Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malwarebytes Removed Trojan Internet Browsing Slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 25th, 2011, 9:10 am

No I was not aware it was on there. I have a teenage son who might have installed it. Is this a possible cause of the redirect?
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm
Advertisement
Register to Remove

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » August 26th, 2011, 6:06 am

Hi jbitz,

Thank you for the feedback. ;)

!Important Advisory!

    Please do not to make any further changes to the system, other than those I ask you to until the machine is declared clear of infection.

    Please also advise the other users of the computer that they should not use the machine until it has been cleared of infection, if at all possible.

    In addition, I recommend you advise your son to read the P2P Software Advisory provided below and ask him not to download and install such software in future.

    Otherwise, if your son persists such activity the only thing I can suggest is that you set up a separate account for him on the computer with Standard User privileges, so he is unable to make changes to the system and install software, and then change the admin user password in the process.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

First we need to make sure we have a back up of the Registry to return to if we need it:

  1. Select Start > Control Panel then double-click on the System icon in the Control Panel.
  2. In the left-hand pane click on the System Protection option.
  3. When the Dialog comes up, click on the System Protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
  6. You will get a message that the Restore Point was created successfully. Click on the Close button.
  7. Click on the OK button and close the System window in the Control Panel.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 4:
Advisory - P2P Software Present!

IMPORTANT There are signs of one or more P2P (Peer-to-Peer) File Sharing Programs installed on your computer.

    µTorrent
    uTorrentBar Toolbar

P2P File Sharing Programs are used as a major conduit for spreading malware infection to computer systems these days.

P2P programs open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders the computer insecure and access to the computer remains open even when the program is not in use. Consequently, the system's security is completely compromised.

So be aware that it is not just what is downloaded that causes problems, just having a P2P program installed is like leaving all the doors to your house unlocked.

I advise you take the time to read the following articles that explain the risk of installing these programs:

I strongly recommend that you uninstall the P2P software as follows:

Remove P2P Program(s)
  1. Click on Start > Control Panel and double-click on Programs and Features.
  2. Locate the following program:

      µTorrent
      uTorrentBar Toolbar

  3. Click on the Change/Remove button to uninstall it.
  4. Repeat instructions 2 and 3 for each of the programs listed.
  5. When the program(s) have been uninstalled Close the Programs and Features and Control Panel windows.

Step 3:
OTL - Script

Next we need to run an OTL Fix.

  • Double-click OTL.exe to launch the program.
    Vista - W7 users: Right-click on OTL.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code.
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    [2010/11/24 00:25:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/30 10:20:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/07/19 22:47:55 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JBITZ\APPDATA\LOCAL\{8B1DCD74-16C1-48EB-9717-A3A8C870BA1D}
    File not found (No name found) -- 
    O4 - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000..\Run: [EPSON WorkForce 500 Series] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab> (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab> (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab> (Java Plug-in 1.6.0_23)
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    
    :files
    C:\Users\Jbitz\AppData\Local\{8B1DCD74-16C1-48EB-9717-A3A8C870BA1D}
    C:\Users\Jbitz\AppData\Local\{E00B52AF-A8FC-44F0-AF87-B1803B717E21}
    C:\Users\Jbitz\AppData\Local\{7CEA5133-27BF-410C-8C27-FB4BBE4D530D}
    C:\Users\Jbitz\AppData\Local\Nmakocesof.dat
    C:\Users\Jbitz\AppData\Local\Wleqoveraxifok.bin
    C:\Users\Jbitz\AppData\Roaming\5408.F57
    
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Click on the Run Fix button at the top.
  • Then click on the OK button to run the script.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.
  • Please Copy and Paste that report into your next reply.

Step 4:
GooredFix

  • Please download GooredFix.exe by jpshortstuff and save it to your Desktop.
    Alternate Site.
  • Ensure all Firefox windows are closed.
  • Double-click GooredFix.exe to run the program.
    Vista - W7 users: Right-click on GooredFix.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  • When prompted to run the scan, click on the Yes button.
  • GooredFix will check for infections and then a log file will automatically open, named GooredFix.txt.
  • Please Copy and Paste the entire contents of the GooredFix.txt file into your next reply.

Step 5:
Re-Run DDS

Please re-run DDS. Then Copy and Paste the contents of both the DDS.txt and Attach.txt logs into your next reply.

Step 6:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. OTL log.
  3. GooredFix.txt.
  4. DDS.txt.
  5. Attach.txt.
  6. How is the computer now running?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 27th, 2011, 7:39 pm

No Problems with the instructions.
Logs attached.
System is stable.

OTL logfile created on: 8/27/2011 7:19:16 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Jbitz\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 64.10% Memory free
7.99 Gb Paging File | 6.27 Gb Available in Paging File | 78.39% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 28.49 Gb Free Space | 51.06% Space Free | Partition Type: NTFS
Drive E: | 185.55 Gb Total Space | 131.82 Gb Free Space | 71.05% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1318.63 Gb Free Space | 70.78% Space Free | Partition Type: NTFS
Drive H: | 1677.34 Gb Total Space | 757.11 Gb Free Space | 45.14% Space Free | Partition Type: NTFS

Computer Name: JBITZ-PC | User Name: Jbitz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jbitz\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\ProgramData\Everstrike\US4Service.exe ()
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Windows\DAODx.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll ()
MOD - E:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\ProgramData\Everstrike\US4Service.exe ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsusService.dll ()
MOD - C:\Windows\DAODx.exe ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AVGIDSAgent) -- E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (tgsrvc_verizondm) SupportSoft Repair Service (verizondm) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (PowerAlert Agent) -- C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe (Tripp Lite)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (US30Sys) -- C:\Windows\SysWOW64\drivers\US40fs64.sys (© Everstrike Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 A4 63 A4 ED 5A CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jbitz\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jbitz\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: E:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/12 01:11:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2011/08/11 17:59:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: E:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/24 11:29:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: E:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8B1DCD74-16C1-48EB-9717-A3A8C870BA1D}: C:\Users\Jbitz\AppData\Local\{8B1DCD74-16C1-48EB-9717-A3A8C870BA1D}\

