Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Some Applications wont open, and some websites wont load.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Some Applications wont open, and some websites wont load.

Unread postby MarkA » May 13th, 2011, 9:24 pm

Some applications wont open and either give app-crash or it says it was never installed. Some websites will not load even for a second and will give an error stating that the anti virus program was blocking it. (this happened to http://www.Pandora.com) And I am pretty sure there is no virus on that website. I have a hijackthis log as well if needed. I am pretty sure I have a virus even though avg isn't finding it.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Moshe at 17:47:23.01 on Fri 05/13/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.1602 [GMT -7:00]
.
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\STK02N\STK02NM.exe
C:\Users\Moshe\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Moshe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\explorer.exe
C:\Windows\system32\StikyNot.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\explorer.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Nero\Update\NANotify.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe
C:\Program Files (x86)\TechSmith\Camtasia Studio 7\TSCHelp.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Q:\Downloads Backup\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/home?AF=17710
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Cartoonly: {66d8fba6-d90f-40a9-ac55-84896f79ca69} - C:\Program Files (x86)\Object\bho_project.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Google Update] "C:\Users\Moshe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
StartupFolder: C:\Users\Moshe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Moshe\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Moshe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\Moshe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STK02N~1.LNK - C:\Windows\STK02N\STK02NM.exe
uPolicies-explorer: HideSCABattery = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Moshe\AppData\Roaming\Mozilla\Firefox\Profiles\bmls2zrs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17710
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=17710&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll
FF - plugin: C:\Users\Moshe\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Moshe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-28 52856]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
R1 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [2011-1-5 28032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-5 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-1-17 21992]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-11-17 72216]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-26 9085952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-26 299520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-2-5 116752]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-4-14 118864]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-1-10 22104]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-1-5 9968]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-1-5 74480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-1-10 269648]
S3 A_USBETHMP;USB PowerPacket Network Adapter;C:\Windows\System32\drivers\usbethmp.sys [2009-7-9 32280]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-2-28 401920]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;"C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" --> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" --> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe --> C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-1-5 7408]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-05-13 11:31:47 -------- d-----w- C:\Users\Moshe\AppData\Roaming\TrueCrypt
2011-05-13 11:31:06 230352 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2011-05-13 11:30:40 -------- d-----w- C:\Program Files\TrueCrypt
2011-05-13 03:27:35 -------- d-----w- C:\Program Files (x86)\Yzshadow
2011-05-13 03:27:32 -------- d-----w- C:\Program Files (x86)\RocketDock
2011-05-12 22:36:22 315682 ----a-w- C:\Windows\SysWow64\slwc.exe
2011-05-12 22:33:49 2851328 ----a-w- C:\Windows\System32\themeui.dll.backup
2011-05-12 22:33:48 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2011-05-12 22:33:47 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2011-05-12 22:33:44 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.backup
2011-05-12 22:33:44 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.backup
2011-05-12 22:33:33 8636 ----a-w- C:\Windows\SysWow64\modifype.exe
2011-05-12 22:33:33 111104 ----a-w- C:\Windows\SysWow64\Uharc.exe
2011-05-12 22:33:33 -------- d-----w- C:\SnowFiles
2011-05-06 00:44:12 -------- dc----w- C:\Users\Moshe\AppData\Local\MigWiz
2011-05-04 09:54:15 -------- d-----w- C:\Users\Moshe\AppData\Roaming\PCF-VLC
2011-05-04 09:48:01 -------- d-----w- C:\Program Files (x86)\GetMiro Toolbar
2011-05-04 09:47:58 -------- d-----w- C:\Users\Moshe\AppData\Roaming\Participatory Culture Foundation
2011-05-04 09:46:06 -------- d-----w- C:\Program Files (x86)\Participatory Culture Foundation
2011-05-04 09:41:31 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-05-03 10:22:27 53248 ----a-r- C:\Users\Moshe\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-05-03 10:22:15 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-05-03 10:19:39 9548 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2011-05-03 10:19:39 729600 ----a-w- C:\Windows\System32\cohelper.dll
2011-05-03 08:30:14 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-05-03 08:30:10 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-04-29 04:51:58 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-04-27 23:44:37 -------- d-----w- C:\Users\Moshe\AppData\Roaming\.servetome-fontconfig
2011-04-27 23:43:33 -------- d-----w- C:\Program Files (x86)\ServeToMe
2011-04-24 05:50:50 -------- d-----w- C:\PROGRA~3\Media Get LLC
2011-04-24 05:36:40 -------- d-----w- C:\Program Files\Babylon
2011-04-24 05:36:26 -------- d-----w- C:\Program Files (x86)\Object
2011-04-24 05:36:09 -------- d-----w- C:\Users\Moshe\AppData\Local\MediaGet2
2011-04-23 01:47:31 -------- d-----w- C:\Users\Moshe\AppData\Roaming\.minecraft
2011-04-22 06:32:12 -------- d-----w- C:\Users\Moshe\AppData\Roaming\Dropbox
2011-04-22 03:39:52 -------- d-----w- C:\Program Files\iPod
2011-04-22 03:39:51 -------- d-----w- C:\Program Files\iTunes
2011-04-22 03:37:58 -------- d-----w- C:\Program Files\Bonjour
2011-04-18 00:22:14 -------- d-----w- C:\Program Files (x86)\Sony
2011-04-18 00:22:13 -------- d-----w- C:\PROGRA~3\Sony Corporation
2011-04-15 04:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-04-14 10:39:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 10:39:02 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-05-12 22:33:49 2851328 ----a-w- C:\Windows\System32\themeui.dll
2011-05-12 22:33:48 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-05-12 22:33:47 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-05-12 22:33:44 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll
2011-05-12 22:33:44 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2011-04-11 09:19:20 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-04-06 23:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 23:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 23:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 23:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 23:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-04-05 07:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-03-16 23:03:18 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-03-16 00:39:24 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-03-01 21:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-02-22 15:12:46 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
.
============= FINISH: 17:48:07.88 ===============
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm
Advertisement
Register to Remove

Re: Some Applications wont open, and some websites wont load

Unread postby Alander » May 15th, 2011, 3:18 am

Hello, I Am Alander :)

Welcome to the Malware Removal forums.

I would be glad to take a look at your log and help you with solving any malware problems.

DDS logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

As I am still training, everything that I post to you, must be checked by an Admin or Moderator.

Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.


  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 15th, 2011, 5:46 pm

Thanks, I'll be checking on this regularly.
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby Alander » May 16th, 2011, 1:05 pm

Scan with DDS Again
Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Business computer

I have examined your log & I believe this to be a computer used for business, be it personal or corporate.


If I could point you in the direction of the rules, which state under Posting for help for business machines
This forum was set up specifically to help home users, our volunteer helpers choose not to work on machines used for other purposes
On this forum the Administrators are the sole arbiters of what constitutes Home use.
We reserve the right to close any topic that in our opinion is from a computer used for other purposes.
All decisions are final, and are not open to discussion or negotiation.

If this is indeed a business computer:

  • If it is a corporate computer, it is suggested that you take this issue to your IT department.
  • If this is a personal computer used for business (personal or corporate), it is suggested that you take this issue to your IT department, or your local PC repair store.

Please clarify the purpose of your machine
Thank you for your understanding.

Online Multi Antivirus file scan
Please go to Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Windows\SysWow64\slwc.exe
C:\Windows\SysWow64\Uharc.exe



Using Virus Total
  1. Copy -one- file name from the list and press the Browse button.
  2. Paste the copied file name into the "file name" area of the "Choose file to upload" window... then press Open.
    The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When the scan is completed...press the "Compact" icon
  6. The results will be shown in a grid like window... right-click on the text, choose Select All, then Copy the entire contents.
  7. Open Notepad...Paste the result contents into the Notepad window...Save this file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Paste the contents of all the Virus Total results in your next reply.

Do you know what does the folder in C:\SnowFiles contains?

AVG 2011 advice

We need to run a tool called ComboFix, ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus.
This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results".
Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
In the meantime after running ComboFix i would like you to install Avira Personal FREE Antivirus, see instructions at the bottom of this post.


Revo Uninstaller

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs click on Your version of AVG Antivirus and chose Uninstall.
  • When prompted click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, when prompted again click Yes > Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Next > Yes.
  • Once done click Finish.
.
Last edited by Alander on May 17th, 2011, 12:48 am, edited 1 time in total.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 16th, 2011, 3:51 pm

I do not know what makes you think this is used for business. I use this for me at my house and do not use it for business.
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 16th, 2011, 3:57 pm

If you think it's because I have log me in installed I use that with my android phone to gain access to my computer from anywhere. I also have team viewer so I can help my family with issues they have. I am pretty good with computers, I only don't know how to find hidden viruses. I do again appreciate your help in this matter.
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 16th, 2011, 4:11 pm

C:\SnowFiles was an empty folder. i deleted it. it could be from when i was testing out the mac theme it was called snow. maybe it was if i made changes or something.
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 16th, 2011, 7:06 pm

after uploading slwc.exe on virustotal i am unable to make a compact of the text after it analysis all i get is a new window that says "Not found"
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby Alander » May 17th, 2011, 5:35 am

Step 1
Online Multi Antivirus file scan
Please go to Jotti and upload -only one file per scan- the following file(s) for scanning:
C:\Windows\SysWow64\slwc.exe
C:\Windows\SysWow64\Uharc.exe


Using Jotti
  1. Choose the appropriate language... once a language is selected, you'll see a message "Ready to receive files"
  2. Copy -one- file name from the list and press the Browse button.
  3. Paste the copied file name into the "file name" area of the "Choose file to upload" window... then press Open.
    The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... Highlight the results text from the Jotti's malware scan box.
  7. Copy the selected text... Open Notepad... Paste the contents into Notepad... Save the file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Paste the contents of all the Jotti scan results in your next reply.

Step 2
AVG Anti virus advice
We need to run a tool called ComboFix, ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus.
This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results".
Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
In the meantime while we are running ComboFix i would like you to install Avira Personal FREE Antivirus,

Revo Uninstaller

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs click on AVG Anti virus and chose Uninstall.
  • When prompted click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, when prompted again click Yes > Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Next > Yes.
  • Once done click Finish.
.
You can reinstall your AVG Anti virus after your computer is clean, but please make sure ONLY ONE anti virus is installed on your machine

Step 3
Scan with DDS Again
Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Please report back with 4 log files, DDS.txt, attach.txt, the 2 jotti scans files, and let me know if you have uninstalled your AVG Anti virus and installed Avira
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 17th, 2011, 7:22 am

