern Girl.mp3
[2011/07/22 19:16:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/07/22 15:57:27 | 000,016,996 | ---- | C] () -- C:\Users\Marcus\Documents\cc_20110722_155725.reg
[2011/07/22 15:56:59 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/22 12:42:11 | 000,066,048 | RHS- | C] () -- C:\Windows\SysWow64\KBDTAJIK7.dll
[2011/07/22 12:42:11 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\SGIV.job
[2011/07/22 12:38:33 | 000,024,832 | ---- | C] () -- C:\Windows\SysWow64\PteVideo.dll
[2011/07/21 19:39:04 | 000,012,556 | ---- | C] () -- C:\Users\Marcus\Documents\untitled_0.odt
[2011/07/21 19:39:04 | 000,010,478 | ---- | C] () -- C:\Users\Marcus\Documents\Untitled%201.odt_1.odt
[2011/07/20 18:33:28 | 000,001,059 | ---- | C] () -- C:\Users\Marcus\Desktop\Notepad++.lnk
[2011/07/17 11:56:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/11 20:23:41 | 000,000,102 | -H-- | C] () -- C:\Users\Marcus\Documents\.~lock.Untitled 1.odt#
[2011/07/11 02:53:23 | 000,010,382 | ---- | C] () -- C:\Users\Marcus\Documents\Untitled 1.odt
[2011/06/01 13:21:57 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2011/05/30 15:24:43 | 000,000,094 | ---- | C] () -- C:\Users\Marcus\AppData\Local\fusioncache.dat
[2011/05/29 23:20:58 | 000,749,788 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/26 05:09:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/01/17 07:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/05/25 17:21:52 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/08/02 07:57:25 | 3191,623,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/25 15:00:07 | 000,000,720 | -H-- | M] () -- C:\IPH.PH
[2011/08/02 07:57:26 | 4255,502,336 | -HS- | M] () -- C:\pagefile.sys
[2011/07/23 12:16:06 | 000,063,326 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_23.07.2011_12.15.20_log.txt
[2011/07/26 22:29:23 | 000,148,208 | ---- | M] () -- C:\wubildr
[2011/07/26 22:29:23 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime / >
Invalid Switch:


========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 8/2/2011 5:09:41 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Marcus\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 59.87% Memory free
7.92 Gb Paging File | 6.30 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 180.72 Gb Free Space | 60.63% Space Free | Partition Type: NTFS

Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java™ 6 Update 26 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java™ SE Development Kit 6 Update 26 (64-bit)
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 26
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"avast" = avast! Free Antivirus
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Notepad++" = Notepad++
"Songbird-release-1959" = Songbird 1.9.3 (Build 1959)
"TurboTax 2010" = TurboTax 2010
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.10
"Wubi" = Ubuntu
"wxPython2.8-unicode-py27_is1" = wxPython 2.8.12.0 (unicode) for Python 2.7
"Xfire" = Xfire (remove only)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2011 1:00:00 AM | Computer Name = Marcus-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/31/2011 1:00:21 PM | Computer Name = Marcus-PC | Source = Application Hang | ID = 1002
Description = The program songbird.exe version 1.9.2.3993 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e94 Start
Time: 01cc4f9847678880 Termination Time: 27 Application Path: C:\Program Files (x86)\Songbird\songbird.exe

Report
Id: 8bcc3c79-bb96-11e0-8619-a4badb9779a6

Error - 7/31/2011 5:00:01 PM | Computer Name = Marcus-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/1/2011 3:37:35 AM | Computer Name = Marcus-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/1/2011 3:37:49 AM | Computer Name = Marcus-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/1/2011 3:38:22 AM | Computer Name = Marcus-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/1/2011 12:00:01 PM | Computer Name = Marcus-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/2/2011 7:58:12 AM | Computer Name = Marcus-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/2/2011 8:43:39 AM | Computer Name = Marcus-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/2/2011 2:47:50 PM | Computer Name = Marcus-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 7/26/2011 9:16:06 PM | Computer Name = Marcus-PC | Source = bowser | ID = 8003
Description =

Error - 7/27/2011 1:46:33 PM | Computer Name = Marcus-PC | Source = bowser | ID = 8003
Description =

Error - 7/27/2011 9:02:40 PM | Computer Name = Marcus-PC | Source = bowser | ID = 8003
Description =

Error - 7/27/2011 11:58:16 PM | Computer Name = Marcus-PC | Source = bowser | ID = 8003
Description =

Error - 7/28/2011 8:38:43 AM | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 7/28/2011 5:19:11 PM | Computer Name = Marcus-PC | Source = bowser | ID = 8003
Description =

Error - 7/28/2011 7:10:53 PM | Computer Name = Marcus-PC | Source = bowser | ID = 8003
Description =

Error - 7/29/2011 1:59:30 PM | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/2/2011 7:57:38 AM | Computer Name = Marcus-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:05:06 AM on ?8/?2/?2011 was unexpected.

Error - 8/2/2011 3:28:56 PM | Computer Name = Marcus-PC | Source = bowser | ID = 8003
Description =


< End of report >

#7 mjmj824

mjmj824
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 02 August 2011 - 04:28 PM

Malware said nothing was detected

#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:37 AM

Posted 03 August 2011 - 05:05 PM

Hi again mjmj824!!.. :)

I still see two antivirus programs installed and running on Startup; this doesn't really give an extra protection, I would expect conflicts and a serious system slowdown:
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)

Also, I'm not sure what to think of these files:
C:\Users\Marcus\Documents\WIN_7_HOMEPREMIUM.MDS
C:\Users\Marcus\Documents\WIN_7_HOMEPREMIUM.ISO

If these are pirated copies of Windows, I suggest deleting them as soon as possible... Using pirated software, cracks or keygens is a common source of computer infections!!..

Please do the following:
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
    [2011/07/22 12:42:11 | 000,066,048 | RHS- | C] () -- C:\Windows\SysWow64\KBDTAJIK7.dll
    [2011/07/22 12:42:11 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\SGIV.job
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

After a reboot,
Right click this folder: c:\_OTL and choose: "Send to" --> "Compressed (zipped) Folder".
Upload that zipped folder for analysis: go to this site, click on Browse, and choose the zipped file, click Upload. Allow the file to be uploaded - wait till: The file has been uploaded! appears.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 mjmj824

mjmj824
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 03 August 2011 - 05:21 PM

Thought I got rid of the extra program. But that is corrected now.

The iso file is legal and clean. Was used to install windows on a netbook.

I just uploaded the file

#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:37 AM

Posted 03 August 2011 - 05:38 PM

Hi again mjmj824!!.. :)

Thanks for the upload, the detection will be added to MBAM... :thumbup2:

The iso file is legal and clean. Was used to install windows on a netbook.

Ok, good... :)

Good, the file responsible for redirects was deleted, so it should be ok now... Please confirm...
Please run the following scans to make sure nothing else is hiding:

Firstly,
Delete your current copy of TDSSKiller (there is a new version available)...
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 mjmj824

mjmj824
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 03 August 2011 - 09:31 PM

Both say nothing is found. Not sure if it has anything to do with the situation. But the problem only happens time to time. Right now it is not happening so the program may not be active

#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:37 AM

Posted 04 August 2011 - 04:36 AM

Hi again mjmj824!!.. :)

But the problem only happens time to time. Right now it is not happening so the program may not be active

Ok, monitor the situation - let me know in the next 1 to 2 days if any problem still remains... If everything is fine, I'll just give you a final set of instructions...

In the meantime, an outdated program (with security vulnerabilities) on your machine has to be updated:

- Java

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ 6 Update 26 (64-bit)
Java™ 6 Update 22
Java™ 6 Update 26


I suppose you develop or used to develop some Java applets/applications, so you may want to upgrade the JDK version to ver. 7 or stay with ver. 6u26 for now... If you decide to upgrade, please uninstall this product and install the newest version afterwards:
Java™ SE Development Kit 6 Update 26 (64-bit)

Then,
  • Download the latest version of Java Runtime Environment (JRE) 7.
  • Scroll down to where it says Java Platform, Standard Edition / "Java SE 7".
  • Click the Download button under "JRE".
  • In the Window that opens, check the box that says: "Accept License Agreement".
  • Click on the link: jre-7-windows-i586.exe to download an offline installer for Windows x86. Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your Desktop double-click on the file that you've downloaded to install the newest version.

If you run Java applets on 64bit browsers, you'll need a 64bit Java as well - download and install jre-7-windows-x64.exe separately...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:37 AM

Posted 12 August 2011 - 03:59 PM

Still with us mjmj824??

Ok, monitor the situation - let me know in the next 1 to 2 days if any problem still remains... If everything is fine, I'll just give you a final set of instructions...


c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:37 AM

Posted 15 August 2011 - 05:09 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users