[2011/08/11 09:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbitz\AppData\Roaming\Mozilla\Extensions
[2010/11/23 22:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbitz\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/27 13:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbitz\AppData\Roaming\Mozilla\Firefox\Profiles\zgj3icx9.default\extensions
[2011/08/27 13:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbitz\AppData\Roaming\Mozilla\Firefox\Profiles\zgj3icx9.default\extensions\trash
[2011/08/27 13:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/08/12 01:11:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- E:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [US4Service] C:\ProgramData\Everstrike\US4Service.exe ()
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [uTorrent] File not found
O4 - Startup: C:\Users\Jbitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{485c8fc0-d309-11df-ad0e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{485c8fc0-d309-11df-ad0e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\monsetup.exe
O33 - MountPoints2\{bd4f7a11-33f1-11e0-a2d6-20cf3023bbc1}\Shell - "" = AutoRun
O33 - MountPoints2\{bd4f7a11-33f1-11e0-a2d6-20cf3023bbc1}\Shell\AutoRun\command - "" = J:\setup.exe -a
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/27 13:50:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/27 13:32:14 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\uTorrentBar
[2011/08/27 13:22:46 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\Conduit
[2011/08/24 13:02:10 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Jbitz\taskmgr.exe
[2011/08/24 12:16:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Jbitz\Desktop\OTL.exe
[2011/08/23 16:47:29 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jbitz\Desktop\tdsskiller.exe
[2011/08/22 21:36:25 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/08/22 21:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/08/22 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\MigWiz
[2011/08/21 09:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2011/08/21 09:51:37 | 000,000,000 | ---D | C] -- C:\rsit
[2011/08/18 19:24:12 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\Adobe
[2011/08/16 22:03:47 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\Desktop\backups
[2011/08/13 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\Documents\DVDFab
[2011/08/13 16:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2011/08/13 12:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2011/08/13 12:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2011/08/12 18:44:11 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Jbitz\Desktop\dds.scr
[2011/08/12 01:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/08/12 01:11:30 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/08/11 22:55:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jbitz\Desktop\HijackThis.exe
[2011/08/11 22:53:25 | 000,041,272 | RH-- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/11 22:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/11 22:28:16 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Jbitz\Desktop\ATF-Cleaner.exe
[2011/08/11 21:55:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/11 21:28:35 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/08/11 21:28:35 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/08/11 10:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/11 10:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/10 21:47:01 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/10 21:47:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/10 21:47:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/10 21:47:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/10 21:47:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/10 21:47:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/10 21:47:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 21:47:01 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/10 21:47:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 21:47:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/10 21:47:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 21:47:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/10 21:47:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/10 21:47:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/10 21:47:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/10 21:06:37 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 21:06:37 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/10 21:06:37 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 20:57:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 20:57:00 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 20:57:00 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 20:57:00 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 20:57:00 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 20:57:00 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 20:57:00 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 20:57:00 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 20:57:00 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 20:57:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 20:55:20 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 20:55:20 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 20:55:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 20:55:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 20:55:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 20:55:20 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 20:55:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 20:55:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 20:55:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 20:55:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 20:55:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 20:55:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 20:55:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 20:55:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 20:55:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 20:55:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 20:55:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 20:55:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/04 21:51:03 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/04 21:24:30 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\Google
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/27 18:32:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000UA.job
[2011/08/27 14:19:50 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/27 14:19:50 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/27 14:16:52 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/27 14:16:52 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/27 14:16:52 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/27 14:12:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/27 09:58:53 | 129,977,576 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/26 21:32:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000Core.job
[2011/08/25 20:32:36 | 000,002,409 | ---- | M] () -- C:\Users\Jbitz\Desktop\Google Chrome.lnk
[2011/08/24 13:02:10 | 000,005,632 | -HS- | M] () -- C:\Users\Jbitz\wevtapi.dll
[2011/08/24 13:02:07 | 000,877,056 | ---- | M] () -- C:\Users\Jbitz\AppData\Roaming\defender.exe
[2011/08/24 13:02:07 | 000,000,786 | ---- | M] () -- C:\Users\Jbitz\Desktop\Security Protection.lnk
[2011/08/24 12:16:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jbitz\Desktop\OTL.exe
[2011/08/24 12:12:13 | 000,165,376 | ---- | M] () -- C:\Users\Jbitz\Desktop\SystemLook_x64.exe
[2011/08/24 11:31:52 | 000,000,955 | ---- | M] () -- C:\Users\Jbitz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/08/24 11:29:23 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/08/23 17:05:40 | 000,007,606 | ---- | M] () -- C:\Users\Jbitz\AppData\Local\Resmon.ResmonCfg
[2011/08/23 16:47:31 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jbitz\Desktop\tdsskiller.exe
[2011/08/23 16:44:41 | 000,139,264 | ---- | M] () -- C:\Users\Jbitz\Desktop\SystemLook.exe
[2011/08/23 16:41:25 | 000,000,188 | ---- | M] () -- C:\Users\Jbitz\defogger_reenable
[2011/08/23 16:39:56 | 000,050,477 | ---- | M] () -- C:\Users\Jbitz\Desktop\Defogger.exe
[2011/08/22 21:43:00 | 000,459,264 | ---- | M] () -- C:\Users\Jbitz\Desktop\CKScanner.exe
[2011/08/13 19:13:55 | 000,001,149 | ---- | M] () -- C:\Users\Jbitz\Desktop\VOBMerge - Shortcut.lnk
[2011/08/13 16:33:45 | 000,000,727 | ---- | M] () -- C:\Users\Jbitz\Desktop\DVDFab 8 Qt.lnk
[2011/08/13 12:13:09 | 000,000,680 | ---- | M] () -- C:\Users\Jbitz\Desktop\DVD Shrink 3.2.lnk
[2011/08/12 18:44:56 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Jbitz\Desktop\dds.scr
[2011/08/12 01:11:31 | 000,000,742 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/12 01:11:30 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/08/12 01:11:30 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/08/11 23:36:58 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/11 22:55:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jbitz\Desktop\HijackThis.exe
[2011/08/11 22:53:25 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 22:28:18 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Jbitz\Desktop\ATF-Cleaner.exe
[2011/08/11 17:59:39 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/11 10:53:43 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/11 09:47:24 | 000,010,547 | ---- | M] () -- C:\Users\Jbitz\Desktop\bookmarks-2011-08-11.json
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/24 13:02:10 | 000,005,632 | -HS- | C] () -- C:\Users\Jbitz\wevtapi.dll
[2011/08/24 13:02:07 | 000,877,056 | ---- | C] () -- C:\Users\Jbitz\AppData\Roaming\defender.exe
[2011/08/24 13:02:07 | 000,000,786 | ---- | C] () -- C:\Users\Jbitz\Desktop\Security Protection.lnk
[2011/08/24 12:12:13 | 000,165,376 | ---- | C] () -- C:\Users\Jbitz\Desktop\SystemLook_x64.exe
[2011/08/24 11:29:23 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/08/24 11:29:23 | 000,000,955 | ---- | C] () -- C:\Users\Jbitz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/08/24 11:29:23 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/08/23 16:44:41 | 000,139,264 | ---- | C] () -- C:\Users\Jbitz\Desktop\SystemLook.exe
[2011/08/23 16:41:25 | 000,000,188 | ---- | C] () -- C:\Users\Jbitz\defogger_reenable
[2011/08/23 16:39:56 | 000,050,477 | ---- | C] () -- C:\Users\Jbitz\Desktop\Defogger.exe
[2011/08/22 21:43:00 | 000,459,264 | ---- | C] () -- C:\Users\Jbitz\Desktop\CKScanner.exe
[2011/08/13 19:13:55 | 000,001,149 | ---- | C] () -- C:\Users\Jbitz\Desktop\VOBMerge - Shortcut.lnk
[2011/08/13 16:33:45 | 000,000,727 | ---- | C] () -- C:\Users\Jbitz\Desktop\DVDFab 8 Qt.lnk
[2011/08/13 12:13:09 | 000,000,680 | ---- | C] () -- C:\Users\Jbitz\Desktop\DVD Shrink 3.2.lnk
[2011/08/12 20:36:14 | 000,007,606 | ---- | C] () -- C:\Users\Jbitz\AppData\Local\Resmon.ResmonCfg
[2011/08/12 01:11:31 | 000,000,742 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/12 01:11:30 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/08/12 01:11:30 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/08/11 22:53:25 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 20:56:30 | 000,001,005 | ---- | C] () -- C:\Users\Jbitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/08/11 17:59:39 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/11 17:59:39 | 000,000,811 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/11 10:53:43 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/11 09:47:24 | 000,010,547 | ---- | C] () -- C:\Users\Jbitz\Desktop\bookmarks-2011-08-11.json
[2011/08/04 21:51:06 | 000,002,409 | ---- | C] () -- C:\Users\Jbitz\Desktop\Google Chrome.lnk
[2011/08/04 21:24:31 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000UA.job
[2011/08/04 21:24:31 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000Core.job
[2011/04/19 22:10:32 | 000,059,904 | R--- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 13:51:44 | 000,003,929 | R--- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/28 07:11:10 | 000,011,832 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/10/28 07:11:10 | 000,010,216 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/10/20 12:37:13 | 000,073,220 | R--- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/10/20 12:37:13 | 000,031,053 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/10/20 12:37:13 | 000,029,114 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/10/20 12:37:13 | 000,027,417 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/10/20 12:37:13 | 000,021,021 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/10/20 12:37:13 | 000,015,670 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/10/20 12:37:13 | 000,013,280 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/10/20 12:37:13 | 000,010,673 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/10/20 12:37:13 | 000,004,943 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/10/20 12:37:13 | 000,001,140 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/10/20 12:37:13 | 000,001,140 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/10/20 12:37:13 | 000,001,137 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/10/20 12:37:13 | 000,001,130 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/10/20 12:37:13 | 000,001,130 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/10/20 12:37:13 | 000,001,104 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/10/20 12:37:13 | 000,000,097 | R--- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/10/20 12:36:40 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF500.ini
[2010/10/08 11:50:22 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/10/08 11:50:22 | 000,013,440 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/10/08 10:38:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/08 10:29:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/08 10:29:56 | 000,032,400 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/08/03 00:21:54 | 000,197,912 | R--- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | R--- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | R--- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | RH-- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/30 02:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe

< End of report >

GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:22 on 27/08/2011 (Jbitz)
Firefox version 5.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
(none)

C:\Users\Jbitz\Application Data\Mozilla\Firefox\Profiles\zgj3icx9.default\extensions\
trash [17:25 27/08/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="E:\Program Files (x86)\AVG\AVG10\Firefox4\" [05:11 12/08/2011]