Okay I uninstalled avg but I had to use the windows uninstall because the program I got from you didn't find avg. I was able to install Avira. Here are the logs you requested.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Moshe at 3:55:32.48 on Tue 05/17/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.1692 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\STK02N\STK02NM.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Moshe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\explorer.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\system32\StikyNot.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Moshe\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mp3tubetoolbar.com/?tmp=toolbar_ ... cfaadceb30
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Cartoonly: {66d8fba6-d90f-40a9-ac55-84896f79ca69} - C:\Program Files (x86)\Object\bho_project.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: Mp3Tube Toolbar: {46897c77-e7a6-4c33-bffb-e9c2e2718942} - "C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL"
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Google Update] "C:\Users\Moshe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... FctTlY4WkU"&"inst=NzYtNjk5NzA5NjU5LVBMKzgtVTkwKzEtREw0KzktUUlYMSs0LVgyMDEwKzItU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMQ"&"prod=92"&"ver=10.0.1375
StartupFolder: C:\Users\Moshe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Moshe\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Moshe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\Moshe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STK02N~1.LNK - C:\Windows\STK02N\STK02NM.exe
uPolicies-explorer: HideSCABattery = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
IFEO-X64: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Moshe\AppData\Roaming\Mozilla\Firefox\Profiles\bmls2zrs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17710
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pi ... &Keywords=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll
FF - plugin: C:\Users\Moshe\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Moshe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-28 52856]
R1 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [2011-1-5 28032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-5 203776]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-17 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-17 269480]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-5-17 83120]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-1-17 21992]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-11-17 72216]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-26 9085952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-26 299520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-2-5 116752]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-1-10 22104]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-1-5 9968]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-1-5 74480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-1-10 269648]
S3 A_USBETHMP;USB PowerPacket Network Adapter;C:\Windows\System32\drivers\usbethmp.sys [2009-7-9 32280]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-2-28 401920]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;"C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" --> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" --> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe --> C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-1-5 7408]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-05-17 10:48:06 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-05-17 10:48:06 -------- d-----w- C:\Program Files (x86)\Avira
2011-05-17 10:35:25 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2011-05-16 00:24:26 703488 ----a-w- C:\Windows\System32\xvidcore.dll
2011-05-16 00:24:26 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2011-05-16 00:24:26 173056 ----a-w- C:\Windows\System32\xvid.ax
2011-05-16 00:23:39 -------- d-----w- C:\Program Files (x86)\Mp3Tube Toolbar
2011-05-16 00:23:11 -------- d-----w- C:\Program Files (x86)\QuestScan
2011-05-16 00:23:11 -------- d-----w- C:\PROGRA~3\QuestScan
2011-05-16 00:22:58 -------- d-----w- C:\Users\Moshe\AppData\Roaming\ShopperReports3
2011-05-16 00:22:58 -------- d-----w- C:\Program Files (x86)\ShopperReports3
2011-05-15 09:55:49 -------- d-----w- C:\Users\Moshe\AppData\Local\Nero_AG
2011-05-15 09:55:23 -------- d-----w- C:\Users\Moshe\AppData\Local\Nero
2011-05-13 11:31:47 -------- d-----w- C:\Users\Moshe\AppData\Roaming\TrueCrypt
2011-05-13 11:31:06 230352 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2011-05-13 11:30:40 -------- d-----w- C:\Program Files\TrueCrypt
2011-05-13 03:27:35 -------- d-----w- C:\Program Files (x86)\Yzshadow
2011-05-13 03:27:32 -------- d-----w- C:\Program Files (x86)\RocketDock
2011-05-12 22:36:22 315682 ----a-w- C:\Windows\SysWow64\slwc.exe
2011-05-12 22:33:49 2851328 ----a-w- C:\Windows\System32\themeui.dll.backup
2011-05-12 22:33:48 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2011-05-12 22:33:47 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2011-05-12 22:33:44 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.backup
2011-05-12 22:33:44 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.backup
2011-05-12 22:33:33 8636 ----a-w- C:\Windows\SysWow64\modifype.exe
2011-05-12 22:33:33 111104 ----a-w- C:\Windows\SysWow64\Uharc.exe
2011-05-06 00:44:12 -------- dc----w- C:\Users\Moshe\AppData\Local\MigWiz
2011-05-04 09:54:15 -------- d-----w- C:\Users\Moshe\AppData\Roaming\PCF-VLC
2011-05-04 09:48:01 -------- d-----w- C:\Program Files (x86)\GetMiro Toolbar
2011-05-04 09:47:58 -------- d-----w- C:\Users\Moshe\AppData\Roaming\Participatory Culture Foundation
2011-05-04 09:46:06 -------- d-----w- C:\Program Files (x86)\Participatory Culture Foundation
2011-05-03 10:22:27 53248 ----a-r- C:\Users\Moshe\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-05-03 10:22:15 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-05-03 10:19:39 9548 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2011-05-03 10:19:39 729600 ----a-w- C:\Windows\System32\cohelper.dll
2011-05-03 08:30:14 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-05-03 08:30:10 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-04-27 23:44:37 -------- d-----w- C:\Users\Moshe\AppData\Roaming\.servetome-fontconfig
2011-04-27 23:43:33 -------- d-----w- C:\Program Files (x86)\ServeToMe
2011-04-24 05:50:50 -------- d-----w- C:\PROGRA~3\Media Get LLC
2011-04-24 05:36:40 -------- d-----w- C:\Program Files\Babylon
2011-04-24 05:36:26 -------- d-----w- C:\Program Files (x86)\Object
2011-04-24 05:36:09 -------- d-----w- C:\Users\Moshe\AppData\Local\MediaGet2
2011-04-23 01:47:31 -------- d-----w- C:\Users\Moshe\AppData\Roaming\.minecraft
2011-04-22 06:32:12 -------- d-----w- C:\Users\Moshe\AppData\Roaming\Dropbox
2011-04-22 03:39:52 -------- d-----w- C:\Program Files\iPod
2011-04-22 03:39:51 -------- d-----w- C:\Program Files\iTunes
2011-04-22 03:37:58 -------- d-----w- C:\Program Files\Bonjour
2011-04-18 00:22:14 -------- d-----w- C:\Program Files (x86)\Sony
2011-04-18 00:22:13 -------- d-----w- C:\PROGRA~3\Sony Corporation
.
==================== Find3M ====================
.
2011-05-12 22:33:49 2851328 ----a-w- C:\Windows\System32\themeui.dll
2011-05-12 22:33:48 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-05-12 22:33:47 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-05-12 22:33:44 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll
2011-05-12 22:33:44 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2011-04-11 09:19:20 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-04-06 23:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 23:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 23:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 23:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 23:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-21 13:58:03 152064 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-03-19 15:06:01 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-03-19 15:04:28 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-03-16 00:39:24 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 3:56:12.95 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/8/2009 3:38:14 AM
System Uptime: 5/12/2011 8:44:28 PM (103 hours ago)
.
Motherboard: EVGA | | 122-CK-NF68
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
A: is FIXED (NTFS) - 932 GiB total, 264.425 GiB free.
C: is FIXED (NTFS) - 140 GiB total, 28.856 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 22.675 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
K: is FIXED (NTFS) - 932 GiB total, 115.633 GiB free.
L: is FIXED (NTFS) - 466 GiB total, 373.49 GiB free.
M: is Removable
N: is Removable
O: is Removable
P: is FIXED (NTFS) - 932 GiB total, 73.143 GiB free.
T: is FIXED (NTFS) - 932 GiB total, 236.929 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP312: 5/10/2011 8:53:13 PM - Removed TortoiseSVN 1.6.12.20536 (32 bit)
RP313: 5/13/2011 4:30:48 AM - TrueCrypt installation
RP314: 5/13/2011 2:01:25 PM - Installed Microsoft Primary Interoperability Assemblies 2005
RP315: 5/13/2011 2:03:22 PM - Installed Nero Multimedia Suite 10.
RP316: 5/17/2011 3:38:28 AM - Revo Uninstaller's restore point - µTorrent
RP317: 5/17/2011 3:43:41 AM - Removed AVG 2011
RP318: 5/17/2011 3:44:51 AM - Removed AVG 2011
.
==== Installed Programs ======================
.
.
AA2Deploy
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Amazon Games & Software Downloader
Apple Application Support
Apple Software Update
ATI Catalyst Registration
Audacity 1.2.6
Auslogics Disk Defrag
AVG PC Tuneup 2011
Avid EDL Manager
Avid FilmScribe
Avid Log Exchange
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Editor 4
AVS Video Recorder 2.4
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
CamStudio
Camtasia Studio 7
Canon MP560 series User Registration
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cartoonly
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Creative ALchemy
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Curse Client
Driver Genius Professional Edition
Dropbox
Emergency 2012
eReg
ERUNT 1.1j
Fraps (remove only)
GameGuard
GameSpy Arcade
Google Chrome
Grand Theft Auto IV
High-Definition Video Playback 10
HijackThis 2.0.2
HWiNFO32 Version 3.65
Intel(R) Processor ID Utility
IspAssistant-Mp3Tube
Java Auto Updater
Java(TM) 6 Update 24
LAME v3.98.2 for Audacity
League of Legends
LightScribe System Software
LogMeIn
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
mIRC
Miro
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML4 Parser
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 8
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
neroxml
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
Pando Media Booster
PMB
Pocket Tanks v1.3
PowerISO
PunkBuster Services
QuickTime
Revo Uninstaller 1.92
RIFT
Roxio Media Manager
Sentinel Protection Installer 7.3.2
ServeToMe 3.5.2.0
ShopperReports
Spybot - Search & Destroy
Steam
STK02N 2.0
SUPERAntiSpyware Professional
TeamViewer 6
The Lord of the Rings FREE Trial
TrueCrypt
Unity Web Player
VCRedistSetup
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.3
VLC Setup Helper 3.04
Webzen Game Starter
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Media Encoder 9 Series
WinRAR archiver
Xfire (remove only)
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
5/17/2011 3:48:24 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
5/15/2011 5:23:42 PM, Error: Service Control Manager [7030] - The Mp3Tube Toolbar Updater Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================




