Computer not been right since Windows update

shug99 said:
I'm going to go ahead with Jaycee's instructions. Do you want me to use HijackThis or should i use the OTL program as richy instructed earlier on. Because i noticed that this forum favours OTL since HijackThis was taken over by a different company or something.
Click to expand...

HiJackThis is basically included in OTL, plus lots more. From time to time, after a quick look at your OTL log, we need to ask for another log first, and in this case, Jacee has asked for ComboFix. The OTL log was not wasted, and provides a very firm start, but from here on, can you please do what Jacee asks. I understand your question, and it is not a problem, we just still would like the ComboFix log.

Thanks!
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS 420
    CPU
    Intel Core 2 Quad Q9300 2.50GHz
    Motherboard
    Stock Dell 0TP406
    Memory
    4 gb (DDR2 800) 400MHz
    Graphics card(s)
    ATI Radeon HD 3870 (512 MBytes)
    Sound Card
    Onboard
    Monitor(s) Displays
    1 x Dell 2007FP and 1 x (old) Sonic flat screen
    Screen Resolution
    1600 x 1200 and 1280 x 1204
    Hard Drives
    1 x 640Gb (SATA 300) Western Digital: WDC WD6400AAKS-75A7B0 1 x 1Tb (SATA 600) Western Digital: Caviar Black, SATA 6GB/S, 64Mb cache, 8ms Western Digital: WDC WD1002FAEX-00Z3A0 ATA Device
    PSU
    Stock PSU - 375W
    Case
    Dell XPS 420
    Cooling
    Stock Fan
    Mouse
    Advent Optical ADE-WG01 (colour change light up)
    Keyboard
    Dell Bluetooth
    Internet Speed
    120 kb/s
    Other Info
    ASUS USB 3.0 5Gbps/SATA 6Gbps - PCI-Express Combo Controller Card (U3S6)
Here is the log from combofix:



ComboFix 10-08-19.02 - Sam 20/08/2010 21:59:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1985 [GMT 1:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\st326017.dll
c:\windows\system32\st326162.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-20 21:11 . 2010-08-20 21:11 -------- d-----w- c:\users\TEMP.VP0021706BA0A8\AppData\Local\temp
2010-08-20 21:11 . 2010-08-20 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-19 16:37 . 2010-08-19 16:37 -------- d-----w- c:\program files\ERUNT
2010-08-14 19:42 . 2010-08-14 19:42 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
2010-08-14 19:42 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-14 19:42 . 2010-08-14 19:42 -------- d-----w- c:\programdata\Malwarebytes
2010-08-14 19:42 . 2010-08-14 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 19:42 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-13 21:37 . 2010-08-13 21:37 -------- d-----w- c:\users\Sam\AppData\Roaming\Auslogics
2010-08-13 21:37 . 2010-08-13 21:37 -------- d-----w- c:\program files\Auslogics
2010-08-12 17:25 . 2010-08-12 17:25 -------- d-----w- c:\programdata\IObit
2010-08-12 17:06 . 2010-08-17 19:25 -------- d-----w- c:\programdata\FLEXnet
2010-08-12 16:37 . 2010-08-12 16:37 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-08-12 15:17 . 2010-08-12 15:17 -------- d-----w- c:\users\Sam\AppData\Roaming\Juce VST Host
2010-08-12 10:17 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 10:17 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 10:17 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 21:40 . 2010-08-11 21:40 -------- d-----w- c:\programdata\Research In Motion
2010-08-11 21:34 . 2010-08-11 21:39 102135128 ----a-w- c:\users\Sam\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Extractor.exe
2010-08-08 22:07 . 2010-08-08 22:07 -------- d-----w- c:\users\Sam\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-08-08 22:07 . 2010-08-08 22:07 -------- d-----w- c:\program files\TweetDeck
2010-08-06 11:29 . 2010-08-06 11:29 -------- d-----w- c:\users\Sam\AppData\Roaming\Blackberry Desktop
2010-08-03 20:38 . 2010-08-03 20:38 1821192 ----a-w- c:\users\Sam\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\vcredist_x86.exe
2010-08-03 20:38 . 2010-08-03 20:38 400728 ----a-w- c:\users\Sam\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\BBDesktopInstaller.exe
2010-08-03 20:38 . 2010-08-03 20:38 2959376 ----a-w- c:\users\Sam\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\dotnetfx35setup.exe
2010-08-03 20:38 . 2010-08-03 20:38 128472 ----a-w- c:\users\Sam\AppData\Roaming\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Helper.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 21:12 . 2009-01-26 15:47 -------- d-----w- c:\programdata\Kontiki
2010-08-20 11:16 . 2008-09-05 19:12 -------- d-----w- c:\programdata\Google Updater
2010-08-19 16:24 . 2008-09-05 14:21 7728 ----a-w- c:\users\Sam\AppData\Local\d3d9caps.dat
2010-08-19 15:03 . 2008-09-01 21:46 -------- d-----w- c:\program files\Microsoft Works
2010-08-18 22:58 . 2009-08-31 17:30 -------- d-----w- c:\users\Sam\AppData\Roaming\vlc
2010-08-17 15:25 . 2009-09-20 17:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-15 21:24 . 2009-11-08 19:30 -------- d-----w- c:\users\Sam\AppData\Roaming\FileZilla
2010-08-12 17:06 . 2008-09-04 12:14 86168 ----a-w- c:\users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-12 16:45 . 2008-10-02 16:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-12 12:00 . 2008-09-06 23:39 -------- d-----w- c:\users\Sam\AppData\Roaming\Azureus
2010-08-12 11:53 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-11 22:09 . 2009-11-17 21:33 -------- d-----w- c:\users\Sam\AppData\Roaming\Research In Motion
2010-08-11 21:54 . 2009-11-17 21:29 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-11 21:53 . 2009-11-17 21:48 -------- d-----w- c:\programdata\Roxio
2010-08-11 21:53 . 2008-09-01 21:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-11 21:52 . 2009-11-17 21:29 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-08-11 21:42 . 2009-11-17 21:29 -------- d-----w- c:\program files\Research In Motion
2010-08-04 14:44 . 2008-09-01 21:33 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 14:41 . 2008-09-01 21:33 -------- d-----w- c:\program files\Java
2010-07-20 17:37 . 2010-06-22 11:25 -------- d-----w- c:\program files\iTunes
2010-07-20 17:36 . 2010-07-20 17:36 -------- d-----w- c:\program files\iPod
2010-07-20 17:36 . 2008-09-04 14:13 -------- d-----w- c:\program files\Common Files\Apple
2010-07-20 17:31 . 2010-07-20 17:31 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-17 04:00 . 2010-06-05 18:59 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 16:36 . 2010-07-15 16:36 53248 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{3360D505-B0AA-4284-92DF-F872AF90A448}\ARPPRODUCTICON.exe
2010-07-14 22:16 . 2008-11-08 19:19 -------- d-----w- c:\users\Sam\AppData\Roaming\gtk-2.0
2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-29 17:47 . 2008-11-19 18:07 -------- d-----w- c:\program files\VstPlugins
2010-06-29 17:42 . 2009-05-30 15:53 -------- d-----w- c:\program files\Native Instruments
2010-06-26 06:05 . 2010-08-12 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 10:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 10:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 10:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-25 13:07 . 2008-09-23 08:08 -------- d-----w- c:\program files\Microsoft.NET
2010-06-22 11:20 . 2010-06-22 11:20 -------- d-----w- c:\program files\Bonjour
2010-06-21 13:37 . 2010-08-12 10:18 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 10:18 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 10:18 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 10:18 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-12 10:18 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-12 10:18 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 12:15 . 2008-11-28 15:23 173 ----a-w- c:\users\Sam\AppData\Roaming\Azureus\restart.bat
2010-05-28 00:44 . 2010-05-28 00:43 145 --s-a-w- c:\users\Sam\AppData\Local\178776936.dat
2010-05-28 00:42 . 2010-05-28 00:42 4 ----a-w- c:\users\Sam\AppData\Roaming\ovczpx.dat
2010-05-27 20:08 . 2010-08-12 10:18 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-11 11:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 11:59 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-08-20 11:15 . 2009-12-17 19:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-09-01 21:47 . 2008-09-01 21:47 74 --sh--r- c:\windows\CT4CET.bin
2008-09-02 06:13 . 2008-09-02 06:13 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-05-20 501032]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-20 30192]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]

c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-5-2 1211472]
VPNGuardUI.lnk - c:\program files\opswat\VPNGuard\VPNGuardUI.exe [2007-10-23 98304]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2007-04-23 11:23 1032640 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-16 20:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-06-03 14:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX5000 Series]
2006-09-22 04:01 139264 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX5000 Series (Copy 1)]
2006-09-22 04:01 139264 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-04 16:25 133104 ----atw- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-16 06:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2007-04-23 11:23 1032640 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 10:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
2008-06-13 02:56 4758904 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-27 20:24 1238352 ----a-w- c:\program files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-01 21:42 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-10-06 22:09 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ef,72,af,28,d6,0b,ca,01

R2 gupdate1c9865d669d927e;Google Update Service (gupdate1c9865d669d927e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408]
R2 SIMUL8Parallel;SIMUL8 Parallel Processor;c:\progra~1\SIMUL8\SIMUL8_ParallelSVC.exe [2007-03-29 502272]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-20 30192]
R3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\Drivers\HDJCtrl.sys [2009-05-20 24064]
R3 HDJMidi;Hercules DJ Control MP3 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2009-05-20 122368]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-05 1029456]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-04-14 91797]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-09-06 717296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-05 64160]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-16 81920]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-03-13 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
S3 VPNGuardService;VPNGuardService;c:\program files\OPSWAT\VPNGuard\VPNGuardService.exe [2007-10-23 299008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:11]

2010-08-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-01 15:05]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0ceb245f0d00.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 00:13]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 00:13]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596938837-54953107-2832527327-1000Core.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 16:25]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596938837-54953107-2832527327-1000UA.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 16:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
uInternet Settings,ProxyOverride = <local>;*.local
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Sam\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Sam\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
AddRemove-Free Audio Editor - c:\progra~1\Free Audio Editor\UNWISE.EXE
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Sam\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-20 22:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1596938837-54953107-2832527327-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\Sam\\Desktop\\fm_genie_scout_2009_xe\\FM Genie Scout 2009 XE\\History Points"
"LangDB"=""
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000066
"UniqueID"="B5-A280-E07F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-20 22:16:51
ComboFix-quarantined-files.txt 2010-08-20 21:16

Pre-Run: 101,974,974,464 bytes free
Post-Run: 101,984,174,080 bytes free

- - End Of File - - 52FFD25E82A73F5EC3AD4701E24801C5
 

My Computer

System One

  • Manufacturer/Model
    Dell Studio 17 (1735)
    CPU
    Intel Core Duo 2 T8100 2.1Ghz
    Memory
    3GB
    Graphics card(s)
    ATI Mobility Radeon HD 3650
There are three files I'd like you to scan (one at a time, please).

You may need to un-hide hidden files and folders to browse to each:
Control Panel Home view do the following:
1. Click on the Appearance and Personalization link .
2. Click on Show Hidden Files or Folders.
3. Go to step 5.

5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
6. Remove the checkmark from the checkbox labeled Hide extensions for known file types.
7. Remove the checkmark from the checkbox labeled Hide protected operating system files.
8. Press the Apply button and then the OK button

Scan these files
c:\users\TEMP.VP0021706BA0A8\AppData\Local\temp
c:\users\Sam\AppData\Local\178776936.dat
c:\users\Sam\AppData\Roaming\ovczpx.dat

Upload to VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines! When the results come back, save each log, then copy/paste it back here.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
The first file you have mention is a folder which appears to be empty (i check whether i needed to unhide files etc but the other 2 showed up fine. Because its a folder i wasnt able to upload it for a scan.

here is the log for the second file:


VirSCAN.org Scanned Report :
Scanned time : 2010/08/20 23:59:55 (BST)
Scanner results: Scanners did not find malware!
File Name : 178776936.dat
File Size : 145 byte
File Type : data
MD5 : fa1af300a15f0918937f94f70a95d223
SHA1 : 9f84dcf7d6a1295f640871cc348bb00e3697fbf6
Online report : 178776936.dat MD5:fa1af300a15f0918937f94f70a95d223 - VirSCAN.org Scanners did not find malware!

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.19 20100821061910 2010-08-21 4.96 -
AhnLab V3 2010.08.07.00 2010.08.07 2010-08-07 26.30 -
AntiVir 8.2.4.38 7.10.10.239 2010-08-20 0.27 -
Antiy 2.0.18 20100821.4955373 2010-08-21 0.02 -
Arcavir 2009 201006281601 2010-06-28 0.00 -
Authentium 5.1.1 201008201310 2010-08-20 1.25 -
AVAST! 4.7.4 100820-1 2010-08-20 0.00 -
AVG 8.5.793 271.1.1/3084 2010-08-21 0.23 -
BitDefender 7.90123.6156716 7.33477 2010-08-21 4.43 -
ClamAV 0.96.1 11606 2010-08-20 0.00 -
Comodo 4.0 5799 2010-08-20 8.14 -
CP Secure 1.3.0.5 2010.08.20 2010-08-20 0.01 -
Dr.Web 5.0.2.3300 2010.08.21 2010-08-21 12.38 -
F-Prot 4.4.4.56 20100820 2010-08-20 3.35 -
F-Secure 7.02.73807 2010.08.20.09 2010-08-20 13.56 -
Fortinet 4.1.143 12.265 2010-08-20 0.11 -
GData 21.701/21.273 20100820 2010-08-20 20.17 -
ViRobot 20100820 2010.08.20 2010-08-20 3.19 -
Ikarus T3. 2010.08.20.76564 2010-08-20 5.07 -
JiangMin 13.0.900 2010.08.19 2010-08-19 4.35 -
Kaspersky 5.5.10 2010.08.20 2010-08-20 0.04 -
KingSoft 2009.2.5.15 2010.8.20.18 2010-08-20 1.38 -
McAfee 5400.1158 6080 2010-08-20 19.08 -
Microsoft 1.6103 2010.08.21 2010-08-21 5.50 -
Norman 6.05.11 6.05.00 2010-08-20 10.01 -
Panda 9.05.01 2010.08.16 2010-08-16 6.55 -
Trend Micro 9.120-1004 7.398.15 2010-08-20 0.02 -
Quick Heal 11.00 2010.08.20 2010-08-20 4.78 -
Rising 20.0 22.61.04.04 2010-08-20 1.81 -
Sophos 3.10.0 4.56 2010-08-21 4.13 -
Sunbelt 3.9.2432.2 6763 2010-08-19 40.09 -
Symantec 1.3.0.24 20100820.018 2010-08-20 0.38 -
nProtect 20100820.01 8830232 2010-08-20 40.09 -
The Hacker 6.5.2.1 v00352 2010-08-20 20.08 -
VBA32 3.12.14.0 20100819.1636 2010-08-19 5.45 -
VirusBuster 4.5.11.10 10.127.60/2041928 2010-08-19 2.35 -




This is the last file you mentioned:


VirSCAN.org Scanned Report :
Scanned time : 2010/08/21 00:07:00 (BST)
Scanner results: Scanners did not find malware!
File Name : ovczpx.dat
File Size : 4 byte
File Type : ISO-8859 text, with no line terminators
MD5 : 295f7aeeb63bcf1d09c0f202924370ca
SHA1 : 71ec50ab4d52f3ec9ec43ee36d28e2d051f9df7f
Online report : ovczpx.dat MD5:295f7aeeb63bcf1d09c0f202924370ca - VirSCAN.org Scanners did not find malware!

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.19 20100821061910 2010-08-21 40.09 -
AhnLab V3 2010.08.07.00 2010.08.07 2010-08-07 7.83 -
AntiVir 8.2.4.38 7.10.10.239 2010-08-20 0.27 -
Antiy 2.0.18 20100821.4955373 2010-08-21 0.02 -
Arcavir 2009 201006281601 2010-06-28 0.00 -
Authentium 5.1.1 201008201310 2010-08-20 1.27 -
AVAST! 4.7.4 100820-1 2010-08-20 0.00 -
AVG 8.5.793 271.1.1/3084 2010-08-21 0.23 -
BitDefender 7.90123.6156716 7.33477 2010-08-21 4.44 -
ClamAV 0.96.1 11606 2010-08-20 0.00 -
Comodo 4.0 5799 2010-08-20 40.09 -
CP Secure 1.3.0.5 2010.08.20 2010-08-20 0.01 -
Dr.Web 5.0.2.3300 2010.08.21 2010-08-21 9.01 -
F-Prot 4.4.4.56 20100820 2010-08-20 1.25 -
F-Secure 7.02.73807 2010.08.20.09 2010-08-20 0.07 -
Fortinet 4.1.143 12.265 2010-08-20 31.22 -
GData 21.701/21.273 20100820 2010-08-20 40.09 -
ViRobot 20100820 2010.08.20 2010-08-20 17.33 -
Ikarus T3. 2010.08.20.76564 2010-08-20 4.95 -
JiangMin 13.0.900 2010.08.19 2010-08-19 5.54 -
Kaspersky 5.5.10 2010.08.20 2010-08-20 0.03 -
KingSoft 2009.2.5.15 2010.8.20.18 2010-08-20 40.09 -
McAfee 5400.1158 6080 2010-08-20 18.07 -
Microsoft 1.6103 2010.08.21 2010-08-21 30.38 -
Norman 6.05.11 6.05.00 2010-08-20 8.01 -
Panda 9.05.01 2010.08.16 2010-08-16 18.25 -
Trend Micro 9.120-1004 7.398.15 2010-08-20 0.02 -
Quick Heal 11.00 2010.08.20 2010-08-20 28.40 -
Rising 20.0 22.61.04.04 2010-08-20 0.22 -
Sophos 3.10.0 4.56 2010-08-21 4.17 -
Sunbelt 3.9.2432.2 6763 2010-08-19 16.00 -
Symantec 1.3.0.24 20100820.018 2010-08-20 0.17 -
nProtect 20100820.01 8830232 2010-08-20 40.09 -
The Hacker 6.5.2.1 v00352 2010-08-20 1.58 -
VBA32 3.12.14.0 20100819.1636 2010-08-19 2.97 -
VirusBuster 4.5.11.10 10.127.60/2041928 2010-08-19 2.37 -
 

My Computer

System One

  • Manufacturer/Model
    Dell Studio 17 (1735)
    CPU
    Intel Core Duo 2 T8100 2.1Ghz
    Memory
    3GB
    Graphics card(s)
    ATI Mobility Radeon HD 3650
Okay, now do this...

ComboFix Script
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:
Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:
Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')
Code: 
killAll::
File::
c:\users\Sam\AppData\Local\178776936.dat
c:\users\Sam\AppData\Roaming\ovczpx.dat
 
Folder::
c:\users\TEMP.VP0021706BA0A8\AppData\Local\temp
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')
Save this file to your desktop, Save this as "CFScript"
Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScript.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
    Copy and paste the contents of the log in your next reply
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Here is the latest log after following your instructions:


ComboFix 10-08-19.02 - Sam 21/08/2010 19:52:34.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.2101 [GMT 1:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
Command switches used :: c:\users\Sam\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Sam\AppData\Local\178776936.dat"
"c:\users\Sam\AppData\Roaming\ovczpx.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Sam\AppData\Local\178776936.dat
c:\users\Sam\AppData\Roaming\ovczpx.dat
c:\users\TEMP.VP0021706BA0A8\AppData\Local\temp

.
((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-21 19:04 . 2010-08-21 19:07 -------- d-----w- c:\users\Sam\AppData\Local\temp
2010-08-21 19:04 . 2010-08-21 19:04 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-08-21 19:04 . 2010-08-21 19:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-21 19:04 . 2010-08-21 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-19 16:37 . 2010-08-19 16:37 -------- d-----w- c:\program files\ERUNT
2010-08-14 19:42 . 2010-08-14 19:42 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
2010-08-14 19:42 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-14 19:42 . 2010-08-14 19:42 -------- d-----w- c:\programdata\Malwarebytes
2010-08-14 19:42 . 2010-08-14 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 19:42 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-13 21:37 . 2010-08-13 21:37 -------- d-----w- c:\users\Sam\AppData\Roaming\Auslogics
2010-08-13 21:37 . 2010-08-13 21:37 -------- d-----w- c:\program files\Auslogics
2010-08-12 17:25 . 2010-08-12 17:25 -------- d-----w- c:\programdata\IObit
2010-08-12 17:06 . 2010-08-17 19:25 -------- d-----w- c:\programdata\FLEXnet
2010-08-12 16:37 . 2010-08-12 16:37 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-08-12 15:17 . 2010-08-12 15:17 -------- d-----w- c:\users\Sam\AppData\Roaming\Juce VST Host
2010-08-12 10:17 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 10:17 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 10:17 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 21:40 . 2010-08-11 21:40 -------- d-----w- c:\programdata\Research In Motion
2010-08-08 22:07 . 2010-08-08 22:07 -------- d-----w- c:\users\Sam\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-08-08 22:07 . 2010-08-08 22:07 -------- d-----w- c:\program files\TweetDeck
2010-08-06 11:29 . 2010-08-06 11:29 -------- d-----w- c:\users\Sam\AppData\Roaming\Blackberry Desktop

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 19:09 . 2009-01-26 15:47 -------- d-----w- c:\programdata\Kontiki
2010-08-21 18:22 . 2008-09-05 19:12 -------- d-----w- c:\programdata\Google Updater
2010-08-19 16:24 . 2008-09-05 14:21 7728 ----a-w- c:\users\Sam\AppData\Local\d3d9caps.dat
2010-08-19 15:03 . 2008-09-01 21:46 -------- d-----w- c:\program files\Microsoft Works
2010-08-18 22:58 . 2009-08-31 17:30 -------- d-----w- c:\users\Sam\AppData\Roaming\vlc
2010-08-17 15:25 . 2009-09-20 17:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-15 21:24 . 2009-11-08 19:30 -------- d-----w- c:\users\Sam\AppData\Roaming\FileZilla
2010-08-12 17:06 . 2008-09-04 12:14 86168 ----a-w- c:\users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-12 16:45 . 2008-10-02 16:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-12 12:00 . 2008-09-06 23:39 -------- d-----w- c:\users\Sam\AppData\Roaming\Azureus
2010-08-12 11:53 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-11 22:09 . 2009-11-17 21:33 -------- d-----w- c:\users\Sam\AppData\Roaming\Research In Motion
2010-08-11 21:54 . 2009-11-17 21:29 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-11 21:53 . 2009-11-17 21:48 -------- d-----w- c:\programdata\Roxio
2010-08-11 21:53 . 2008-09-01 21:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-11 21:52 . 2009-11-17 21:29 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-08-11 21:42 . 2009-11-17 21:29 -------- d-----w- c:\program files\Research In Motion
2010-08-04 14:44 . 2008-09-01 21:33 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 14:41 . 2008-09-01 21:33 -------- d-----w- c:\program files\Java
2010-07-20 17:37 . 2010-06-22 11:25 -------- d-----w- c:\program files\iTunes
2010-07-20 17:36 . 2010-07-20 17:36 -------- d-----w- c:\program files\iPod
2010-07-20 17:36 . 2008-09-04 14:13 -------- d-----w- c:\program files\Common Files\Apple
2010-07-17 04:00 . 2010-06-05 18:59 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 22:16 . 2008-11-08 19:19 -------- d-----w- c:\users\Sam\AppData\Roaming\gtk-2.0
2010-06-29 17:47 . 2008-11-19 18:07 -------- d-----w- c:\program files\VstPlugins
2010-06-29 17:42 . 2009-05-30 15:53 -------- d-----w- c:\program files\Native Instruments
2010-06-26 06:05 . 2010-08-12 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 10:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 10:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 10:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-25 13:07 . 2008-09-23 08:08 -------- d-----w- c:\program files\Microsoft.NET
2010-06-21 13:37 . 2010-08-12 10:18 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 10:18 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 10:18 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 10:18 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-12 10:18 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-12 10:18 274944 ----a-w- c:\windows\system32\schannel.dll
2010-05-27 20:08 . 2010-08-12 10:18 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-11 11:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 11:59 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-08-20 11:15 . 2009-12-17 19:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-09-01 21:47 . 2008-09-01 21:47 74 --sh--r- c:\windows\CT4CET.bin
2008-09-02 06:13 . 2008-09-02 06:13 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2009-05-20 501032]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-20 30192]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]

c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-5-2 1211472]
VPNGuardUI.lnk - c:\program files\opswat\VPNGuard\VPNGuardUI.exe [2007-10-23 98304]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2007-04-23 11:23 1032640 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-16 20:58 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-06-03 14:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX5000 Series]
2006-09-22 04:01 139264 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX5000 Series (Copy 1)]
2006-09-22 04:01 139264 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-04 16:25 133104 ----atw- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-16 06:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2007-04-23 11:23 1032640 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 10:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
2008-06-13 02:56 4758904 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-27 20:24 1238352 ----a-w- c:\program files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-01 21:42 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-10-06 22:09 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ef,72,af,28,d6,0b,ca,01

R2 gupdate1c9865d669d927e;Google Update Service (gupdate1c9865d669d927e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408]
R2 SIMUL8Parallel;SIMUL8 Parallel Processor;c:\progra~1\SIMUL8\SIMUL8_ParallelSVC.exe [2007-03-29 502272]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-20 30192]
R3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\Drivers\HDJCtrl.sys [2009-05-20 24064]
R3 HDJMidi;Hercules DJ Control MP3 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2009-05-20 122368]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-05 1029456]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-04-14 91797]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-09-06 717296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-05 64160]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-16 81920]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-03-13 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
S3 VPNGuardService;VPNGuardService;c:\program files\OPSWAT\VPNGuard\VPNGuardService.exe [2007-10-23 299008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:11]

2010-08-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-01 15:05]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0ceb245f0d00.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 00:13]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 00:13]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596938837-54953107-2832527327-1000Core.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 16:25]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1596938837-54953107-2832527327-1000UA.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 16:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
uInternet Settings,ProxyOverride = <local>;*.local
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\0a3jjibc.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Wdf01000.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-21 20:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1596938837-54953107-2832527327-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Sam\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\Sam\\Desktop\\fm_genie_scout_2009_xe\\FM Genie Scout 2009 XE\\History Points"
"LangDB"=""
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000066
"UniqueID"="B5-A280-E07F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Kontiki\KService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-08-21 20:20:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-21 19:20
ComboFix2.txt 2010-08-20 21:16

Pre-Run: 100,562,534,400 bytes free
Post-Run: 100,381,708,288 bytes free

- - End Of File - - F83008A7FBBABA59E03331216A7EB905
 

My Computer

System One

  • Manufacturer/Model
    Dell Studio 17 (1735)
    CPU
    Intel Core Duo 2 T8100 2.1Ghz
    Memory
    3GB
    Graphics card(s)
    ATI Mobility Radeon HD 3650
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u21 allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.

After you have done this, please run an online scan with Kaspersky. (works only
with MS Internet Explorer ).
http://www.kaspersky.com/kos/english/kavwebscan.html
1. click the "Accept" button to
accept the user agreement, install the ActiveX control, and download the
program.
2. When you get the Windows dialog asking if you want to install this
software, click the "Install" button.
3. When the "Update progress" line changes to "Ready" and the
"NEXT ->" button lights up with a
green arrow, click it.
4. Click on the "Scan Settings" button, and in the next window
select the "extended" database, and click Ok.
5. Under "Please select a target to scan:", click My Computer
to start the scan.
6. When the scan is finished, click the "Save as .txt" button, and
save the file as kavscan.txt to your Desktop, close the Kaspersky On-line
Scanner window, and post the text in kavscan.txt in your next reply.
Please restart your system, and post the log from Kaspersky's on-line virus scan.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
I have updated java as told to but i cant run kaspersky online scanner as it won't update itself. I get an error saying "Update process FAILED! No further antivirus actions can be performed!
Attention, you must be online to activate Kasperky On-line Scanner..." It also ends with "[ERROR: Key is expired" which seems odd to me.
As it stands, my computers performance is still not improved. Do you still think its malware related or something like that?
 

My Computer

System One

  • Manufacturer/Model
    Dell Studio 17 (1735)
    CPU
    Intel Core Duo 2 T8100 2.1Ghz
    Memory
    3GB
    Graphics card(s)
    ATI Mobility Radeon HD 3650
Some people have a problem running Kaspersky, I don't know why.

Let's see if you can run Eset Free ESET Online Antivirus Scanner
Be sure to save the log and post the results back here.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Right, I have tried ESET Scanner, but it hangs when it runs. Tried it twice now and made sure that no other anti virus programs etc are running at the same time and both times have made my computer fully freeze and had to do a manual restart.

Is there a third online scanner i can try?
 

My Computer

System One

  • Manufacturer/Model
    Dell Studio 17 (1735)
    CPU
    Intel Core Duo 2 T8100 2.1Ghz
    Memory
    3GB
    Graphics card(s)
    ATI Mobility Radeon HD 3650

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Hi, right im having some real problems with running PANDA online scanner. I have ran it twice now (maybe even 3 times) as a full scan and once a quick scan. Quick scan completed and found nothing. However The full scan does find infections, 6 as i count but the full scan never finishes. Every time i have tried it it eventually freezes my computer, first of all leaving me with the use of the mouse but not being able to do anything at all, and then after a while the mouse freezes as well, leaving me with no choice but to manually restart.

I have no idea what is causing this as nothing else is even running when the scan is. All i can gather is that the panda scan is finding infections that my AVIRA full scan doesnt but i can never get as far as being given the log in order to find out what files are causing the 6 infections. This is maybe a help as it proves that their are infections but im stuck as how to know where they are.

Is downloading a different free anti virus something worth doing and seeing if that will pick up the infections that PANDA is able to? On the same note, do the members on this forum favour a particular free anti-virus which i should try?

Cheers, and thanks for all your helps so far. This is a great forum.
 

My Computer

System One

  • Manufacturer/Model
    Dell Studio 17 (1735)
    CPU
    Intel Core Duo 2 T8100 2.1Ghz
    Memory
    3GB
    Graphics card(s)
    ATI Mobility Radeon HD 3650
I know you have Avast antivirus but it is not the current version 5.0.594. Maybe you could try downloading the latest and run a boot time scan with that.
 

My Computer

System One

  • Operating System
    Windows 11 x2, Windows 10 x2
    Manufacturer/Model
    PCS Custom desktop, HP OMEN 17, MS Surface Pro 6 and HP Pavillion 15
    CPU
    Intel i7-4790, i7-8750, i5 and AMD-9420
    Memory
    16GB, 16GB, 8GB and 8GB
    Graphics card(s)
    Nvidea GeForce GTX 750Ti, GTX1050Ti, on-board and on-board
    Monitor(s) Displays
    Dell U3415W
    Screen Resolution
    3440x1440
    Hard Drives
    Too many to list!
    Internet Speed
    75MB/s
I currently have AVIRA, not Avast. Should I give Avast or AVG a try?

I also have Ad-Aware. Does anyone favour an alternative that i should try instead of that?
 

My Computer

System One

  • Manufacturer/Model
    Dell Studio 17 (1735)
    CPU
    Intel Core Duo 2 T8100 2.1Ghz
    Memory
    3GB
    Graphics card(s)
    ATI Mobility Radeon HD 3650
Oh sorry, I had searched the thread and saw a reference to AVAST in one of your scans [reply #64] so assumed you had it.

I have found Avast to be brilliant [no doubt others may disagree] so it may be worth a go.
 

My Computer

System One

  • Operating System
    Windows 11 x2, Windows 10 x2
    Manufacturer/Model
    PCS Custom desktop, HP OMEN 17, MS Surface Pro 6 and HP Pavillion 15
    CPU
    Intel i7-4790, i7-8750, i5 and AMD-9420
    Memory
    16GB, 16GB, 8GB and 8GB
    Graphics card(s)
    Nvidea GeForce GTX 750Ti, GTX1050Ti, on-board and on-board
    Monitor(s) Displays
    Dell U3415W
    Screen Resolution
    3440x1440
    Hard Drives
    Too many to list!
    Internet Speed
    75MB/s
So i have tried Avast. Was having problems yet again in running scans and the computer freezing so went for a boot scan. This took aaaaaaaages and I mean ages. Probably close to 6 or more hours and it found only one thing which i do not believe to have caused any problems. Once that started up i am getting text in the bottom right of my screen which says:

"Windows Vista
Build 6002
This Copy of windows is not genuine"

My copy of vista is 100% legit and one thread on this forum said its likely to be caused by malware.

A virus or malware must be the issue. Can anyone shed any light on how to get rid of whatever it is.

So far:

Avira - made no difference using any scan
Avast - not made any difference using the boot scan
Malwarebytes - not found much and certainly hasnt fixed the problem
PANDA online scanner - found around 6 infections but was never able to complete the scan to let me know what the infections were.
Various programs recommended in this thread - used all of them as directed yet problem still persists

Nothing as of yet has worked and problem of reduced performance still exists.

Thanks, however for all the help i have been given so far.
 

My Computer

System One

  • Manufacturer/Model
    Dell Studio 17 (1735)
    CPU
    Intel Core Duo 2 T8100 2.1Ghz
    Memory
    3GB
    Graphics card(s)
    ATI Mobility Radeon HD 3650

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
I havent no, which of the 2 should i try?
 

My Computer

System One

  • Manufacturer/Model
    Dell Studio 17 (1735)
    CPU
    Intel Core Duo 2 T8100 2.1Ghz
    Memory
    3GB
    Graphics card(s)
    ATI Mobility Radeon HD 3650
Try the startup repair first.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Strangely, my computer has been running fine today. Ram seems high a little but from what iv gathered its not a problem and in terms of how its been running, its been great today.

I will hold off on doing anything else for now.

Once again guys, thanks very much for all your help with this matter. If any problems happen over the next week, I shall post. Otherwise, I would assume the problem has gone.
 

My Computer

System One

  • Manufacturer/Model
    Dell Studio 17 (1735)
    CPU
    Intel Core Duo 2 T8100 2.1Ghz
    Memory
    3GB
    Graphics card(s)
    ATI Mobility Radeon HD 3650
You must log in or register to reply here.
Back
Top