-=E.O.F=-

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by Jbitz at 19:37:58 on 2011-08-27
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2452 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
E:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
E:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
E:\PROGRA~2\AVG\AVG10\avgrsa.exe
E:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\DAODx.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\ProgramData\Everstrike\US4Service.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
C:\Windows\explorer.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Jbitz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "e:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [US4Service] C:\ProgramData\Everstrike\US4Service.exe
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [KeePass 2 PreLoad] "e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Jbitz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-explorer: TaskbarNoNotification = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0FCA6E5B-5754-4411-B60F-E252A12EE303} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun-x64: [US4Service] C:\ProgramData\Everstrike\US4Service.exe
mRun-x64: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [KeePass 2 PreLoad] "e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jbitz\AppData\Roaming\Mozilla\Firefox\Profiles\zgj3icx9.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jbitz\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-19 365568]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-10-8 96896]
R2 AVGIDSAgent;AVGIDSAgent;E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-2-1 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-2-1 185640]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 PowerAlert Agent;PowerAlert Agent;C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe [2010-5-14 1644368]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-27 17:50:01 -------- d-----w- C:\_OTL
2011-08-27 17:32:14 -------- d-----w- C:\Users\Jbitz\AppData\Local\uTorrentBar
2011-08-27 17:22:46 -------- d-----w- C:\Users\Jbitz\AppData\Local\Conduit
2011-08-24 17:02:10 5632 --sha-w- C:\Users\Jbitz\wevtapi.dll
2011-08-24 17:02:10 257024 ----a-w- C:\Users\Jbitz\taskmgr.exe
2011-08-24 17:02:07 877056 ----a-w- C:\Users\Jbitz\AppData\Roaming\defender.exe
2011-08-23 20:55:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-23 20:55:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-23 01:36:25 -------- d-----w- C:\MGADiagToolOutput
2011-08-23 00:14:47 -------- dc----w- C:\Users\Jbitz\AppData\Local\MigWiz
2011-08-21 13:51:37 -------- d-----w- C:\Program Files (x86)\trend micro
2011-08-18 23:24:12 -------- d-----w- C:\Users\Jbitz\AppData\Local\Adobe
2011-08-13 01:27:56 7935824 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-08-13 01:27:55 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{54B4192A-5700-4D5B-AC81-6F6B17D64F1F}\mpengine.dll
2011-08-12 05:11:30 -------- d--h--w- C:\Windows\SysWow64\drivers\AVG
2011-08-12 02:53:25 41272 ---ha-r- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-12 01:28:35 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-08-12 01:28:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-08-12 01:28:35 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-08-12 01:28:35 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-08-12 01:28:35 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-08-11 14:53:43 -------- d-----w- C:\Program Files\CCleaner
2011-08-11 01:06:37 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-11 01:06:37 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-11 01:06:37 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-11 00:56:50 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-11 00:49:52 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-05 01:24:30 -------- d-----w- C:\Users\Jbitz\AppData\Local\Google
.
==================== Find3M ====================
.
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 19:38:10.28 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/7/2010 11:39:26 AM
System Uptime: 8/27/2011 2:12:26 PM (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A89GTD-PRO/USB3
Processor: AMD Phenom(tm) II X4 B55 Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 28.494 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 186 GiB total, 131.824 GiB free.
F: is FIXED (NTFS) - 1863 GiB total, 1318.631 GiB free.
H: is FIXED (NTFS) - 1677 GiB total, 757.114 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP6: 8/23/2011 5:38:31 PM - Removed Verizon Download Manager
RP7: 8/23/2011 5:51:17 PM - Windows Update
RP8: 8/27/2011 1:05:48 PM - utorrent fix
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
AI Suite
AMD VISION Engine Control Center
Amnesia - The Dark Descent
Battlefield: Bad Company™ 2
Browser Configuration Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
CSOL
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dropbox
DVD Shrink 3.2
DVDFab 8.1.1.2 (08/08/2011) Qt
EPSON Scan
EPU
Google Chrome
GPU Boost Driver
HandBrake 0.9.5
Java Auto Updater
Java(TM) 6 Update 23
KeePass Password Safe 2.16
Malwarebytes' Anti-Malware version 1.51.1.1800
Mass Effect 2
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0.1 (x86 en-US)
Mozilla Thunderbird (6.0)
MSVCRT
NEC Electronics USB 3.0 Host Controller Driver
nLite 1.4.9.1
NVIDIA PhysX
PC Probe II
PowerAlert Local Software
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Samsung_MonSetup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
TurboV EVO
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Verizon Download Manager
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.5
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
8/27/2011 2:13:25 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.
8/27/2011 2:12:48 PM, Error: Service Control Manager [7034] - The PowerAlert Agent service terminated unexpectedly. It has done this 1 time(s).
8/27/2011 1:50:01 PM, Error: Service Control Manager [7034] - The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s).
8/22/2011 8:25:33 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
8/21/2011 11:35:03 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
.
==== End Of File ===========================
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » August 29th, 2011, 6:01 am

Hi jbitz,

Thank you once again for the logs and feedback.
Please stick with me as there is still work to be done. ;)

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Online Multi Anti-Virus File Scan

I need to ask you to upload a file for further inspection.

Please go to either: Jotti or Virus Total and upload - only one file per scan - the following file(s) for scanning:

    C:\Users\Jbitz\taskmgr.exe
    C:\Users\Jbitz\wevtapi.dll

Using Jotti

  1. Choose the appropriate language. Once a language is selected, you will see a message "Ready to receive files".
  2. Please copy the above full path and file name(s).
  3. Click on the Browse button and paste the copied name into the "File name:" text box. Then click on the Open button.
    The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on the Submit button.
      If you receive the message: "This file has been scanned before. The results for this previous scan are listed below."
      Please click on the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various Anti-Virus scanners. This may take a few minutes.
  6. When all the scans have been completed. Highlight the results text from the Jotti's malware scan box.
  7. Copy the selected text. Open Notepad. Paste the contents into Notepad. Save the file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Copy and Paste the entire contents of all the Jotti scan results into your next reply.

Using Virus Total

  1. Please copy the above full path and file name(s).
  2. Click on the Browse button and paste the copied name into the "File name:" text box. Then click on the Open button.
    The file name should now appear in the online scanner's text entry box.
  3. Click on the Send File button.
  4. The file will be queued, uploaded and scanned by various Anti-Virus scanners. This may take a few minutes.
      If you receive the message: "File has already been analysed."
      Please click on the Reanalyse file now button, so your file will be scanned.
  5. When the scan is completed click on the Compact icon.
  6. The results will be shown in a grid-like window. Right-click on the text, choose Select All, then Copy the entire contents.
  7. Open Notepad. Paste the result contents into the Notepad window. Save this file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Copy and Paste the entire contents of all the Virus Total scan results into your next reply.

Step 2:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. All the Jotti scan results or Virus Total scan results.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 29th, 2011, 7:23 am

I could not locate the file in the following location C:\Users\Jbitz\wevtapi.dll. I found it under system32.

File name:
wevtapi.dll
Submission date:
2011-08-29 11:06:28 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.08.28.00 2011.08.29 -
AntiVir 7.11.14.6 2011.08.29 -
Antiy-AVL 2.0.3.7 2011.08.29 -
Avast 4.8.1351.0 2011.08.29 -
Avast5 5.0.677.0 2011.08.29 -
AVG 10.0.0.1190 2011.08.29 -
BitDefender 7.2 2011.08.29 -
ByteHero 1.0.0.1 2011.08.22 -
CAT-QuickHeal 11.00 2011.08.29 -
ClamAV 0.97.0.0 2011.08.29 -
Commtouch 5.3.2.6 2011.08.29 -
Comodo 9916 2011.08.29 -
DrWeb 5.0.2.03300 2011.08.29 -
Emsisoft 5.1.0.10 2011.08.29 -
eSafe 7.0.17.0 2011.08.28 -
eTrust-Vet 36.1.8528 2011.08.29 -
F-Prot 4.6.2.117 2011.08.29 -
F-Secure 9.0.16440.0 2011.08.29 -
Fortinet 4.2.257.0 2011.08.28 -
GData 22 2011.08.29 -
Ikarus T3.1.1.107.0 2011.08.29 -
Jiangmin 13.0.900 2011.08.28 -
K7AntiVirus 9.111.5060 2011.08.26 -
Kaspersky 9.0.0.837 2011.08.29 -
McAfee 5.400.0.1158 2011.08.29 -
McAfee-GW-Edition 2010.1D 2011.08.29 -
Microsoft 1.7604 2011.08.29 -
NOD32 6419 2011.08.29 -
Norman 6.07.10 2011.08.28 -
nProtect 2011-08-29.02 2011.08.29 -
Panda 10.0.3.5 2011.08.28 -
PCTools 8.0.0.5 2011.08.29 -
Prevx 3.0 2011.08.29 -
Rising 23.72.04.03 2011.08.26 -
Sophos 4.68.0 2011.08.29 -
SUPERAntiSpyware 4.40.0.1006 2011.08.27 -
Symantec 20111.2.0.82 2011.08.29 -
TheHacker 6.7.0.1.286 2011.08.29 -
TrendMicro 9.500.0.1008 2011.08.25 -
TrendMicro-HouseCall 9.500.0.1008 2011.08.29 -
VIPRE 10305 2011.08.29 -
ViRobot 2011.8.29.4645 2011.08.29 -
VirusBuster 14.0.189.0 2011.08.28 -
Additional information
MD5 : 82c089ea2a3eefadf3588ea71e8bdada
SHA1 : 2b6ab1ace6551305c8675e8ac373caadcbb44b71
SHA256: 2f3bb32ee2c0673058a74deeb2d405e5e79f833f33c4d289a93eb3c618a86e75
ssdeep: 6144:ATZ5o+X3CqDpnQnmbBx0pTjeH1EEJafkPsGWUMvX7iGF:4C+HCqFIeH1EWWUMGG
File size : 262144 bytes
First seen: 2009-07-17 13:52:22
Last seen : 2011-08-29 11:06:28
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Eventing Consumption and Configuration API
original name: wevtapi.dll
internal name: wevtapi.dll
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1360
timedatestamp....: 0x4A5BDB2D (Tue Jul 14 01:11:09 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x39DE8, 0x39E00, 6.52, c4cca831b84a02010785c8a2b33f966b
.data, 0x3B000, 0x1B2C, 0x1C00, 4.50, ce3ea05aa20939d039f6cc648839899f
.rsrc, 0x3D000, 0x1390, 0x1400, 3.44, 86b71ebdc1674f04c5213bb6dc40bf35
.reloc, 0x3F000, 0x2CFC, 0x2E00, 6.67, bbae09cdfd3580ae574d3b97f27f6334

[[ 4 import(s) ]]
ntdll.dll: NtWriteFile, NtReadFile, RtlSetLastWin32ErrorAndNtStatusFromNtStatus, RtlSetLastWin32Error, RtlNtStatusToDosError, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, EtwRegisterTraceGuidsW, EtwUnregisterTraceGuids, EtwTraceMessage
msvcrt.dll: _except_handler4_common, _terminate@@YAXXZ, _onexit, _lock, __dllonexit, _unlock, __1type_info@@UAE@XZ, _amsg_exit, _initterm, free, malloc, _XcptFilter, _wtoi, iswspace, wcsncpy_s, _wcsnicmp, __0exception@@QAE@XZ, memset, memcpy_s, memmove_s, __0exception@@QAE@ABV0@@Z, __1exception@@UAE@XZ, _what@exception@@UBEPBDXZ, __0exception@@QAE@ABQBD@Z, memcpy, _CxxThrowException, _purecall, __CxxFrameHandler3, _wcstoi64, _wsplitpath_s, _wcsicmp, swscanf_s, wcsrchr, swprintf_s, abort, _itow, _ultow, _i64tow, _ui64tow, iswdigit, _wtol, _wtoi64, wcschr, iswalnum, iswalpha, _vsnwprintf, _wtof, _wcstoui64
API_MS_Win_Security_Base_L1_1_0.dll: IsValidSid, GetLengthSid
KERNEL32.dll: SetEndOfFile, InitializeConditionVariable, GetTempFileNameW, MoveFileW, GetDiskFreeSpaceExW, WaitForThreadpoolTimerCallbacks, CloseThreadpoolTimer, CreateThreadpoolTimer, SleepConditionVariableCS, WakeAllConditionVariable, GetTickCount64, DeleteFileW, SetThreadpoolTimer, GetFileAttributesW, CreateFileW, WriteFile, ReadFile, GetFileInformationByHandle, GetFileSizeEx, SetFilePointerEx, FlushFileBuffers, SystemTimeToFileTime, FileTimeToSystemTime, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, LeaveCriticalSection, HeapFree, HeapAlloc, InterlockedExchange, GetLocaleInfoW, GetThreadLocale, lstrcmpiW, GetThreadUILanguage, TlsAlloc, TlsFree, SetLastError, GetProcessHeap, GetLastError, ExpandEnvironmentStringsW, GetFullPathNameW, Sleep, TlsGetValue, TlsSetValue, LocalFree, FormatMessageW, CloseHandle, SubmitThreadpoolWork, UnregisterWaitEx, WaitForSingleObject, GetCurrentThreadId, SetEvent, ResetEvent, RegisterWaitForSingleObject, CreateEventW, DuplicateHandle, GetCurrentProcess, DelayLoadFailureHook, GetProcAddress, FreeLibrary, InterlockedCompareExchange, LoadLibraryExA, OutputDebugStringA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, DebugBreak, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, LocalAlloc, WideCharToMultiByte, MultiByteToWideChar, CloseThreadpoolWork, FreeLibraryWhenCallbackReturns, CreateThreadpoolCleanupGroup, CloseThreadpoolCleanupGroup, CreateThreadpoolWork, GetModuleHandleExW

[[ 46 export(s) ]]
EvtArchiveExportedLog, EvtCancel, EvtClearLog, EvtClose, EvtCreateBookmark, EvtCreateRenderContext, EvtExportLog, EvtFormatMessage, EvtGetChannelConfigProperty, EvtGetEventInfo, EvtGetEventMetadataProperty, EvtGetExtendedStatus, EvtGetLogInfo, EvtGetObjectArrayProperty, EvtGetObjectArraySize, EvtGetPublisherMetadataProperty, EvtGetQueryInfo, EvtIntAssertConfig, EvtIntCreateBinXMLFromCustomXML, EvtIntCreateLocalLogfile, EvtIntGetClassicLogDisplayName, EvtIntRenderResourceEventTemplate, EvtIntReportAuthzEventAndSourceAsync, EvtIntReportEventAndSourceAsync, EvtIntRetractConfig, EvtIntSysprepCleanup, EvtIntWriteXmlEventToLocalLogfile, EvtNext, EvtNextChannelPath, EvtNextEventMetadata, EvtNextPublisherId, EvtOpenChannelConfig, EvtOpenChannelEnum, EvtOpenEventMetadataEnum, EvtOpenLog, EvtOpenPublisherEnum, EvtOpenPublisherMetadata, EvtOpenSession, EvtQuery, EvtRender, EvtSaveChannelConfig, EvtSeek, EvtSetChannelConfigProperty, EvtSetObjectArrayProperty, EvtSubscribe, EvtUpdateBookmark
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 237056
CompanyName: Microsoft Corporation
EntryPoint: 0x1360
FileDescription: Eventing Consumption and Configuration API
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 256 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileVersionNumber: 6.1.7600.16385
ImageVersion: 6.1
InitializedDataSize: 24064
InternalName: wevtapi.dll
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.1
ObjectFileType: Dynamic link library
OriginalFilename: wevtapi.dll
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 6.1.7600.16385
ProductVersionNumber: 6.1.7600.16385
Subsystem: Windows command line
SubsystemVersion: 6.1
TimeStamp: 2009:07:14 03:11:09+02:00
UninitializedDataSize: 0

File name:
taskmgr.exe
Submission date:
2011-08-29 11:05:16 (UTC)
Current status:
finished
Result:
0/ 44 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.08.28.00 2011.08.29 -
AntiVir 7.11.14.6 2011.08.29 -
Antiy-AVL 2.0.3.7 2011.08.29 -
Avast 4.8.1351.0 2011.08.29 -
Avast5 5.0.677.0 2011.08.29 -
AVG 10.0.0.1190 2011.08.29 -
BitDefender 7.2 2011.08.29 -
ByteHero 1.0.0.1 2011.08.22 -
CAT-QuickHeal 11.00 2011.08.29 -
ClamAV 0.97.0.0 2011.08.29 -
Commtouch 5.3.2.6 2011.08.28 -
Comodo 9916 2011.08.29 -
DrWeb 5.0.2.03300 2011.08.29 -
Emsisoft 5.1.0.10 2011.08.29 -
eSafe 7.0.17.0 2011.08.28 -
eTrust-Vet 36.1.8528 2011.08.29 -
F-Prot 4.6.2.117 2011.08.29 -
F-Secure 9.0.16440.0 2011.08.29 -
Fortinet 4.2.257.0 2011.08.28 -
GData 22 2011.08.29 -
Ikarus T3.1.1.107.0 2011.08.29 -
Jiangmin 13.0.900 2011.08.28 -
K7AntiVirus 9.111.5060 2011.08.26 -
Kaspersky 9.0.0.837 2011.08.29 -
McAfee 5.400.0.1158 2011.08.29 -
McAfee-GW-Edition 2010.1D 2011.08.29 -
Microsoft 1.7604 2011.08.29 -
NOD32 6419 2011.08.29 -
Norman 6.07.10 2011.08.28 -
nProtect 2011-08-29.02 2011.08.29 -
Panda 10.0.3.5 2011.08.28 -
PCTools 8.0.0.5 2011.08.29 -
Prevx 3.0 2011.08.29 -
Rising 23.72.04.03 2011.08.26 -
Sophos 4.68.0 2011.08.29 -
SUPERAntiSpyware 4.40.0.1006 2011.08.27 -
Symantec 20111.2.0.82 2011.08.29 -
TheHacker 6.7.0.1.286 2011.08.29 -
TrendMicro 9.500.0.1008 2011.08.25 -
TrendMicro-HouseCall 9.500.0.1008 2011.08.29 -
VBA32 3.12.16.4 2011.08.29 -
VIPRE 10305 2011.08.29 -
ViRobot 2011.8.29.4645 2011.08.29 -
VirusBuster 14.0.189.0 2011.08.28 -
Additional information
MD5 : 71672bd4f035440e79dc50ea9a60166a
SHA1 : f486d830000842a2b435230d1ab24b49b6bb3ceb
SHA256: 0be126c381b0061170e340b9ac15a7d1c6c9a19d3fa385269f9b6c901ee5bc6b
ssdeep: 3072:V0lCYHbuq0/DB6KvN7xm8z69ekGsytvDcXe6N5lNJcgFx9kqJFvFkv6cgl/JevbT:V0lCY
7u59K8+ek1y1D3cHJhpncVTeM
File size : 257024 bytes
First seen: 2009-09-27 10:22:20
Last seen : 2011-08-29 11:05:16
TrID:
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Task Manager
original name: taskmgr.exe
internal name: taskmgr
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x22B7C
timedatestamp....: 0x4A5BC3EE (Mon Jul 13 23:31:58 2009)
machinetype......: 0x8664 (AMD64)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x260BA, 0x26200, 6.63, b9100780d2fee9d2cc6e422cb14b9ca9
.data, 0x28000, 0x3DB0, 0xA00, 2.01, 11551d72ce73ded705e10d92ec77ce1b
.pdata, 0x2C000, 0xD2C, 0xE00, 5.14, 13c18198ad8cecda4f74e2e21371a5b5
.rsrc, 0x2D000, 0x165C8, 0x16600, 5.17, abc0314e5792bde1aeac3b41730d78a9
.reloc, 0x44000, 0x438, 0x600, 2.02, 5bfdc68f61ea3417241dc9bffef99eca

[[ 15 import(s) ]]
ADVAPI32.dll: RegCreateKeyExW, RegSetValueExW, RegCloseKey, RegOpenKeyExW, RegQueryValueExW, EventWrite, ImpersonateLoggedOnUser, OpenProcessToken, DuplicateTokenEx, AdjustTokenPrivileges, EventRegister, EventUnregister, RevertToSelf, GetTokenInformation, CreateWellKnownSid, IsValidSid, SetTokenInformation, EnumServicesStatusExW, OpenServiceW, QueryServiceConfigW, CloseServiceHandle, OpenSCManagerW, StartServiceW, ControlService, OpenThreadWaitChainSession, GetThreadWaitChain, CloseThreadWaitChainSession
KERNEL32.dll: CallbackMayRunLong, OpenProcess, TrySubmitThreadpoolCallback, IsWow64Process, GetPriorityClass, GetTimeFormatW, GetExitCodeThread, GetTempPathW, CreateFileW, DuplicateHandle, GetModuleFileNameW, LocalFree, GetLogicalProcessorInformationEx, GetNumaHighestNodeNumber, SetEvent, CreateToolhelp32Snapshot, Thread32First, OpenThread, Thread32Next, Sleep, lstrcmpW, GetComputerNameW, GetCommandLineW, LoadLibraryExA, DelayLoadFailureHook, ReadProcessMemory, lstrcmpiW, CompareStringW, lstrlenW, GetLocaleInfoW, GetNumberFormatW, GetTickCount, HeapSize, MulDiv, HeapReAlloc, FormatMessageW, CloseThreadpoolCleanupGroup, SetProcessShutdownParameters, CreateEventW, CreateThreadpoolCleanupGroup, GetErrorMode, SetErrorMode, GetCurrentProcessId, ProcessIdToSessionId, SetPriorityClass, DeviceIoControl, SetLastError, LockResource, LoadResource, FindResourceExW, HeapSetInformation, CreateMutexW, FreeLibrary, GetProcAddress, LoadLibraryW, GetVersionExW, WaitForSingleObject, CreateProcessW, ExpandEnvironmentStringsW, CreateThread, CloseHandle, ReleaseMutex, CloseThreadpoolCleanupGroupMembers, GetCurrentDirectoryW, GetCurrentProcess, TerminateProcess, GetCurrentThreadId, HeapFree, GetProcessHeap, HeapAlloc, GetLastError, QueryFullProcessImageNameW, UnhandledExceptionFilter, GetSystemTimeAsFileTime, QueryPerformanceCounter, GetModuleHandleW, SetUnhandledExceptionFilter, GetStartupInfoW
GDI32.dll: SetBkMode, GetCurrentObject, GetObjectW, CreateFontIndirectW, GetCharWidth32W, CreateCompatibleBitmap, SetBkColor, DeleteDC, CreateCompatibleDC, SetTextColor, GetDeviceCaps, Rectangle, BitBlt, LineTo, MoveToEx, SelectObject, DeleteObject, GetStockObject, CreatePen
USER32.dll: SendMessageTimeoutW, SetProcessDPIAware, RegisterWindowMessageW, MessageBoxW, CreateDialogParamW, ChangeWindowMessageFilterEx, GetMessageW, TranslateAcceleratorW, IsDialogMessageW, TranslateMessage, DispatchMessageW, LoadMenuW, RemoveMenu, DestroyMenu, CreateWindowExW, DrawTextW, InvalidateRect, UpdateWindow, GetWindowLongPtrW, GetSysColor, GetDlgCtrlID, EnableMenuItem, AppendMenuW, DialogBoxParamW, SetScrollInfo, GetScrollInfo, SetScrollPos, EndDialog, GetSystemMetrics, GetGuiResources, EnableWindow, TrackPopupMenuEx, GetWindowTextW, SetDlgItemTextW, IsHungAppWindow, SetThreadDesktop, IsWindowVisible, EndTask, AllowSetForegroundWindow, EnumDesktopsW, GetProcessWindowStation, OpenDesktopW, EnumDesktopWindows, CloseDesktop, GetWindow, InternalGetWindowText, ShowWindowAsync, SetMenuDefaultItem, GetLastActivePopup, IsWindow, SwitchToThisWindow, TileWindows, GetDesktopWindow, CascadeWindows, PeekMessageW, GetCursorPos, CheckDlgButton, IsDlgButtonChecked, GetWindowTextLengthW, SetCursor, LoadCursorW, SetRect, MsgWaitForMultipleObjects, FindWindowW, SetFocus, GetNextDlgTabItem, GetClassNameW, GetFocus, GetParent, GetMonitorInfoW, MonitorFromPoint, LoadAcceleratorsW, PostQuitMessage, MessageBeep, RedrawWindow, MoveWindow, GetClassLongPtrW, GetWindowThreadProcessId, DefWindowProcW, GetMenuItemID, GetSubMenu, IsZoomed, IsIconic, SetForegroundWindow, OpenIcon, KillTimer, DestroyWindow, PostMessageW, LoadImageW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, ShowWindow, GetShellWindow, SetWindowLongPtrW, GetMenuItemInfoW, SetTimer, LoadIconW, GetThreadDesktop, GetDialogBaseUnits, GetWindowRect, PostThreadMessageW, GetForegroundWindow, SendMessageW, MapWindowPoints, GetDlgItem, SetMenu, SetWindowPos, DeleteMenu, CheckMenuItem, CheckMenuRadioItem, GetMenu, SetWindowTextW, LoadStringW, RegisterClassW, GetClassInfoW, ReleaseDC, GetDC, SystemParametersInfoW, GetKeyState, CallWindowProcW, GetSysColorBrush, FillRect, GetClientRect, GhostWindowFromHungWindow, HungWindowFromGhostWindow, SetWindowLongW, GetWindowLongW, DestroyIcon
msvcrt.dll: _terminate@@YAXXZ, __set_app_type, _fmode, _commode, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _cexit, _XcptFilter, __C_specific_handler, __wgetmainargs, _wtol, __3@YAXPEAX@Z, swscanf_s, memmove, _ui64tow_s, wcsstr, _i64tow_s, _wcsicmp, wcsrchr, _vsnwprintf, _wcsdup, __2@YAPEAX_K@Z, memset, _exit, memcpy, free, towlower
IPHLPAPI.DLL: GetIfEntry2, NhGetInterfaceNameFromDeviceGuid, GetAdaptersAddresses
COMCTL32.dll: CreateStatusWindowW, -, -, -, -, -, -, -, -, ImageList_Remove, ImageList_ReplaceIcon, -, ImageList_SetIconSize, ImageList_Create
pcwum.dll: PcwCollectData, PcwAddQueryItem, PcwCreateQuery
SHLWAPI.dll: StrFormatByteSizeW, -, PathAddExtensionW, PathRemoveExtensionW, PathAppendW, StrStrW, -, -, -, -
SHELL32.dll: -, ShellAboutW, ShellExecuteExW, -, -, SHParseDisplayName, SHOpenFolderAndSelectItems, CommandLineToArgvW, -, DuplicateIcon, Shell_NotifyIconW
ntdll.dll: RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, RtlTryEnterCriticalSection, NtSetInformationFile, NtSetInformationProcess, NtOpenProcessToken, NtOpenThreadToken, NtOpenFile, RtlTimeToElapsedTimeFields, RtlLeaveCriticalSection, RtlEnterCriticalSection, NtQueryInformationProcess, NtQueryTimerResolution, RtlInitUnicodeString, RtlNtStatusToDosError, RtlDeleteCriticalSection, RtlInitializeCriticalSection, NtQuerySystemInformation, WinSqmAddToStream, NtQueryInformationToken, NtClose
Secur32.dll: GetUserNameExW
UxTheme.dll: IsThemeActive, SetWindowTheme
wevtapi.dll: EvtSubscribe, EvtClose
credui.dll: CredUIPromptForCredentialsW
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 156160
CompanyName: Microsoft Corporation
EntryPoint: 0x22b7c
FileDescription: Windows Task Manager
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 251 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileVersionNumber: 6.1.7600.16385
ImageVersion: 6.1
InitializedDataSize: 112640
InternalName: taskmgr
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: AMD AMD64
OSVersion: 6.1
ObjectFileType: Executable application
OriginalFilename: taskmgr.exe
PEType: PE32+
ProductName: Microsoft Windows Operating System
ProductVersion: 6.1.7600.16385
ProductVersionNumber: 6.1.7600.16385
Subsystem: Windows GUI
SubsystemVersion: 6.1
TimeStamp: 2009:07:14 01:31:58+02:00
UninitializedDataSize: 0

VT Community
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » August 29th, 2011, 3:33 pm

Hi jbitz,

Thank you for the feedback. Apologies also for the inconvenience regarding the file not found. :(

Please Note: For future reference, if you are unable to complete a step or cannot find a file or folder, please STOP and let me know.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Show Hidden Files & Folders

Please Enable the Show Hidden Files and Folders option, as follows:

  1. Close all open program windows so that you are returned to your Desktop.
  2. Click on Image > Computer.
  3. From the Organise menu select Folder and search options.
  4. Click on the View tab.
  5. Under the Hidden files and folders heading select the Show hidden files, folders and drives option.
  6. Uncheck the Hide extensions for known file types. option.
  7. Uncheck the Hide protected operating system files (Recommended) option.
  8. Click on the Apply button to confirm the settings.
  9. Then click on the OK button to close the window.