Scanners
[ArcaVir]
2011-01-01 Found nothing
[F-Secure Anti-Virus]
2010-12-31 Gen:Trojan.StartPage.tq3@au7w0hei
[Avast! antivirus]
2010-12-31 Found nothing
[G DATA]
2011-01-01 Gen:Trojan.StartPage.tq3@au7w0hei
[Grisoft AVG Anti-Virus]
2010-12-31 Found nothing
[Ikarus]
2010-12-31 Gen.Trojan
[Avira AntiVir]
2010-12-31 Found nothing
[Kaspersky Anti-Virus]
2010-12-31 Found nothing
[Softwin BitDefender]
2010-12-31 Gen:Trojan.StartPage.tq3@au7w0hei
[ESET NOD32]
2010-12-31 Found nothing
[ClamAV]
2011-01-01 Found nothing
[Panda Antivirus]
2010-12-31 Found nothing
[CPsecure]
2011-01-01 Found nothing
[Quick Heal]
2010-12-31 Found nothing
[Dr.Web]
2011-01-01 Trojan.StartPage.32434
[Sophos]
2011-01-01 Found nothing
[Emsisoft Anti-Malware]
No result available
[VirusBuster]
2010-12-30 Found nothing

[ArcaVir]
2009-11-08 Found nothing
[F-Secure Anti-Virus]
2009-11-09 Found nothing
[Avast! antivirus]
2009-11-09 Found nothing
[G DATA]
2009-11-09 Found nothing
[Grisoft AVG Anti-Virus]
2009-11-09 Found nothing
[Ikarus]
2009-11-09 Found nothing
[Avira AntiVir]
2009-11-09 Found nothing
[Kaspersky Anti-Virus]
2009-11-09 Found nothing
[Softwin BitDefender]
2009-11-09 Found nothing
[ESET NOD32]
2009-11-09 Found nothing
[ClamAV]
2009-11-09 Found nothing
[Panda Antivirus]
2009-11-08 Found nothing
[CPsecure]
2009-11-09 Found nothing
[Quick Heal]
2009-11-06 Found nothing
[Dr.Web]
2009-11-09 Found nothing
[Sophos]
2009-11-09 Found nothing
[Emsisoft Anti-Malware]
No result available
[VirusBuster]
2009-11-09 Found nothing
[Frisk F-Prot Antivirus]
2009-11-09 Found nothing
Last edited by MarkA on May 18th, 2011, 1:38 am, edited 2 times in total.
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby Alander » May 18th, 2011, 12:35 am

There are remnants of AVG anti virus that will interfere with the fixing of your computer

Please Uninstall AVG PC Tuneup

AVG Remover
Please save any work and close all open windows... you have to REBOOT your machine during in this step.
Please download AVG Remover(32bit) and save it to your desktop.
If you are attempting to remove the 64bit version of AVG... please download this version AVG Remover(64bit).
  1. Double click on avgremover.exe to start the process. (64bit version... avgremoverx64.exe)
    If using Vista, you must right click (avgremover.exe or avgremoverx64.exe) and choose "Run As Administrator".
    A black command window will open... and you will receive a "removal and rebooting" warning prompt...
  2. Reply Yes to the "Do you want to continue?" prompt.
    The remover will begin searching for and removing AVG entries...
  3. When completed, a text file will appear on your desktop "avgremover.log"... (it may be named differently for the 64bit version)
    Please reboot your computer at this time. (You may receive a prompt to do so...)
  4. Please copy and paste the contents of avgremover.log in your next reply.

Scan with DDS Again
Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Please Come back with Attach.txt, DDS.txt and avgremover.log
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 18th, 2011, 1:34 am

Okay, this morning I remembered that I did not restart my computer after uninstalling AVG. I did so and now when I run that AVG Remover it won't work. Anyway, here are the dds and attach logs.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Moshe at 22:22:58.10 on Tue 05/17/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2052 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\STK02N\STK02NM.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamRecorder.exe
C:\Program Files (x86)\TechSmith\Camtasia Studio 7\TscHelp.exe
L:\Downloads Backup\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mp3tubetoolbar.com/?tmp=toolbar_ ... cfaadceb30
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Cartoonly: {66d8fba6-d90f-40a9-ac55-84896f79ca69} - C:\Program Files (x86)\Object\bho_project.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: Mp3Tube Toolbar: {46897c77-e7a6-4c33-bffb-e9c2e2718942} - "C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL"
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Google Update] "C:\Users\Moshe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Moshe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Moshe\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STK02N~1.LNK - C:\Windows\STK02N\STK02NM.exe
uPolicies-explorer: HideSCABattery = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Moshe\AppData\Roaming\Mozilla\Firefox\Profiles\bmls2zrs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17710
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pi ... &Keywords=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll
FF - plugin: C:\Users\Moshe\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Moshe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-28 52856]
R1 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [2011-1-5 28032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-5 203776]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-17 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-17 269480]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-5-17 83120]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-1-17 21992]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-11-17 72216]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-26 9085952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-26 299520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-2-5 116752]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-1-10 22104]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-1-5 9968]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-1-5 74480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-1-10 269648]
S3 A_USBETHMP;USB PowerPacket Network Adapter;C:\Windows\System32\drivers\usbethmp.sys [2009-7-9 32280]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-2-28 401920]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;"C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" --> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" --> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe --> C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-1-5 7408]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-05-17 10:48:06 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-05-17 10:48:06 -------- d-----w- C:\Program Files (x86)\Avira
2011-05-17 10:35:25 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2011-05-16 00:24:26 703488 ----a-w- C:\Windows\System32\xvidcore.dll
2011-05-16 00:24:26 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2011-05-16 00:24:26 173056 ----a-w- C:\Windows\System32\xvid.ax
2011-05-16 00:23:39 -------- d-----w- C:\Program Files (x86)\Mp3Tube Toolbar
2011-05-16 00:23:11 -------- d-----w- C:\Program Files (x86)\QuestScan
2011-05-16 00:23:11 -------- d-----w- C:\PROGRA~3\QuestScan
2011-05-16 00:22:58 -------- d-----w- C:\Users\Moshe\AppData\Roaming\ShopperReports3
2011-05-16 00:22:58 -------- d-----w- C:\Program Files (x86)\ShopperReports3
2011-05-15 09:55:49 -------- d-----w- C:\Users\Moshe\AppData\Local\Nero_AG
2011-05-15 09:55:23 -------- d-----w- C:\Users\Moshe\AppData\Local\Nero
2011-05-13 11:31:47 -------- d-----w- C:\Users\Moshe\AppData\Roaming\TrueCrypt
2011-05-13 11:31:06 230352 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2011-05-13 11:30:40 -------- d-----w- C:\Program Files\TrueCrypt
2011-05-13 03:27:35 -------- d-----w- C:\Program Files (x86)\Yzshadow
2011-05-13 03:27:32 -------- d-----w- C:\Program Files (x86)\RocketDock
2011-05-12 22:36:22 315682 ----a-w- C:\Windows\SysWow64\slwc.exe
2011-05-12 22:33:49 2851328 ----a-w- C:\Windows\System32\themeui.dll.backup
2011-05-12 22:33:48 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2011-05-12 22:33:47 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2011-05-12 22:33:44 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.backup
2011-05-12 22:33:44 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.backup
2011-05-12 22:33:33 8636 ----a-w- C:\Windows\SysWow64\modifype.exe
2011-05-12 22:33:33 111104 ----a-w- C:\Windows\SysWow64\Uharc.exe
2011-05-06 00:44:12 -------- dc----w- C:\Users\Moshe\AppData\Local\MigWiz
2011-05-04 09:54:15 -------- d-----w- C:\Users\Moshe\AppData\Roaming\PCF-VLC
2011-05-04 09:48:01 -------- d-----w- C:\Program Files (x86)\GetMiro Toolbar
2011-05-04 09:47:58 -------- d-----w- C:\Users\Moshe\AppData\Roaming\Participatory Culture Foundation
2011-05-04 09:46:06 -------- d-----w- C:\Program Files (x86)\Participatory Culture Foundation
2011-05-03 10:22:27 53248 ----a-r- C:\Users\Moshe\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-05-03 10:22:15 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-05-03 10:19:39 9548 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2011-05-03 10:19:39 729600 ----a-w- C:\Windows\System32\cohelper.dll
2011-05-03 08:30:14 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-05-03 08:30:10 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-04-27 23:44:37 -------- d-----w- C:\Users\Moshe\AppData\Roaming\.servetome-fontconfig
2011-04-27 23:43:33 -------- d-----w- C:\Program Files (x86)\ServeToMe
2011-04-24 05:50:50 -------- d-----w- C:\PROGRA~3\Media Get LLC
2011-04-24 05:36:40 -------- d-----w- C:\Program Files\Babylon
2011-04-24 05:36:26 -------- d-----w- C:\Program Files (x86)\Object
2011-04-24 05:36:09 -------- d-----w- C:\Users\Moshe\AppData\Local\MediaGet2
2011-04-23 01:47:31 -------- d-----w- C:\Users\Moshe\AppData\Roaming\.minecraft
2011-04-22 06:32:12 -------- d-----w- C:\Users\Moshe\AppData\Roaming\Dropbox
2011-04-22 03:39:52 -------- d-----w- C:\Program Files\iPod
2011-04-22 03:39:51 -------- d-----w- C:\Program Files\iTunes
2011-04-22 03:37:58 -------- d-----w- C:\Program Files\Bonjour
.
==================== Find3M ====================
.
2011-05-12 22:33:49 2851328 ----a-w- C:\Windows\System32\themeui.dll
2011-05-12 22:33:48 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-05-12 22:33:47 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-05-12 22:33:44 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll
2011-05-12 22:33:44 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2011-04-11 09:19:20 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-04-06 23:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 23:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 23:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 23:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 23:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-21 13:58:03 152064 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-03-19 15:06:01 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-03-19 15:04:28 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-03-16 00:39:24 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 22:23:25.31 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/8/2009 3:38:14 AM
System Uptime: 5/17/2011 3:34:45 PM (7 hours ago)
.
Motherboard: EVGA | | 122-CK-NF68
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
A: is FIXED (NTFS) - 932 GiB total, 263.517 GiB free.
C: is FIXED (NTFS) - 140 GiB total, 28.082 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 22.675 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
K: is FIXED (NTFS) - 932 GiB total, 115.633 GiB free.
L: is FIXED (NTFS) - 466 GiB total, 373.49 GiB free.
M: is Removable
N: is Removable
O: is Removable
P: is FIXED (NTFS) - 932 GiB total, 73.143 GiB free.
T: is FIXED (NTFS) - 932 GiB total, 236.929 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP312: 5/10/2011 8:53:13 PM - Removed TortoiseSVN 1.6.12.20536 (32 bit)
RP313: 5/13/2011 4:30:48 AM - TrueCrypt installation
RP314: 5/13/2011 2:01:25 PM - Installed Microsoft Primary Interoperability Assemblies 2005
RP315: 5/13/2011 2:03:22 PM - Installed Nero Multimedia Suite 10.
RP317: 5/17/2011 3:43:41 AM - Removed AVG 2011
RP318: 5/17/2011 3:44:51 AM - Removed AVG 2011
.
==== Installed Programs ======================
.
.
AA2Deploy
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Amazon Games & Software Downloader
Apple Application Support
Apple Software Update
ATI Catalyst Registration
Audacity 1.2.6
Auslogics Disk Defrag
AVG PC Tuneup 2011
Avid EDL Manager
Avid FilmScribe
Avid Log Exchange
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Editor 4
AVS Video Recorder 2.4
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
CamStudio
Camtasia Studio 7
Canon MP560 series User Registration
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cartoonly
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Creative ALchemy
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Curse Client
Driver Genius Professional Edition
Dropbox
Emergency 2012
eReg
ERUNT 1.1j
Fraps (remove only)
GameGuard
GameSpy Arcade
Google Chrome
Grand Theft Auto IV
High-Definition Video Playback 10
HijackThis 2.0.2
HWiNFO32 Version 3.65
Intel(R) Processor ID Utility
IspAssistant-Mp3Tube
Java Auto Updater
Java(TM) 6 Update 24
LAME v3.98.2 for Audacity
League of Legends
LightScribe System Software
LogMeIn
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
mIRC
Miro
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML4 Parser
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 8
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
neroxml
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
Pando Media Booster
PMB
Pocket Tanks v1.3
PowerISO
PunkBuster Services
QuickTime
Revo Uninstaller 1.92
RIFT
Roxio Media Manager
Sentinel Protection Installer 7.3.2
ServeToMe 3.5.2.0
ShopperReports
Spybot - Search & Destroy
Steam
STK02N 2.0
SUPERAntiSpyware Professional
TeamViewer 6
The Lord of the Rings FREE Trial
TrueCrypt
Unity Web Player
VCRedistSetup
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.3
VLC Setup Helper 3.04
Webzen Game Starter
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Media Encoder 9 Series
WinRAR archiver
Xfire (remove only)
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
5/17/2011 3:48:24 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
5/17/2011 3:35:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
5/17/2011 3:35:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 9 service to connect.
5/17/2011 3:34:56 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/17/2011 3:34:56 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/15/2011 5:23:42 PM, Error: Service Control Manager [7030] - The Mp3Tube Toolbar Updater Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby Alander » May 18th, 2011, 4:15 am

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

  • Note: You must rename it before saving it... Rename it: cfsky. See images below.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

    Image

    Image


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 18th, 2011, 6:58 am

Here is the combofix log:

ComboFix 11-05-17.01 - Moshe 05/18/2011 3:43.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.1802 [GMT -7:00]
Running from: c:\users\Moshe\Desktop\cfsky.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome.manifest
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\constants.js
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideo.js
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.js
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.xul
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\events.js
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.js
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.xul
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\tbcore.js
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\toolbar.xul
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weather.js
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherLoc.js
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherLoc.xul
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow-grey.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow_partner.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow_small.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\bg.jpg
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\arrow.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\arrow_big.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\btn_close.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\dailyhotdeals.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\divider.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\facebook.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\games.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\icon-RSS.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\news.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\plainbutton.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3_disabled.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3popup-musicicon.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3popup.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\saveyoutubevideos.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\screensaver.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\search.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\searchbar-grey-250.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\searchbox.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\separator_line.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\shopping.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\Thumbs.db
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\watermark.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\youtube.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\feeditem.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\logo.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\news_refresh.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\popupSearchMp3.css
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\popupWindow.css
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\SaveMp3_bg_hover.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\SaveMp3_bg_normal.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\savetomp3PopUp.css
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\Thumbs.db
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\toolbar.css
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_rain.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_snow.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_storm.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_tstorm.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\cloudy.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\flurries.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\hazy.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mist.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mostly_cloudy.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mostly_sunny.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\rain.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\sleet.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\snow.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\storm.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\sunny.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\Thumbs.db
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\thunderstorm.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\weatherbug.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\windy.png
c:\program files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\install.rdf
c:\program files (x86)\Mp3Tube Toolbar
c:\program files (x86)\Mp3Tube Toolbar\ffmpeg.exe
c:\program files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe
c:\program files (x86)\Mp3Tube Toolbar\mp3tubetb.dll
c:\program files (x86)\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe
c:\program files (x86)\Mp3Tube Toolbar\ShowMsg.exe
c:\program files (x86)\Mp3Tube Toolbar\uninstall.exe
c:\program files (x86)\Object\bho_project.dll
c:\program files (x86)\ShopperReports3
c:\program files (x86)\ShopperReports3\bin\3.1.69.0\CmndFF.dll
c:\program files (x86)\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files (x86)\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js
c:\program files (x86)\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul
c:\program files (x86)\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll
c:\program files (x86)\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt
c:\program files (x86)\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files (x86)\ShopperReports3\bin\3.1.69.0\link.ico
c:\program files (x86)\ShopperReports3\bin\3.1.69.0\ShopperReportsUninstaller.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\programdata\sysReserve.ini
c:\users\Moshe\AppData\Roaming\ShopperReports3
c:\windows\SysWow64\15724.exe
c:\windows\SysWow64\19169.exe
K:\Autorun.inf
P:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-18 10:50 . 2011-05-18 10:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-17 22:35 . 2011-05-17 22:35 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-05-17 10:48 . 2011-05-17 10:48 -------- d-----w- c:\program files (x86)\Avira
2011-05-17 10:48 . 2011-04-02 00:07 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-17 10:48 . 2011-04-02 00:07 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-17 10:35 . 2011-05-17 10:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-05-16 00:24 . 2011-03-21 13:57 173056 ----a-w- c:\windows\system32\xvid.ax
2011-05-16 00:24 . 2011-03-19 15:06 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-16 00:24 . 2011-03-19 15:05 703488 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-16 00:23 . 2011-05-16 00:23 -------- d-----w- c:\programdata\QuestScan
2011-05-16 00:23 . 2011-05-16 00:23 -------- d-----w- c:\program files (x86)\QuestScan
2011-05-15 09:55 . 2011-05-15 09:56 -------- d-----w- c:\users\Moshe\AppData\Local\Nero
2011-05-13 21:02 . 2011-05-13 21:02 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2011-05-13 11:31 . 2011-05-13 11:34 -------- d-----w- c:\users\Moshe\AppData\Roaming\TrueCrypt
2011-05-13 11:31 . 2011-05-13 11:31 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-05-13 11:30 . 2011-05-13 11:31 -------- d-----w- c:\program files\TrueCrypt
2011-05-13 03:27 . 2011-05-13 03:41 -------- d-----w- c:\program files (x86)\Yzshadow
2011-05-13 03:27 . 2011-05-13 03:41 -------- d-----w- c:\program files (x86)\RocketDock
2011-05-12 22:36 . 2010-10-16 12:49 315682 ----a-w- c:\windows\SysWow64\slwc.exe
2011-05-12 22:33 . 2009-07-14 01:41 2851328 ----a-w- c:\windows\system32\themeui.dll.backup
2011-05-12 22:33 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-05-12 22:33 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-05-12 22:33 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup
2011-05-12 22:33 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2011-05-12 22:33 . 2006-12-04 00:15 111104 ----a-w- c:\windows\SysWow64\Uharc.exe
2011-05-12 22:33 . 2006-12-04 00:14 8636 ----a-w- c:\windows\SysWow64\modifype.exe
2011-05-06 00:44 . 2011-05-06 05:10 -------- dc----w- c:\users\Moshe\AppData\Local\MigWiz
2011-05-04 09:54 . 2011-05-05 01:03 -------- d-----w- c:\users\Moshe\AppData\Roaming\PCF-VLC
2011-05-04 09:48 . 2011-05-04 09:48 -------- d-----w- c:\program files (x86)\GetMiro Toolbar
2011-05-04 09:47 . 2011-05-04 09:47 -------- d-----w- c:\users\Moshe\AppData\Roaming\Participatory Culture Foundation
2011-05-04 09:46 . 2011-05-04 09:46 -------- d-----w- c:\program files (x86)\Participatory Culture Foundation
2011-05-03 10:22 . 2011-05-03 10:22 53248 ----a-r- c:\users\Moshe\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-05-03 10:22 . 2011-05-03 10:22 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-05-03 10:22 . 2011-05-03 10:22 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-05-03 10:19 . 2009-11-11 22:17 729600 ----a-w- c:\windows\system32\cohelper.dll
2011-05-03 10:19 . 2009-11-11 16:22 9548 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-05-03 08:30 . 2011-05-03 08:30 -------- d-----w- c:\program files (x86)\AMD APP
2011-05-03 08:30 . 2011-05-03 08:30 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-04-27 23:44 . 2011-04-27 23:44 -------- d-----w- c:\users\Moshe\AppData\Roaming\.servetome-fontconfig
2011-04-27 23:43 . 2011-05-03 09:11 -------- d-----w- c:\program files (x86)\ServeToMe
2011-04-24 05:50 . 2011-05-03 09:11 -------- d-----w- c:\programdata\Media Get LLC
2011-04-24 05:36 . 2011-04-27 08:44 -------- d-----w- c:\program files\Babylon
2011-04-24 05:36 . 2011-05-18 10:49 -------- d-----w- c:\program files (x86)\Object
2011-04-24 05:36 . 2011-04-24 05:50 -------- d-----w- c:\users\Moshe\AppData\Local\MediaGet2
2011-04-23 01:47 . 2011-04-23 01:47 -------- d-----w- c:\users\Moshe\AppData\Roaming\.minecraft
2011-04-22 06:32 . 2011-05-13 16:23 -------- d-----w- c:\users\Moshe\AppData\Roaming\Dropbox
2011-04-22 03:39 . 2011-05-03 08:57 -------- d-----w- c:\program files\iPod
2011-04-22 03:39 . 2011-05-03 09:11 -------- d-----w- c:\program files\iTunes
2011-04-22 03:37 . 2011-05-03 09:11 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-12 22:33 . 2009-07-13 23:54 2851328 ----a-w- c:\windows\system32\themeui.dll
2011-05-12 22:33 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-05-12 22:33 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-05-12 22:33 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2011-05-12 22:33 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2011-04-11 09:58 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-11 09:58 . 2009-08-18 19:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-11 09:19 . 2011-04-11 09:19 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-04-10 01:55 . 2011-04-10 01:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-10 01:55 . 2011-04-10 01:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-21 13:58 . 2011-01-26 08:14 152064 ----a-w- c:\windows\SysWow64\xvid.ax
2011-03-19 15:06 . 2011-01-26 08:14 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-03-19 15:04 . 2011-01-26 08:14 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-03-16 00:40 . 2011-03-16 00:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-16 00:40 . 2011-03-16 00:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-16 00:40 . 2011-03-16 00:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-16 00:40 . 2011-03-16 00:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-16 00:40 . 2011-03-16 00:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-16 00:40 . 2011-03-16 00:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-16 00:40 . 2011-03-16 00:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-16 00:40 . 2011-03-16 00:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-16 00:40 . 2011-03-16 00:40 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-16 00:40 . 2011-03-16 00:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-16 00:40 . 2011-03-16 00:40 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-16 00:40 . 2011-03-16 00:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-16 00:40 . 2011-03-16 00:40 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-16 00:40 . 2011-03-16 00:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-16 00:40 . 2011-03-16 00:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-16 00:40 . 2011-03-16 00:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-16 00:40 . 2011-03-16 00:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-16 00:40 . 2011-03-16 00:40 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-16 00:40 . 2011-03-16 00:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-16 00:40 . 2011-03-16 00:40 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-16 00:40 . 2011-03-16 00:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-16 00:40 . 2011-03-16 00:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-16 00:40 . 2011-03-16 00:40 13086208 ----a-w- c:\windows\system32\ieframe.dll.stp
2011-03-16 00:40 . 2011-03-16 00:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-16 00:40 . 2011-03-16 00:40 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-16 00:40 . 2011-03-16 00:40 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-16 00:40 . 2011-03-16 00:40 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-16 00:40 . 2011-03-16 00:40 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-16 00:40 . 2011-03-16 00:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-16 00:40 . 2011-03-16 00:40 448512 ----a-w- c:\windows\system32\html.iec
2011-03-16 00:40 . 2011-03-16 00:40 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-16 00:40 . 2011-03-16 00:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-16 00:40 . 2011-03-16 00:40 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-16 00:40 . 2011-03-16 00:40 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-16 00:40 . 2011-03-16 00:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-16 00:40 . 2011-03-16 00:40 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-16 00:40 . 2011-03-16 00:40 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-16 00:40 . 2011-03-16 00:40 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-16 00:40 . 2011-03-16 00:40 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-16 00:40 . 2011-03-16 00:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-16 00:40 . 2011-03-16 00:40 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-16 00:40 . 2011-03-16 00:40 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-16 00:40 . 2011-03-16 00:40 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-16 00:39 . 2011-03-16 00:39 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-03-16 00:39 . 2011-03-16 00:39 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-16 00:39 . 2011-03-16 00:39 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-16 00:39 . 2011-03-16 00:39 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-03-16 00:39 . 2011-03-16 00:39 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-03-16 00:39 . 2011-03-16 00:39 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-16 00:39 . 2011-03-16 00:39 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-03-16 00:39 . 2011-03-16 00:39 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-03-16 00:39 . 2011-03-16 00:39 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-03-16 00:39 . 2011-03-16 00:39 144384 ----a-w- c:\windows\system32\cdd.dll
2011-03-16 00:39 . 2011-03-16 00:39 1133568 ----a-w- c:\windows\system32\FntCache.dll
2011-03-16 00:39 . 2011-03-16 00:39 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll.stp
2011-03-16 00:39 . 2011-03-16 00:39 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-03-16 00:39 . 2011-03-16 00:39 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-03-16 00:39 . 2011-03-16 00:39 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-03-16 00:39 . 2011-03-16 00:39 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-16 00:39 . 2011-03-16 00:39 4068864 ----a-w- c:\windows\system32\mf.dll
2011-03-16 00:39 . 2011-03-16 00:39 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-03-16 00:39 . 2011-03-16 00:39 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-16 00:39 . 2011-03-16 00:39 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-03-16 00:39 . 2011-03-16 00:39 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-03-16 00:39 . 2011-03-16 00:39 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-03-16 00:39 . 2011-03-16 00:39 206848 ----a-w- c:\windows\system32\mfps.dll
2011-03-16 00:39 . 2011-03-16 00:39 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-03-16 00:39 . 2011-03-16 00:39 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-03-16 00:39 . 2011-03-16 00:39 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-03-16 00:39 . 2011-03-16 00:39 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-03-16 00:39 . 2011-03-16 00:39 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-03-16 00:39 . 2011-03-16 00:39 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-03-16 00:39 . 2011-03-16 00:39 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2011-01-27 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\users\Moshe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Moshe\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-3 24172208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
STK02N 2.0 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2011-2-7 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2011-01-27 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]
R3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\Drivers\usbethmp.sys [x]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x64.sys [x]
R3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-30 28032]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-16 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266427099-1654195687-2890988620-1001Core.job
- c:\users\Moshe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-23 10:45]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266427099-1654195687-2890988620-1001UA.job
- c:\users\Moshe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-23 10:45]
.
2011-05-17 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Moshe.job
- c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-01-10 22:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-07-01 291872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-12 172032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 2345848]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mp3tubetoolbar.com/?tmp=toolbar_ ... cfaadceb30
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Moshe\AppData\Roaming\Mozilla\Firefox\Profiles\bmls2zrs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17710
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pi ... &Keywords=
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - user.js: keyword.enabled - 1
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-IspAssistant-Mp3Tube - c:\program files (x86)\Mp3Tube Toolbar\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Moshe\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3266427099-1654195687-2890988620-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:3a,8d,38,65,cd,ba,ed,60,49,2a,2c,96,f3,f0,a1,c9,87,5f,a5,06,ac,68,2b,
d4,b5,9a,4c,2d,fc,61,b5,6c,51,6d,e6,fd,c2,51,24,4f,cc,49,1f,7b,68,8a,77,6b,\
"??"=hex:55,49,5f,38,8c,63,1b,2b,7c,7a,62,ef,a5,dd,dd,db
.
[HKEY_USERS\S-1-5-21-3266427099-1654195687-2890988620-1001\Software\SecuROM\License information*]
"datasecu"=hex:df,ae,52,57,96,ce,23,12,b8,68,76,f9,9c,d5,e8,c9,3e,05,45,98,e5,
d2,a0,c4,f2,9c,c0,0d,e2,80,f9,68,4a,24,6e,40,2c,28,aa,cf,cc,b7,ab,03,3a,ca,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-18 03:52:44
ComboFix-quarantined-files.txt 2011-05-18 10:52
.
Pre-Run: 32,436,654,080 bytes free
Post-Run: 31,738,990,592 bytes free
.
- - End Of File - - 4B7C3B603EBA3E8AB6DF971226CDF232
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby Alander » May 19th, 2011, 6:05 am

HI, how is your computer behaving now?

Step1:
Hi, please uninstall IspAssistant-Mp3Tube and ShopperReports

Step2:

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    DDS::
    uStart Page = hxxp://mp3tubetoolbar.com/?tmp=toolbar_ ... cfaadceb30
    uURLSearchHooks: H - No File
    BHO: Cartoonly: {66d8fba6-d90f-40a9-ac55-84896f79ca69} - C:\Program Files (x86)\Object\bho_project.dll
    BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
    TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
    TB: Mp3Tube Toolbar: {46897c77-e7a6-4c33-bffb-e9c2e2718942} - "C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL"
    BHO-X64: URLRedirectionBHO -
    TB-X64: {338B4DFE-2E2C-4338-9E41-E176D497299E} -

    File::
    C:\Windows\SysWow64\slwc.exe
    C:\Users\Moshe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe

    Folder::
    C:\Program Files\Babylon
    C:\Program Files (x86)\Object
    C:\Program Files (x86)\HyperCam Toolbar


    Firefox::
    FF - ProfilePath - C:\Users\Moshe\AppData\Roaming\Mozilla\Firefox\Profiles\bmls2zrs.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17710
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pi ... &Keywords=
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=

  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Please download GMER Rootkit Scanner from Here.
  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image

  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Please come back with the combofix log and gmer log, with each log as a separate post, thanks
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 67 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware