Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system keeps on pausing


  • This topic is locked This topic is locked
19 replies to this topic

#1 Blerdus

Blerdus

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 25 September 2011 - 04:31 AM

hi. its been a while since iv last visited bleeping computer but unfortunatley iv developed a porb i cant fix.
not to sure if this is the right place to post, i initialy thought it was a virus but now i think its a dodgey pice of software.

iv been browsing the forums and found a post that has a similar description/problem
http://www.bleepingcomputer.com/forums/topic338519.html/page__p__1879948__hl__pausing+windows__fromsearch__1#entry1879948
so i thought i should post me self and get further instructions

so. iv ran malwarebytes and superantispyware. only cookies found. iv ran ccleaner. which i feel has made a minor improvement to my system performance. iv even trawled through my registry to see if i could find old programs i faild to uninstall properly but i think ccleaner got most of those entries.

at one point i thought it was my subversion(tortois svn) constantly indexing my drive but iv managed to get it to only work on the folders i tell it to. i also thought it was constantly trying to contact its repo but the server logs show otherwise.

i have also noticed that malwarebytes, when running, blocks my system from accessing an ip address. i have no idea what is trying to do this. i have tried to find out with firewall progs and netstat but cant see the activity.(i wont post the ip unless requested. that could prove to be unfair to the computer on the other end, even if its not a friendly one)

i see on the other post an rsit log was requested. ill add one here just to help things allong.

many thanks
steve

Logfile of random's system information tool 1.09 (written by random/random)
Run by Blerd at 2011-09-25 10:27:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 109 GB (23%) free of 477 GB
Total RAM: 2047 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:27:07, on 25/09/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Blerd\Desktop\RSIT.exe
C:\Program Files\trend micro\Blerd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.preto.me
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9549 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5EF9AE7A-F37D-4F2A-A3B4-C06234564E9D}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Blerd\Application Data\Mozilla\Firefox\Profiles\iwe5hv1r.default

prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT2645238&SearchSource=13"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, jqs@sun.com:1.0, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:2.7.2.0, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0]
"Description"=BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers
"Path"=C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsIEROnlinePlugin.xpt
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npqtplugin8.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
amazon-en-GB.xml
answers.xml
chambers-en-GB.xml
creativecommons.xml
eBay-en-GB.xml
google.xml
wikipedia.xml
yahoo-en-GB.xml

C:\Documents and Settings\Blerd\Application Data\Mozilla\Firefox\Profiles\iwe5hv1r.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Documents and Settings\Blerd\Application Data\Mozilla\Firefox\Profiles\iwe5hv1r.default\searchplugins\
conduit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-11 3821568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2011-07-05 421888]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2010-03-18 19456]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-07-19 421736]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"RIMBBLaunchAgent.exe"=C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-02-18 79192]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-11-08 328568]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-07-29 17361032]
""= []
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-08-04 966712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=0x5F000000
"NoDrives"=0
""=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Senstic\PocketControl\SensticPocketServiceWin.exe"="C:\Program Files\Senstic\PocketControl\SensticPocketServiceWin.exe:*:Enabled:SensticPocketServiceWin.exe"
"C:\Program Files\Steam\steamapps\blerd\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\blerd\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe"="C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software"
"C:\Program Files\Steam\steamapps\common\alpha prime\AlphaPrime.exe"="C:\Program Files\Steam\steamapps\common\alpha prime\AlphaPrime.exe:*:Enabled:Alpha Prime"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Senstic\PocketControl\SensticPocketServiceWin.exe"="C:\Program Files\Senstic\PocketControl\SensticPocketServiceWin.exe:*:Enabled:SensticPocketServiceWin.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"midi4"=wdmaud.drv
"wave4"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer4"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll

======List of files/folders created in the last 1 month======

2011-09-25 09:36:20 ----D---- C:\rsit
2011-09-20 21:18:25 ----D---- C:\WINDOWS\Internet Logs
2011-09-19 23:47:53 ----D---- C:\Program Files\CCleaner
2011-09-19 19:14:37 ----D---- C:\Program Files\VirtualDJ
2011-09-18 21:59:13 ----D---- C:\Program Files\Kaspersky Lab
2011-09-18 20:19:35 ----D---- C:\Documents and Settings\Blerd\Application Data\CheckPoint
2011-09-18 20:18:53 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2011-09-18 20:18:37 ----D---- C:\Program Files\CheckPoint
2011-09-18 20:18:35 ----AH---- C:\WINDOWS\system32\zllictbl.dat
2011-09-18 19:34:18 ----A---- C:\WINDOWS\iun6002.exe
2011-09-18 19:34:16 ----D---- C:\Program Files\Look@LAN
2011-09-18 12:32:45 ----D---- C:\Documents and Settings\Blerd\Application Data\poclbm
2011-09-17 14:31:41 ----D---- C:\Python27
2011-09-16 00:29:16 ----D---- C:\Documents and Settings\Blerd\Application Data\Bitcoin
2011-09-16 00:24:07 ----D---- C:\Program Files\Bitcoin
2011-09-05 22:43:02 ----D---- C:\Program Files\Digiarty
2011-09-05 13:29:07 ----D---- C:\Documents and Settings\Blerd\Application Data\Blackberry Desktop
2011-09-05 12:36:29 ----D---- C:\Documents and Settings\Blerd\Application Data\Research In Motion
2011-09-05 12:35:18 ----D---- C:\Documents and Settings\All Users\Application Data\Research In Motion
2011-09-05 12:07:05 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2011-09-05 12:05:40 ----HDC---- C:\WINDOWS\$NtUninstallWudf01009$
2011-09-05 11:58:02 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2011-09-05 11:57:54 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2011-09-05 11:56:55 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2011-09-05 11:56:54 ----D---- C:\Documents and Settings\Blerd\Application Data\PC Suite
2011-09-05 11:55:13 ----D---- C:\Program Files\Common Files\Nokia
2011-09-05 11:54:46 ----D---- C:\Program Files\DIFX
2011-09-05 11:54:45 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2011-09-05 11:54:34 ----D---- C:\Program Files\PC Connectivity Solution
2011-09-05 11:54:20 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2011-09-05 11:54:19 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2011-09-05 11:54:18 ----A---- C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011-09-05 11:54:16 ----A---- C:\WINDOWS\system32\WdfCoInstaller01009.dll
2011-09-05 11:54:16 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2011-09-05 11:54:16 ----A---- C:\WINDOWS\system32\drivers\ccdcmb.sys
2011-09-05 11:54:16 ----A---- C:\WINDOWS\system32\ccdcmbwu.dll
2011-09-05 11:53:03 ----D---- C:\Program Files\Nokia
2011-09-05 11:53:03 ----D---- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
2011-09-05 11:47:54 ----A---- C:\WINDOWS\system32\drivers\usbser.sys

======List of files/folders modified in the last 1 month======

2011-09-25 10:27:02 ----D---- C:\Program Files\Trend Micro
2011-09-25 10:03:08 ----D---- C:\Documents and Settings\Blerd\Application Data\uTorrent
2011-09-25 10:02:38 ----D---- C:\WINDOWS\Prefetch
2011-09-25 10:02:16 ----D---- C:\WINDOWS\Temp
2011-09-25 10:02:12 ----D---- C:\Documents and Settings\Blerd\Application Data\nView_Wallpaper
2011-09-25 10:01:41 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-25 09:45:00 ----D---- C:\Documents and Settings\Blerd\Application Data\Skype
2011-09-25 09:41:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-23 16:30:21 ----D---- C:\Program Files\Steam
2011-09-22 18:25:00 ----D---- C:\My Stuff
2011-09-22 00:13:34 ----D---- C:\WINDOWS\Registration
2011-09-20 21:23:16 ----SHD---- C:\WINDOWS\Installer
2011-09-20 21:23:16 ----D---- C:\Config.Msi
2011-09-20 21:22:10 ----D---- C:\WINDOWS\system32
2011-09-20 21:18:25 ----D---- C:\WINDOWS
2011-09-20 21:16:38 ----RD---- C:\Program Files
2011-09-20 00:07:13 ----D---- C:\Documents and Settings\Blerd\Application Data\DAEMON Tools Lite
2011-09-20 00:07:12 ----D---- C:\Documents and Settings\Blerd\Application Data\Media Player Classic
2011-09-20 00:06:21 ----D---- C:\WINDOWS\Logs
2011-09-20 00:06:20 ----D---- C:\WINDOWS\Minidump
2011-09-20 00:06:20 ----D---- C:\WINDOWS\Debug
2011-09-19 19:14:39 ----RSD---- C:\WINDOWS\Fonts
2011-09-18 22:38:43 ----D---- C:\WINDOWS\system32\drivers
2011-09-18 21:06:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-18 20:23:25 ----D---- C:\WINDOWS\srchasst
2011-09-18 18:29:49 ----D---- C:\Program Files\WinISO
2011-09-18 16:28:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-09-18 12:34:41 ----D---- C:\Program Files\SUPERAntiSpyware
2011-09-17 22:28:24 ----D---- C:\Documents and Settings\Blerd\Application Data\.minecraft
2011-09-05 13:09:43 ----HD---- C:\WINDOWS\inf
2011-09-05 12:36:01 ----D---- C:\WINDOWS\system32\CatRoot
2011-09-05 12:35:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-09-05 12:35:14 ----D---- C:\Program Files\Common Files\Research In Motion
2011-09-05 12:05:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-09-05 12:05:34 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-09-05 12:04:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-09-05 11:55:58 ----D---- C:\WINDOWS\WinSxS
2011-09-05 11:55:13 ----D---- C:\Program Files\Common Files
2011-09-05 11:54:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-09-01 19:23:16 ----D---- C:\WINDOWS\network diagnostic
2011-08-31 05:41:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-08-30 14:31:06 ----D---- C:\Program Files\mIRC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\System32\drivers\sfsync04.sys [2005-12-12 49664]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-14 691696]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\System32\DRIVERS\uagp35.sys [2008-04-13 44672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\Program Files\vcd\VCdRom.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avshws;Senstic PocketCam; C:\WINDOWS\system32\DRIVERS\camsource.sys [2010-07-05 29000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160]
R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver; C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-17 128000]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S1 sensorsview;sensorsview; \??\C:\Program Files\SensorsViewPro41\drv\sensorsview32.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-13 31744]
S3 ab7w7m8o;ab7w7m8o; C:\WINDOWS\system32\drivers\ab7w7m8o.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Blerd\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL []
S3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2010-03-18 99416]
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2010-03-18 99416]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL []
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2010-03-18 511064]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2010-03-18 528472]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL []
S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2010-03-18 555096]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2010-03-18 555096]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2010-03-18 347144]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL []
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL []
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL []
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL []
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL []
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2010-03-18 100952]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2010-03-18 100952]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL []
S3 ctgame;Game Port; C:\WINDOWS\system32\DRIVERS\ctgame.sys [2010-03-18 18904]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL []
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2010-03-18 14424]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL []
S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2010-03-18 566360]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2010-03-18 566360]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2010-03-18 157272]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2010-03-18 92760]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2010-03-18 798808]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2010-03-18 162904]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2010-03-18 189528]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 NVIDIAHWAccess;NVIDIAHWAccess; \??\C:\Documents and Settings\Blerd\Application Data\NVIDIA\HWAccess.sys []
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2010-03-18 127576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2011-02-16 64000]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Nokia USB Serial Port Driver ; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 XDva281;XDva281; \??\C:\WINDOWS\system32\XDva281.sys []
S3 XDva344;XDva344; \??\C:\WINDOWS\system32\XDva344.sys []
S4 RsFx0103;RsFx0103 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.5\my.ini MySQL []
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-04-06 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-04-06 214488]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-07-19 821096]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-07-12 387944]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SensticPocketService;Senstic Pocket Service; C:\Program Files\Senstic\PocketControl\SensticPocketServiceWin.exe [2010-07-08 62584]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 30 September 2011 - 04:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420385 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:32 AM

Posted 01 October 2011 - 05:48 PM

Greetings Blerdus and Welcome to the forums,

I'd prefer to see the following logs:
Disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. Next, please download the free utility DDS from any of these locations...Here, Here...or Here.
Note - Some infections may prevent certain executable files from running on your computer. If one of these download locations results in a failed run of the utility, please try the next location until you find one that will work on your machine
Double click dds.scr to run the tool
  • When it completes, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Next, Download GMER from the following location and save it to your desktop.

GMER Download Link 1
GMER Download Link 2 (Only use if the previous link does not work)

  • Right-click on the gmer.zip icon and select the Extract all... menu option. You should now see the gmer folder.
  • Open the folder and double-click on the gmer.exe icon. Please "ok" any prompts to allow the program to start.
  • You should now see the main GMER window. If you receive a warning about rootkit activity asking if you want to run a full scan, please click on the NO button.
  • We now need to configure GMER to prevent some features from being used during the scan. Please uncheck the following settings (we do NOT want to see these in our scan):
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All <<Important. Don't miss this one
  • Now that you have removed the check marks from the boxes for those items listed above, please click the Scan button.
    This scan may take quite some time, so please be patient. When it has finished, you will be back at the main screen.
  • Please click on the Save... button and save the report to your desktop. Please name the saved file ark.txt
  • Please do not act on any of the information in this report. Many legitimate programs could be listed there.
  • Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.

Please remember to include the following logs in your next reply.
  • DDS.txt
  • Attach.txt
  • ARK.txt

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#4 Blerdus

Blerdus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 03 October 2011 - 09:30 PM

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Blerd at 22:27:57 on 2011-10-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.18 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CTHelper] CTHELPER.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
mPolicies-explorer: <NO NAME> =
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: preto.me
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1BF9342E-AB81-4BF0-8CED-FC88E507E55A} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{33C5AD91-FC01-49C4-9CDB-5E3950E5BEE3} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7B9E607C-853D-4912-920D-2BA8E323D0EF} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\blerd\application data\mozilla\firefox\profiles\iwe5hv1r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13
FF - component: c:\documents and settings\blerd\application data\mozilla\firefox\profiles\iwe5hv1r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\blerd\application data\mozilla\firefox\profiles\iwe5hv1r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\vcd\VCdRom.sys [2001-12-19 8576]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-9-28 21992]
R3 avshws;Senstic PocketCam;c:\windows\system32\drivers\camsource.sys [2010-7-5 29000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-8 22216]
R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;c:\windows\system32\drivers\n100325.sys [2009-4-12 128000]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 sensorsview;sensorsview;\??\c:\program files\sensorsviewpro41\drv\sensorsview32.sys --> c:\program files\sensorsviewpro41\drv\sensorsview32.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys --> c:\windows\system32\drivers\ctgame.sys [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\blerd\application data\nvidia\hwaccess.sys --> c:\documents and settings\blerd\application data\nvidia\HWAccess.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\xdva344.sys --> c:\windows\system32\XDva344.sys [?]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
.
=============== Created Last 30 ================
.
2011-09-28 20:25:04 2944 ----a-w- c:\windows\system32\mbmiodrvr.sys
2011-09-28 20:25:02 -------- d-----w- c:\program files\Motherboard Monitor 5
2011-09-28 19:59:32 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-09-28 19:59:31 -------- d-----w- c:\program files\CPUID
2011-09-27 17:36:53 208896 ----a-w- c:\windows\system32\nvudisp.exe
2011-09-27 17:36:37 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-09-27 17:36:19 -------- d-----w- C:\NVIDIA
2011-09-27 15:35:26 4527488 ----a-w- c:\windows\system32\nv4_disp.dll
2011-09-27 15:35:26 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2011-09-27 12:33:24 3994624 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2011-09-27 12:33:24 3994624 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-09-27 12:30:06 -------- d-----w- c:\program files\Driver Sweeper
2011-09-20 20:18:25 -------- d-----w- c:\windows\Internet Logs
2011-09-19 22:47:53 -------- d-----w- c:\program files\CCleaner
2011-09-19 18:14:37 -------- d-----w- c:\program files\VirtualDJ
2011-09-18 20:59:13 -------- d-----w- c:\program files\Kaspersky Lab
2011-09-18 19:19:35 -------- d-----w- c:\documents and settings\blerd\application data\CheckPoint
2011-09-18 19:18:53 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-09-18 19:18:37 -------- d-----w- c:\program files\CheckPoint
2011-09-18 18:34:18 720896 ----a-w- c:\windows\iun6002.exe
2011-09-18 18:34:16 -------- d-----w- c:\program files\Look@LAN
2011-09-18 11:32:45 -------- d-----w- c:\documents and settings\blerd\application data\poclbm
2011-09-17 13:42:33 -------- d-----w- c:\documents and settings\blerd\.idlerc
2011-09-17 13:31:41 -------- d-----w- C:\Python27
2011-09-15 23:29:16 -------- d-----w- c:\documents and settings\blerd\application data\Bitcoin
2011-09-15 23:24:07 -------- d-----w- c:\program files\Bitcoin
2011-09-05 21:43:02 -------- d-----w- c:\program files\Digiarty
2011-09-05 12:29:07 -------- d-----w- c:\documents and settings\blerd\application data\Blackberry Desktop
2011-09-05 12:09:28 53248 ----a-r- c:\documents and settings\blerd\application data\microsoft\installer\{12baa98c-f8dd-4bc9-bbe6-1c8463114197}\ARPPRODUCTICON.exe
2011-09-05 12:07:45 -------- d-----w- c:\documents and settings\blerd\local settings\application data\Downloaded Installations
2011-09-05 11:36:29 -------- d-----w- c:\documents and settings\blerd\application data\Research In Motion
2011-09-05 11:35:18 -------- d-----w- c:\documents and settings\all users\application data\Research In Motion
2011-09-05 11:07:05 -------- d-----w- c:\documents and settings\all users\application data\Nokia
2011-09-05 11:07:00 -------- d-----w- c:\documents and settings\blerd\local settings\application data\NokiaAccount
2011-09-05 10:58:02 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-09-05 10:57:01 -------- d-----w- c:\documents and settings\blerd\local settings\application data\Nokia
2011-09-05 10:55:13 -------- d-----w- c:\program files\common files\Nokia
2011-09-05 10:54:45 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-09-05 10:54:34 -------- d-----w- c:\program files\PC Connectivity Solution
2011-09-05 10:54:20 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-09-05 10:54:19 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-09-05 10:54:18 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-09-05 10:54:16 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-09-05 10:54:16 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-09-05 10:54:16 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-09-05 10:54:16 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-09-05 10:53:03 -------- d-----w- c:\program files\Nokia
2011-09-05 10:53:03 -------- d-----w- c:\documents and settings\all users\application data\NokiaInstallerCache
2011-09-05 10:47:54 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-09-05 10:47:54 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
.
==================== Find3M ====================
.
2011-09-01 17:19:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-12 10:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-05 17:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 17:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 22:30:22.40 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume5
Install Date: 23/10/2009 00:16:10
System Uptime: 02/10/2011 18:32:14 (4 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | P4C800
Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 2998/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 106.028 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 141 GiB total, 17.447 GiB free.
M: is Removable
Z: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6120 classic
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6120 classic
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP617: 20/08/2011 20:40:31 - System Checkpoint
RP618: 22/08/2011 01:41:13 - System Checkpoint
RP619: 24/08/2011 17:52:38 - System Checkpoint
RP620: 25/08/2011 18:22:29 - System Checkpoint
RP621: 26/08/2011 18:55:48 - System Checkpoint
RP622: 27/08/2011 19:39:30 - System Checkpoint
RP623: 28/08/2011 20:13:50 - System Checkpoint
RP624: 29/08/2011 23:42:57 - System Checkpoint
RP625: 31/08/2011 09:00:10 - System Checkpoint
RP626: 01/09/2011 14:44:45 - System Checkpoint
RP627: 04/09/2011 17:16:36 - System Checkpoint
RP628: 05/09/2011 11:58:02 - Installed Windows XP Wdf01009.
RP629: 05/09/2011 12:05:48 - Installed Windows XP Wudf01009.
RP630: 05/09/2011 12:25:09 - Unsigned driver install
RP631: 05/09/2011 13:09:10 - Installed BlackBerry Device Software Updater.
RP632: 06/09/2011 17:26:26 - System Checkpoint
RP633: 07/09/2011 23:40:26 - System Checkpoint
RP634: 12/09/2011 00:59:21 - System Checkpoint
RP635: 13/09/2011 09:26:44 - System Checkpoint
RP636: 14/09/2011 12:12:54 - System Checkpoint
RP637: 15/09/2011 21:50:41 - Installed AnkhSVN 2.1.10129.17
RP638: 17/09/2011 14:26:32 - Installed Python 2.7.2
RP639: 19/09/2011 19:14:33 - Installed VirtualDJ PRO Full
RP640: 20/09/2011 00:10:00 - Removed 3DVIA player 5.0
RP641: 20/09/2011 00:10:22 - Removed AnkhSVN 2.1.10129.17
RP642: 21/09/2011 10:37:50 - System Checkpoint
RP643: 22/09/2011 13:26:48 - System Checkpoint
RP644: 23/09/2011 13:37:39 - System Checkpoint
RP645: 25/09/2011 11:54:52 - System Checkpoint
RP646: 26/09/2011 16:20:24 - System Checkpoint
RP647: 27/09/2011 13:36:58 - Removed NVIDIA PhysX
RP648: 27/09/2011 22:42:49 - Software Distribution Service 3.0
RP649: 29/09/2011 08:20:17 - System Checkpoint
RP650: 30/09/2011 09:22:58 - System Checkpoint
RP651: 01/10/2011 11:24:32 - System Checkpoint
RP652: 02/10/2011 11:39:54 - System Checkpoint
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.65
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Alpha Prime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AVI DVD Burner v5.4.0.81
AVS Audio Converter version 6.3
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
BBC iPlayer Desktop
Big Fish Games: Game Manager
Bitcoin
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Blender (remove only)
Bonjour
Bonjour Print Services
Broken Sword: Shadow of the Templar's Directors Cut
CCleaner
Click to Call with Skype
CoreAVC Professional Edition (remove only)
Counter-Strike: Source
CPUID CPU-Z 1.58
Dark Parables: Curse of Briar Rose
Driver Sweeper version 3.2.0
Fiesta
Grass
Grove
Haali Media Splitter
Harry Potter TM
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
iPhone Configuration Utility
iPhoneBrowser
iTunes
iWebcamera
Java Auto Updater
Java™ 6 Update 26
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft MSDN 2005 Express Edition - ENU
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C# 2005 Express Edition - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft XNA Framework Redistributable 3.1
mIRC
MobileMe Control Panel
Motherboard Monitor 5
Mozilla Firefox (3.6.3)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 6.0 Parser
Mumble and Murmur
MySQL Connector/ODBC 3.51
MySQL Server 5.5
Neverwinter Nights
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
NVIDIA Drivers
OpenAL
Ovi Desktop Sync Engine
OviMPlatform
Paint Shop Pro 5.0 Evaluation
Pando Media Booster
PC Connectivity Solution
Plants vs. Zombies
PocketControl
Pond Small
Portal
Principles of Shading
PunkBuster Services
Python 2.7.2
Quake Live Internet Explorer Plugin
QuickTime
Safari
Security Task Manager 1.6
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Service Pack 1 for SQL Server 2008 (KB968369)
Skype™ 5.5
SoundMAX
Sql Server Customer Experience Improvement Program
Steam
SUPERAntiSpyware
The KMPlayer (remove only)
Titan Quest
TortoiseSVN 1.6.11.20210 (32 bit)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb976884)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VirtualDJ PRO Full
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 0.9.8a
WebFldrs XP
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinISO 5.3
WinRAR archiver
WinSCP 4.2.9
WinX Free AVI to iPhone Converter 3.0.11
Xiph QuickTime Components
.
==== Event Viewer Messages From Past Week ========
.
30/09/2011 13:39:19, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd sensorsview
28/09/2011 21:27:54, error: PlugPlayManager [11] - The device Root\LEGACY_SPEEDFAN\0000 disappeared from the system without first being prepared for removal.
28/09/2011 11:52:20, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
02/10/2011 18:39:16, error: System Error [1003] - Error code 100000d1, parameter1 00050040, parameter2 00000002, parameter3 00000000, parameter4 f76ffaf2.
02/10/2011 17:39:38, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort3.
01/10/2011 21:35:15, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SHER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7B9E607C-853D-4912-9. The master browser is stopping or an election is being forced.
01/10/2011 00:27:14, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
.
==== End Of File ===========================

ARK.txt

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-03 15:47:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 Hitachi_HDP725050GLA380 rev.GM4OA52A
Running: gmer.exe; Driver: C:\DOCUME~1\Blerd\LOCALS~1\Temp\pxldqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.sfreloc’’’’sfsync04unknown last section [0xF7742000, 0xBC8, 0x40000040] C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF7742000, 0xBC8, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF71A0360, 0x24BB1D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1272] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\00000089 sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\0000008b sfsync04.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x02 0x64 0x10 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA8 0x06 0x97 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x7C 0xD6 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB8 0xF8 0x03 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x02 0x64 0x10 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA8 0x06 0x97 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x7C 0xD6 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB8 0xF8 0x03 0x2B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{D71A8318-1BB3-E684-A72E-3359BEA016F9}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{D71A8318-1BB3-E684-A72E-3359BEA016F9}\InProcServer32@jaelemliamkdeonaipan 0x6A 0x61 0x67 0x6F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{D71A8318-1BB3-E684-A72E-3359BEA016F9}\InProcServer32@iaelkljpihejiaefoj 0x69 0x61 0x67 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E29D180F-7072-26DD-04CE-771054A73BE9}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E29D180F-7072-26DD-04CE-771054A73BE9}@iaibpfleoimjkabijd 0x69 0x61 0x65 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E29D180F-7072-26DD-04CE-771054A73BE9}@hacpjjpnnojjjelh 0x6A 0x61 0x65 0x65 ...

---- EOF - GMER 1.0.15 ----



#5 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:32 AM

Posted 04 October 2011 - 07:10 AM

Please tell us, did you install the program "Bitcoin" and if so, tell us what you use it for and if you are aware of the security risk(s) involved with it (as well as the legal ramifications). Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#6 Blerdus

Blerdus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 04 October 2011 - 11:34 AM

i did install bitcoin. and a miner. my bro said i should have a look at it but i found my system way way way tooooo slow to even warrent running it in the background. thought id uninstalled it. obvoiusly not.. i was not aware of any security issues with this software. :(

#7 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:32 AM

Posted 04 October 2011 - 05:04 PM

OK, you can read This Article and decide for yourself as to the security risk involved. Please uninstall uTorrent. Post back to let us know you are ready to proceed. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#8 Blerdus

Blerdus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 05 October 2011 - 07:54 AM

ok ready to proceed. uninstalled bitcoins and a few other progs i dont think i needed. there are still progs in add/remove that i cant get rid of but hey, lets go.

#9 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:32 AM

Posted 05 October 2011 - 08:31 AM

Next, please temporarily disable your on board protective programs as detailed Here. Carefully read through that entire thread to make certain any and all programs YOU have on board are disabled.

Next:
It is extremely important that you DO NOT close this program until or unless you are directed to do so. Once the program is closed, it will automatically uninstall itself taking with it anything that was removed and the related report.

Please read through this instruction thoroughly before you begin. Save these instructions in a notepad file, or print them out if necessary so you can refer to them should something go wrong for you during your attempt to carry out these steps. If you have any questions, please ask first before you attempt anything at all.

Please download the AVP removal tool to the desktop and double-click the executable to install it. Select your language preference, accept the agreement and click the Start button. You should see something like this:
Posted Image
...click the settings button...it's the small "Gear" icon just to the right of the large yellow button. Make sure the following boxes are checked:
System memory
Hidden startup objects
Disk boot sectors
Computer


...Next, click the Actions link and click the bullet item labeled "Select action". Disinfect and Delete if disinfection fails should already be checked by default...then return to the Automatic Scan tab and click the Start scanning button.

If you happen to receive a pop up during the scan which reads "File C:\whatever...is password protected, you can safely ignore them. The program will find it's own password protected files and report these during the scan. If there is a genuine malicious file that is password protected, we will deal with it manually later.

The scan will begin and you will see a progress bar and scanned objects counter. When the scan completes, the progress bar will disappear. Click the "Reports" tab icon to the far right, just under the large yellow button. Click on the "Automatic scan report" link, then click the save button. Save the report to your desktop as Scan 1. The report will be saved as a text file. That file is going to be very large...too large to post the entire thing.

What I need you to do at this point, is to open that log in "Notepad", then click Edit from the menu at the top and select "Find". Using that Find search function, use these as search terms:
Disinfected
Cleared of viruses
Detected


Now...you'll need to search for those terms in that log, one at a time. Having selected the "Edit-->Find" function in Notepad, in the Find what search box, type in the word Disinfected then click the Find Next button. The search function will find anything in the text file having the name "Disinfected". Once it presents the findings, copy that individual line item and paste it into another blank notepad, then continue searching by clicking the Find Next button. Do this in like manner, for each of the search terms identified above. Once you complete the search and copied everything you found into the other blank notepad, save it to your desktop as Edited_AVP_Log.txt.

Next, please return to the AVP scanning utility and click the Manual Disinfection tab. Please click the Start gathering system information button. You'll again see a progress bar while the utility collects the necessary information. When it completes, the progress bar will disappear. Click the "Report sending" tab, then click on the link avptool sysinfo.zip (open the file manager). Attach that zip file here on your next reply along with the contents of the "notepad" file that you saved from the above "First scan" instruction. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#10 Blerdus

Blerdus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 05 October 2011 - 09:23 AM

hi.
just thought id post now because that kaspersky scan takes about 48 hours to run on my sys. i know coz i ran it a few weeks ago. its running now and i will post results in due corse. c u l8r.

steve.

#11 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:32 AM

Posted 05 October 2011 - 12:06 PM

I think you are referring to a kaspersky online scan? If so, this isn't the same thing. This is a different tool and perhaps not configured the same way your 48 hour scan was. By the way, if anything I scanned took 48 hours, I think I'd have purchased something anew and been back online in short of a couple hours. Nothing should take that long to scan. I once worked on a system that had not been defragmented in three years, and that took 11 hours, thinking that was a record. Now I know...yours takes the prize.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#12 Blerdus

Blerdus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 05 October 2011 - 01:32 PM

thats fare enough. i think it was the same tool. this looks quite familiar. so far its up to 34% but it was on 32% an hour ago. been running now for about 4 1/2 so far. it does appear to be quicker, we'll see. 230,000 objects scanned, 500,000 or so to go. was also wondering if its ok to have in excess of 165,000 files on me drive 17,979 folders. im thinking its a bit cluttered.
oh btw, any idea how to get rid of this 'conduit' thing that seems to have overwritten my homepages and search bars. iv looked in add/remove and in tools/addons and there's nothin about it in there, even looked in 'about:config'. the search bar says 'zonealarm security customised web search'. and i cant find anything on that either.
thanks steve

#13 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:32 AM

Posted 05 October 2011 - 02:17 PM

The conduit engine is used by "Ask"...dotcom...and it's actually the ask tool bar that is installed with ZoneAlarm's stuff these days. If you've uninstalled ZoneAlarm, it should have gone with it but might be listed as a separate item. I saw the entry in add/remove for the conduit engine so you might look for that. Otherwise, it could also be part of any one of the other tool bars you've installed. If you are having problems removing it, we will make it go away using a different approach later on during this session.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#14 Blerdus

Blerdus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 05 October 2011 - 03:20 PM

ok thanks. 6 1/2 hours in and still on 34%

#15 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:32 AM

Posted 05 October 2011 - 04:18 PM

With over 400 gigs of files to scan I would imagine it will take quite some time, although 48 hours is still hard to swallow. I can imagine there is also some arguments from StarForce protection technology. You evidently have it from one of the games you have installed. Many users have had performance issues with that software installed. You can read for yourself Here a bit about it and decide if you want to keep it or not.

Regardless, with that size disk and number of files, and considering you had p2p software installed...coupled with the fact that there is no real antivirus protection on board, it may well be worth the wait time.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users