Your system is now configured to show all hidden files, folders and drives.

Step 2:
SystemLook

  1. Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
    Alternate download site.
  2. Double-click on SystemLook_x64.exe to run the program.
    Vista - W7 users: Right-click on SystemLook_x64.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. Copy and Paste the text in the code box below into SystemLook's main text entry window:
    Code: Select all
    :filefind
    taskmgr.exe
    wevtapi.dll
    
  4. Click on the Look button to start the scan.
    When SystemLook_x64 has completed its task a Notepad window will open showing the results of the scan.
    A log file will be created on your Desktop named SystemLook.txt.
  5. Please post the contents of the SystemLook.txt file in your next reply.

Step 3:
Online Multi Anti-Virus File Scan

I need to ask you to upload a file for further inspection.

Please go to either: Jotti or Virus Total and upload - only one file per scan - the following file(s) for scanning:

    C:\Users\Jbitz\wevtapi.dll

Using Jotti

  1. Choose the appropriate language. Once a language is selected, you will see a message "Ready to receive files".
  2. Please copy the above full path and file name(s).
  3. Click on the Browse button and paste the copied name into the "File name:" text box. Then click on the Open button.
    The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on the Submit button.
      If you receive the message: "This file has been scanned before. The results for this previous scan are listed below."
      Please click on the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various Anti-Virus scanners. This may take a few minutes.
  6. When all the scans have been completed. Highlight the results text from the Jotti's malware scan box.
  7. Copy the selected text. Open Notepad. Paste the contents into Notepad. Save the file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Copy and Paste the entire contents of all the Jotti scan results into your next reply.

Using Virus Total

  1. Please copy the above full path and file name(s).
  2. Click on the Browse button and paste the copied name into the "File name:" text box. Then click on the Open button.
    The file name should now appear in the online scanner's text entry box.
  3. Click on the Send File button.
  4. The file will be queued, uploaded and scanned by various Anti-Virus scanners. This may take a few minutes.
      If you receive the message: "File has already been analysed."
      Please click on the Reanalyse file now button, so your file will be scanned.
  5. When the scan is completed click on the Compact icon.
  6. The results will be shown in a grid-like window. Right-click on the text, choose Select All, then Copy the entire contents.
  7. Open Notepad. Paste the result contents into the Notepad window. Save this file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Copy and Paste the entire contents of all the Virus Total scan results into your next reply.

Step 4:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. SystemLook.txt.
  3. All the Jotti scan results or Virus Total scan results.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 29th, 2011, 10:21 pm

I can view it, but I get the message when trying to upload "You do not have permission to open this file. Please contact the file owner or an administrator for permission."

SystemLook 30.07.11 by jpshortstuff
Log created at 22:06 on 29/08/2011 by Jbitz
Administrator - Elevation successful

========== filefind ==========

Searching for "taskmgr.exe"
C:\Users\Jbitz\taskmgr.exe --a---- 257024 bytes [17:02 24/08/2011] [01:39 14/07/2009] 71672BD4F035440E79DC50EA9A60166A
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_7288349cbfd37b08\taskmgr.exe --a---- 257024 bytes [09:55 06/07/2011] [13:25 20/11/2010] 09F7401D56F2393C6CA534FF0241A590
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_16699919077609d2\taskmgr.exe --a---- 227328 bytes [09:55 06/07/2011] [12:17 20/11/2010] 545BF7EAA24A9E062857D0742EC0B28A
C:\Windows\System32\taskmgr.exe --a---- 257024 bytes [23:31 13/07/2009] [01:39 14/07/2009] 71672BD4F035440E79DC50EA9A60166A
C:\Windows\SysWOW64\taskmgr.exe --a---- 227328 bytes [23:20 13/07/2009] [01:14 14/07/2009] C1A857A7BC0BBF57B6115CA7AC4E2F6B
C:\Windows\winsxs\amd64_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7600.16385_none_705720d4c2e4f76e\taskmgr.exe --a---- 257024 bytes [23:31 13/07/2009] [01:39 14/07/2009] 71672BD4F035440E79DC50EA9A60166A
C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7600.16385_none_143885510a878638\taskmgr.exe --a---- 227328 bytes [23:20 13/07/2009] [01:14 14/07/2009] C1A857A7BC0BBF57B6115CA7AC4E2F6B

Searching for "wevtapi.dll"
C:\Users\Jbitz\wevtapi.dll --ahs-- 5632 bytes [17:02 24/08/2011] [17:02 24/08/2011] (Unable to calculate MD5)
C:\Windows\System32\wevtapi.dll --a---- 428032 bytes [23:46 13/07/2009] [01:41 14/07/2009] 3C073B0C596A0AF84933E7406766B040
C:\Windows\SysWOW64\wevtapi.dll --a---- 262144 bytes [23:30 13/07/2009] [01:16 14/07/2009] 82C089EA2A3EEFADF3588EA71E8BDADA
C:\Windows\winsxs\amd64_microsoft-windows-eventlog-api_31bf3856ad364e35_6.1.7600.16385_none_0825f3c37efb390e\wevtapi.dll --a---- 428032 bytes [23:46 13/07/2009] [01:41 14/07/2009] 3C073B0C596A0AF84933E7406766B040
C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.1.7600.16385_none_ac07583fc69dc7d8\wevtapi.dll --a---- 262144 bytes [23:30 13/07/2009] [01:16 14/07/2009] 82C089EA2A3EEFADF3588EA71E8BDADA

-= EOF =-
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » August 30th, 2011, 8:31 am

Hi jbitz,

Thank you for the feedback. Let's try running an online AV scan to see what is revealed, if anything.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Update Adobe Reader

It is strongly recommended that you update to the current version of Adobe Reader X - 10.1.
Older versions of Adobe Reader are known to have vunerabilities that can be exploited by malware to infect your system.

  1. Downloaded the latest available version from here.
  2. Before proceeding any further uninstall all previous versions of Adobe Reader.
  3. Then run the newly downloaded Adobe Reader installer.
    Please Note: Remember to Uncheck the Google Chrome installation option if you do not want or need it.

Step 2:
Java Runtime Environment Update Needed!

Your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older versions of Java components and update:

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD UPDATED VERSION:
  1. Get the latest version of Java Runtime Environment (JRE) © Oracle Corporation.
  2. Look for Java SE 7.
  3. Click on the JRE Download button to the right.
  4. Then check the Accept License Agreement option.
  5. Locate the entry for Windows x64, click on the file name and save the file to your Desktop.
<STOP> Do not install the new version of Java yet. We need to do some cleanup first!

REMOVE OLD JAVA VERSIONS:
  1. Close any programs you may have running - especially your web browser.
  2. Click on Start > Control Panel > Programs.
      Depending on your current view setting, then:
    • Double-click on Programs and Features.
    • Under Programs, click on Uninstall a program and remove all older versions of Java as follows:
  3. Scroll down to locate the following program(s):

      Java(TM) 6 Update 23

  4. Select the program and click on Uninstall to uninstall it.
  5. When finished Close the Control Panel window.

Delete Old Java Folder
  1. Click on Start > Computer.
  2. Then navigate to and find the following folder: if found, delete it.
    It is possible it may have been removed by the uninstall steps.
    C:\Program Files\Java\ <==== delete this entire folder
  3. When finished, Close and Exit Explorer.

INSTALL UPDATED VERSION:
  1. Close all open applications (standard), especially your browser.
  2. From the Desktop double-click on jre-7-windows-x64.exe to install the latest version.
  3. Follow the on-screen instructions. When the installation has completed successfully, Reboot your computer normally.
  4. Once the computer has been restarted, you can delete the downloaded installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time:
  1. Click on Start > Control Panel > Programs and then click on the JAVA icon.
  2. Click on the Update tab and UNCHECK the Check for Updates Automatically option. (You can check for updates manually.)
      Reply Never Check to the warning prompt.
  3. Now click on the Advanced tab and then click on the [+] to expand the Miscellaneous options.
  4. UNCHECK the Java Quick Starter option.
  5. Click on the Apply button and then the OK button to save the changes.
  6. Then Close the Java Control Panel and Close and Exit Control Panel.
If you choose to update via the Java applet in Control Panel, uncheck the option to install the Google Toolbar unless you want it.

Step 3:
TFC

  1. Please download TFC.exe by Old Timer. Save it to your Desktop.
    Print these instructions. Save any unsaved work. TFC will close ALL open programs including your browser!
  2. Double-click on TFC.exe to run it.
    Vista - W7 users: Right-click on TFC.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. TFC will now begin cleaning up the "temp" files.
    Note: This process may take only a few seconds or it could take several minutes, depending on the amount of temp files found.
  4. If prompted to reboot, click on the Yes button to confirm.

! IMPORTANT ! If TFC prompts you to reboot, please do so immediately, before proceeding with any other steps or other use of your computer.

Step 4:
ESET NOD32 Online Scan

Please Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted. Then double-click on it to install.

Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET (All Rights Reserved) to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Click on the ESET Online Scanner button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click Start.
    A window will open. It may appear nothing is happening, but please be patient.
  3. Click Yes to the run ActiveX prompt.
  4. Click Install at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  5. Click on the Start button.
    Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are. If not set, please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  6. Click on the Start button.
    ESET scanner will begin to download the virus signatures database. When the signatures have been downloaded, the scan will start automatically.
  7. Wait for the scan to finish. It may take a while but, again, please be patient. When the scan is finished:
  8. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
  9. Copy and Paste the entire contents of log.txt into your next reply.

Remember to re-enable your Anti-virus protection before continuing!

Step 5:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. log.txt.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » August 31st, 2011, 5:35 pm

Hi jbitz,

It has been more than 48 hours since my last post.

  1. Do you still need help?
  2. Do you need more time?
  3. Are you having problems following my instructions?
  4. In line with Malware Removal's latest policy, topics will be closed after 3 days without a response.
  5. If you do not reply within the next 24 hours, this topic will be closed.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 31st, 2011, 10:39 pm

No problems. Here is the log.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » September 1st, 2011, 5:05 am

Hi jbitz,

Thank you again for the feedback and log. Let's now clean up the remaining items. ;)

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

First we need to make sure we have a back up of the Registry to return to if we need it:

  1. Select Start > Control Panel then double-click on the System icon in the Control Panel.
  2. In the left-hand pane click on the System Protection option.
  3. When the Dialog comes up, click on the System Protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
  6. You will get a message that the Restore Point was created successfully. Click on the Close button.
  7. Click on the OK button and close the System window in the Control Panel.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2:
Disable WinPatrol

Right-click on the WinPatrol icon in the system tray and select Exit Program.
Note: The program will be automatically restarted after the next reboot.

Step 3:
OTL - Script

Next we need to run an OTL Fix.

  1. Double-click OTL.exe to launch the program.
    Vista - W7 users: Right-click on OTL.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  2. Copy and Paste the following code into the Image textbox. Do not include the word Code.
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE - HKCU\..\URLSearchHook: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - Reg Error: Key error. File not found
    O4 - HKCU..\Run: [uTorrent] File not found
    
    :files
    C:\Users\Jbitz\AppData\Local\uTorrentBar
    C:\Users\Jbitz\AppData\Local\Conduit
    C:\Users\Jbitz\AppData\Roaming\defender.exe
    C:\Users\Jbitz\Desktop\Security Protection.lnk
    
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [REBOOT]
    
  3. Click on the Run Fix button at the top.
  4. Then click on the OK button to run the script.
  5. OTL may ask to reboot the machine. Please do so if asked.
  6. The report should appear in Notepad after the reboot.
    Note: If the log fails to automatically appear, it can be found in the following location:
      C:\_OTL\MovedFiles\DD/DD/DD TT/TT.txt <-- denotes date/time log created.
  7. Please Copy and Paste that log report into your next reply.

Step 4:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. OTL Log - DD/DD/DD TT/TT.txt.
  3. How is the computer now running?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » September 1st, 2011, 8:27 am

Every thing seems to be running better.
Is it expected with Win 7 and the other programs I have installed to have a usage of 37% of the 4Gb of physical memory at idle?

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b54561db-0bbb-41b4-a814-df8301fe0a8e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b54561db-0bbb-41b4-a814-df8301fe0a8e}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
========== FILES ==========
C:\Users\Jbitz\AppData\Local\uTorrentBar\Logs folder moved successfully.
C:\Users\Jbitz\AppData\Local\uTorrentBar folder moved successfully.
C:\Users\Jbitz\AppData\Local\Conduit folder moved successfully.
C:\Users\Jbitz\AppData\Roaming\defender.exe moved successfully.
C:\Users\Jbitz\Desktop\Security Protection.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jbitz
->Temp folder emptied: 738 bytes
->Temporary Internet Files folder emptied: 6609954 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22379399 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 28.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.27.0 log created on 09012011_081124

Files\Folders moved on Reboot...
C:\Users\Jbitz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » September 1st, 2011, 1:10 pm

Hi jbitz,

Thank you again for for the log file. Your feedback is very positive. :thumbright:

Regarding the processor usage at idle, I understand that such processor usage at idle is not outside the norm for the Windows 7 operating system. As this forum deals with Malware Removal only, if this is an issue you wish to pursue I can point you to some forums that specifically deal with hardware issues once your system has been declared clean. Please me know.

Nearly there. ;)
I would just like you to run another RSIT scan to check everything has been dealt with.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Re-Run RSIT

Please re-run the RSIT tool and Copy and Paste the entire contents of both the resulting log.txt and info.txt files into your next reply.
Note: These logs can be lengthy, so post 1 log per reply please.

Step 2:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. log.txt.
  3. info.txt.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » September 1st, 2011, 6:08 pm

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jbitz at 2011-09-01 18:06:58
Microsoft Windows 7 Ultimate
System drive C: has 29 GB (51%) free of 57 GB
Total RAM: 4094 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:07:00 PM, on 9/1/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Windows\DAODx.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\ProgramData\Everstrike\US4Service.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Jbitz\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Jbitz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [US4Service] C:\ProgramData\Everstrike\US4Service.exe
O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jbitz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PowerAlert Agent - Tripp Lite - C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9888 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Jbitz\AppData\Roaming\Mozilla\Firefox\Profiles\zgj3icx9.default

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=E:\Program Files (x86)\AVG\AVG10\Firefox4\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

E:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

E:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

E:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

C:\Users\Jbitz\AppData\Roaming\Mozilla\Firefox\Profiles\zgj3icx9.default\extensions\
trash

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - E:\Program Files (x86)\AVG\AVG10\avgssie.dll [2011-08-05 2274144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"=C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [2010-10-01 329096]
"VERIZONDM"=C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe [2011-02-01 206120]
"US4Service"=C:\ProgramData\Everstrike\US4Service.exe [2010-03-24 39552]
"TurboV EVO"=C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe [2010-04-22 9919104]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-19 336384]
"Six Engine"=C:\Program Files (x86)\ASUS\EPU\EPU.exe [2010-03-16 5309056]
"QFan Help"=C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe [2010-03-25 888960]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-01-22 106496]
"KeePass 2 PreLoad"=e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2011-07-12 1764352]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-10-26 375000]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Jbitz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 136176]

C:\Users\Jbitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"TaskbarNoNotification"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-31 22:06:05 ----D---- C:\Program Files (x86)\ESET
2011-08-31 21:31:34 ----D---- C:\Program Files (x86)\Common Files\Adobe
2011-08-27 13:50:01 ----D---- C:\_OTL
2011-08-23 16:55:04 ----A---- C:\Windows\SysWOW64\tzres.dll
2011-08-23 16:49:11 ----A---- C:\TDSSKiller.2.5.17.0_23.08.2011_16.49.11_log.txt
2011-08-22 21:36:25 ----D---- C:\MGADiagToolOutput
2011-08-22 21:35:22 ----D---- C:\ProgramData\Office Genuine Advantage
2011-08-21 09:51:37 ----D---- C:\rsit
2011-08-21 09:51:37 ----D---- C:\Program Files (x86)\trend micro
2011-08-13 12:13:10 ----D---- C:\ProgramData\DVD Shrink
2011-08-12 01:11:30 ----HD---- C:\Windows\SysWOW64\drivers\AVG
2011-08-11 22:53:25 ----RAH---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2011-08-11 21:55:10 ----SHD---- C:\Config.Msi
2011-08-11 21:28:35 ----A---- C:\Windows\SysWOW64\DWrite.dll
2011-08-11 21:28:35 ----A---- C:\Windows\SysWOW64\d2d1.dll
2011-08-11 18:26:11 ----A---- C:\Windows\ntbtlog.txt
2011-08-10 21:47:02 ----A---- C:\Windows\SysWOW64\mshtml.dll
2011-08-10 21:47:02 ----A---- C:\Windows\SysWOW64\iertutil.dll
2011-08-10 21:47:02 ----A---- C:\Windows\SysWOW64\ieframe.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\wininet.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\urlmon.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\url.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\mstime.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\ieui.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\iepeers.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2011-08-10 21:06:37 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2011-08-10 21:06:37 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2011-08-10 20:57:01 ----A---- C:\Windows\SysWOW64\xmllite.dll
2011-08-10 20:57:00 ----A---- C:\Windows\SysWOW64\odbctrac.dll
2011-08-10 20:57:00 ----A---- C:\Windows\SysWOW64\odbcjt32.dll
2011-08-10 20:57:00 ----A---- C:\Windows\SysWOW64\odbccu32.dll
2011-08-10 20:57:00 ----A---- C:\Windows\SysWOW64\odbccr32.dll
2011-08-10 20:57:00 ----A---- C:\Windows\SysWOW64\odbccp32.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\wow32.dll
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\user.exe
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\setup16.exe
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\kernel32.dll
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\instnm.exe

======List of files/folders modified in the last 1 month======

2011-09-01 17:50:42 ----D---- C:\Windows\Temp
2011-09-01 08:32:44 ----D---- C:\Users\Jbitz\AppData\Roaming\KeePass
2011-09-01 08:16:52 ----D---- C:\Windows\System32
2011-09-01 08:16:52 ----D---- C:\Windows\inf
2011-09-01 08:13:30 ----D---- C:\Users\Jbitz\AppData\Roaming\Dropbox
2011-09-01 08:12:40 ----D---- C:\Windows\SysWOW64
2011-09-01 08:12:39 ----RD---- C:\Program Files (x86)
2011-09-01 08:11:35 ----SHD---- C:\System Volume Information
2011-08-31 22:11:01 ----D---- C:\Windows
2011-08-31 22:06:06 ----D---- C:\Windows\Downloaded Program Files
2011-08-31 21:52:04 ----SHD---- C:\Windows\Installer
2011-08-31 21:51:08 ----RD---- C:\Program Files
2011-08-31 21:37:54 ----D---- C:\Program Files (x86)\Common Files
2011-08-31 21:31:37 ----D---- C:\ProgramData\Adobe
2011-08-31 21:31:34 ----D---- C:\Program Files (x86)\Adobe
2011-08-27 21:09:39 ----D---- C:\Windows\Prefetch
2011-08-27 13:25:02 ----D---- C:\Users\Jbitz\AppData\Roaming\uTorrent
2011-08-24 05:15:39 ----D---- C:\Windows\rescache
2011-08-23 17:51:25 ----D---- C:\Windows\winsxs
2011-08-23 17:51:24 ----D---- C:\Windows\SysWOW64\en-US
2011-08-23 16:41:25 ----HD---- C:\Windows\SysWOW64\drivers
2011-08-23 09:02:30 ----SD---- C:\Users\Jbitz\AppData\Roaming\Microsoft
2011-08-22 21:35:22 ----HD---- C:\ProgramData
2011-08-22 20:19:31 ----RD---- C:\Users
2011-08-22 20:15:59 ----D---- C:\Windows\Registration
2011-08-15 20:28:00 ----D---- C:\Users\Jbitz\AppData\Roaming\DAEMON Tools Lite
2011-08-13 18:52:18 ----D---- C:\Users\Jbitz\AppData\Roaming\dvdcss
2011-08-13 10:11:20 ----D---- C:\Windows\Logs
2011-08-12 06:38:50 ----D---- C:\ProgramData\MFAData
2011-08-12 01:11:45 ----D---- C:\ProgramData\AVG10
2011-08-11 22:08:48 ----SHD---- C:\$Recycle.Bin
2011-08-11 22:00:59 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2011-08-11 22:00:58 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-08-11 20:56:30 ----D---- C:\Windows\pss
2011-08-11 17:59:43 ----D---- C:\Users\Jbitz\AppData\Roaming\Mozilla
2011-08-11 17:59:07 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-11 10:59:26 ----D---- C:\Users\Jbitz\AppData\Roaming\Media Player Classic
2011-08-11 10:55:36 ----D---- C:\Windows\Minidump
2011-08-11 10:55:36 ----D---- C:\Windows\debug
2011-08-11 09:58:50 ----D---- C:\Windows\Microsoft.NET
2011-08-11 09:58:49 ----RSD---- C:\Windows\assembly
2011-08-11 07:39:29 ----D---- C:\Windows\SysWOW64\migration
2011-08-11 07:39:29 ----D---- C:\Windows\AppPatch
2011-08-11 07:39:29 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-10 22:09:27 ----D---- C:\ProgramData\Microsoft Help
2011-08-04 21:27:43 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys []
R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys []
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 US30Sys;US30Sys; C:\Windows\SysWOW64\drivers\US40fs64.sys [2010-09-10 108160]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-04-22 13440]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys []
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys []
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys []
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys []
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys []
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-19 365568]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
R2 AVGIDSAgent;AVGIDSAgent; E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
R2 avgwd;AVG WatchDog; E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm); C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-02-01 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm); C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-02-01 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 PowerAlert Agent;PowerAlert Agent; C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe [2010-05-14 1644368]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » September 2nd, 2011, 5:14 am

Hi jbitz,

Congratulations! You will be very pleased to hear that the latest logs show that your system now appears to be free from malware infection. :D

Below are the instructions to tidy up and remove the tools we have used in the clean-up process, as well as some advice on best practice to help keep your system clear of infection in future. ;)

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Housekeeping

    It's time for some housekeeping. Please follow the instructions below to remove the tools we have used to clean up your computer.

    Disable Show Hidden Files & Folders

    Please Disable the Show Hidden Files and Folders option, as follows:

    1. Close all open program windows so that you are returned to your Desktop.
    2. Click on Image > Computer.
    3. From the Organise menu select Folder and search options.
    4. Click on the View tab.
    5. Under the Hidden files and folders heading select the Show hidden files, folders and drives option.
    6. Check the Hide extensions for known file types. option.
    7. Check the Hide protected operating system files (Recommended) option.
    8. Click on the Apply button to confirm the settings.
    9. Then click on the OK button to close the window.

    Your system has now been reverted to the default hidden files and folders setting.

    DeFogger

    We need to re-enable the active CD Emulation drivers we disabled earlier so the tools we have used would be allowed to run unimpeded[/b].
    You should still have this program on your Desktop. So just ignore the download instructions, these are provided for your convenience.

    1. Please download DeFogger by jpshortstuff and save it to your Desktop.
    2. Double click on DeFogger.exe to run the tool.
      Vista - W7 users: Right-click on DeFogger.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
    3. When the application window appears click on the Re-enable button to re-enable your CD Emulation drivers.
    4. Click on the Yes button to continue.
    5. When the Finished! message appears click on the OK button.
    6. Then click on the OK button when DeFogger asks to reboot the machine.

    Your Emulation drivers should now be enabled.

    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your Desktop.

    OTL - Cleanup

    • Double-click OTL.exe to start the program. This will remove most, if not all, of the tools we used to clean your PC.
    • Close all other programs apart from OTL as this step will require a reboot.
    • On the OTL main screen, press the CleanUp! button.
    • Click on the Yes button at the prompt and then allow the program to reboot your computer.

    Remove Tools Used

    You can now safely delete the tools used in cleaning up the infection. Please remove the following tools from your system along with any related .zip files.

      GooredFix.exe
      MGADiag.exe
      SystemLook_x64.exe
      WVCheck.exe

    Please Note: These tools are updated on a regular basis and so, if required in future, should be downloaded afresh under supervision.

Step 2:
Security Vulnerabilities

    Windows 7 Not Up-To-Date

    Your Windows 7 Operating System is not up-to-date. You need to install Windows 7 Service Pack 1 and all subsequent critical system and security updates to bring your system fully up-to-date. Because of the security and reliability fixes you should install this update. Keeping your Windows Operating System up-to-date with the latest security and critical fixes is the first line of defense against malware infections!!

    You can learn how to install Windows 7 Service Pack 1 Here.

    Internet Explorer Not Up-To-Date

    The installed version of Internet Explorer - version 8 - is not the latest available version for your Operating System. It is advisable to install Internet Explorer 9.

    You can find out more information about Internet Explorer 9 and download the installer from Here.

Step 3:
Improve Your Computer's Security

    MalwareBytes' AntiMalware
    It is worth keeping MalwareBytes' AntiMalware on your system. Updating the program and running a scan once every couple of weeks will help you to keep malware free.

    WinPatrol
    It is worth keeping WinPatrol on your system. Updating the program and checking every month for any program updates will help you protect your system.
    Information about how WinPatrol works, is available here.
    (The free version of WinPatrol provides limited real-time protection.)

    Additional (free) programs, that can help improve security.
    Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
    Here are a few you may like to look into, if you wish. :)

    SiteAdvisor
    SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
    You can find more information and download it from here .

    MVPS Hosts
    For added protection you may also like to add a hosts file. A simple explanation of what a Hosts file does is provided here.
    Install MVPS Hosts File from here.
    The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    You can read the Tutorial here.

Step 4:
Further Guidelines


Please confirm that you have read this post.
Once your reply has been received, unless there are other malware questions or concerns, this topic will be closed as resolved.


Keep Safe! :cheers:
Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware