Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malwarebytes Removed Trojan Internet Browsing Slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 12th, 2011, 7:32 pm

August 5th Malwarebytes found "Trojan Agent" while browsing with firefox.
I ran a scan and 15 files were "Quarantined and deleted successfully"
Next time I opened browser it stated "firefox proxy server refusing connections"
I clicked on automatic.
speakeasy speedtest ran 50kb/sec
Modem is registering 3300kb/sec
Tried setting it to No Proxy, reset modem, release and renewed IP. Cleared the Cache, History, Temp Files, and a few other things.
No Change, browser speed is still the same.

I have the following Logs also:
Malwarebytes
Hijackthis

Thanks for any help.

DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by Jbitz at 18:45:10 on 2011-08-12
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2092 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\ProgramData\Everstrike\US4Service.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
E:\Program Files (x86)\AVG\AVG10\avgchsva.exe
E:\Program Files (x86)\AVG\AVG10\avgrsa.exe
E:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
E:\Program Files (x86)\AVG\AVG10\avgnsa.exe
E:\Program Files (x86)\AVG\AVG10\avgtray.exe
E:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyServer = http=127.0.0.1:65131
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Jbitz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_SF99B.tmp" /EF "HKCU"
uRun: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRunOnce: [spchecker] "E:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [US4Service] C:\ProgramData\Everstrike\US4Service.exe
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [KeePass 2 PreLoad] "e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] E:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Jbitz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-explorer: TaskbarNoNotification = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0FCA6E5B-5754-4411-B60F-E252A12EE303} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun-x64: [US4Service] C:\ProgramData\Everstrike\US4Service.exe
mRun-x64: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [KeePass 2 PreLoad] "e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] E:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRunOnce-x64: [Malwarebytes' Anti-Malware] E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jbitz\AppData\Roaming\Mozilla\Firefox\Profiles\zgj3icx9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jbitz\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-19 365568]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-10-8 96896]
R2 AVGIDSAgent;AVGIDSAgent;E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-2-1 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-2-1 185640]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 PowerAlert Agent;PowerAlert Agent;C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe [2010-5-14 1644368]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-12 05:11:30 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-08-12 02:53:25 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-12 01:28:35 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-08-12 01:28:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-08-12 01:28:35 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-08-12 01:28:35 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-08-12 01:28:35 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-08-11 14:53:43 -------- d-----w- C:\Program Files\CCleaner
2011-08-11 01:06:37 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-11 01:06:37 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-11 01:06:37 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-11 00:56:50 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-11 00:49:52 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-05 01:24:30 -------- d-----w- C:\Users\Jbitz\AppData\Local\Google
2011-07-20 02:47:57 0 ----a-w- C:\Users\Jbitz\AppData\Local\Wleqoveraxifok.bin
2011-07-20 02:47:55 -------- d-----w- C:\Users\Jbitz\AppData\Local\{8B1DCD74-16C1-48EB-9717-A3A8C870BA1D}
2011-07-18 03:27:59 -------- d-----w- C:\Users\Jbitz\AppData\Local\{E00B52AF-A8FC-44F0-AF87-B1803B717E21}
2011-07-18 03:27:59 -------- d-----w- C:\Users\Jbitz\AppData\Local\{7CEA5133-27BF-410C-8C27-FB4BBE4D530D}
.
==================== Find3M ====================
.
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
.
============= FINISH: 18:45:22.49 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/7/2010 11:39:26 AM
System Uptime: 8/11/2011 10:02:05 PM (20 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A89GTD-PRO/USB3
Processor: AMD Phenom(tm) II X4 B55 Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 30.07 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 186 GiB total, 133.803 GiB free.
F: is FIXED (NTFS) - 1863 GiB total, 1332.646 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 1677 GiB total, 812.567 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
AI Suite
AMD VISION Engine Control Center
Amnesia - The Dark Descent
Battlefield: Bad Company™ 2
Browser Configuration Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Conduit Engine
CSOL
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dropbox
EPSON Scan
EPU
Google Chrome
GPU Boost Driver
HandBrake 0.9.5
Java Auto Updater
Java(TM) 6 Update 23
KeePass Password Safe 2.16
Malwarebytes' Anti-Malware version 1.51.1.1800
Mass Effect 2
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0.1 (x86 en-US)
Mozilla Thunderbird (3.1.11)
Mozilla Thunderbird (3.1.6)
MSVCRT
NEC Electronics USB 3.0 Host Controller Driver
nLite 1.4.9.1
NVIDIA PhysX
PC Probe II
PowerAlert Local Software
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Samsung_MonSetup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
TurboV EVO
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Verizon Download Manager
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.5
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
8/6/2011 10:07:51 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
8/6/2011 10:07:48 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/6/2011 10:07:48 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.
8/6/2011 10:07:48 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
8/6/2011 10:07:48 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.
8/11/2011 9:56:37 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
8/11/2011 8:54:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO Avgldx64 Avgmfx64 discache spldr sptd Wanarpv6
8/11/2011 8:54:14 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/11/2011 10:03:03 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.
8/11/2011 10:02:23 PM, Error: Service Control Manager [7034] - The PowerAlert Agent service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm
Advertisement
Register to Remove

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » August 15th, 2011, 4:32 am

Hi jbitz,

Firstly, welcome to the Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.

I am currently working under the guidance of the MRU teachers, everything I post to you, will need to be reviewed by them.
This additional review process can add some extra time to my responses, but hopefully not too much.
;)

Please note the following important guidelines before proceeding:
  1. The instructions that will be provided are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
    !
  2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
  3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
    Absence of symptoms does not necessarily mean that everything is clear.
  5. DO NOT run any other fix or removal tools unless instructed to do so!
  6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Please Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

W7 Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 16th, 2011, 6:49 am

Thank you for having a look at my problem. My system has been backed up.
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » August 17th, 2011, 8:46 am

Hi jbitz,

Thank you for the confirmation that you have completed your backup. :thumbright:

Please bear with us. I am waiting for a Teacher to check over my next set of instructions.
As you will no doubt appreciate, the Teachers are very busy.

Thank you again for your patience. :)

Scolabar
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » August 20th, 2011, 3:18 pm

Hi jbitz,

Thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Business Use Computer?

Entries in the log you have provided lead me to believe that this computer may be being used for business purposes.
Please confirm whether or not this is the case. If not, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.

Step 2:
Proxy Server Setting - Query

Are you aware of or did you set the following proxy server setting?

    127.0.0.1:65131

Please let me know in your next post.

Step 3:
Installed Program - Query

Can you clarify what the following installed program is and what it is used for?

    CSOL

Please let me know in your next post.

Step 4:
MalwareBytes' AntiMalware Log

I would like to see the contents of the last MalwareBytes' AntiMaware log.
You should be able to retrieve the log from the following location:
    C:\Documents and Settings\Account Name\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Please Copy and Paste the entire contents of mbam-log-date (time).txt into your next reply.

Step 5:
RSIT (Random's System Information Tool)

  1. Please download RSIT by random/random and save it to your Desktop.
  2. Double-click on RSIT.exe to run the program. Read the disclaimer and then click on the Continue button.
    Vista - W7 users: Right-click on RSIT.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
    If you receive an Open File Security Warning click on the Run button.
  3. RSIT will start running.
  4. When the program has finished two logs files will automatically open in Notepad:
    • log.txt <-- Will be opened, maximized.
    • info.txt <-- Will be minimized on task bar.
  5. Please Copy and Paste the entire contents of both log.txt and info.txt files into your next reply.
    Note: These logs can be lengthy, so post 1 log per reply please.

Step 6:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. Is this computer used for business purposes? If not, please clarify for what purposes the computer is used.
  3. Please confirm whether or not you are aware of or set the Proxy Server setting: 127.0.0.1:65131.
  4. Please clarify what the CSOL installed program is and what it is used for.
  5. mbam-log-date (time).txt.
  6. log.txt.
  7. info.txt.
  8. Do you have the original Windows installation media for your PC?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 21st, 2011, 9:50 am

Did you have any problems carrying out the instructions? No
Is this computer used for business purposes? No
Please confirm whether or not you are aware of or set the Proxy Server setting: 127.0.0.1:65131. No
Please clarify what the CSOL installed program is and what it is used for. It is a Passive Solar Calculator Program included with a book a read.
mbam-log-date (time).txt.
log.txt.
info.txt.
Do you have the original Windows installation media for your PC? Yes

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7390

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/5/2011 9:43:29 PM
mbam-log-2011-08-05 (21-43-29).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 384749
Time elapsed: 15 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Jbitz\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\LU2MD8UK\windows-update-sp3-kb69102-setup[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\D5BA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup1056476224.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup126191800.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup1735826380.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup2254885976.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup3088279412.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup3534320960.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup3568915136.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup3586975016.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup460333868.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup476412532.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup5601268.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup746060156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jbitz\AppData\Local\Temp\setup77307004.exe (Trojan.Agent) -> Quarantined and deleted successfully.
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 21st, 2011, 9:59 am

info.txt logfile of random's system information tool 1.09 2011-08-21 09:52:10

======Uninstall list======

-->"E:\Program Files (x86)\Universal Shield\Uninstall.exe" "E:\Program Files (x86)\Universal Shield\install.log" -u
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_Plugin.exe -maintain plugin
Adobe Reader 9.4.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
AI Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x9
Amnesia - The Dark Descent -->"E:\Program Files (x86)\Amnesia - The Dark Descent\unins000.exe"
Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
Browser Configuration Utility-->MsiExec.exe /X{D793423B-FF18-4A54-B9C9-75B3396BAAC4}
Catalyst Control Center - Branding-->MsiExec.exe /I{19A492A0-888F-44A0-9B21-D91700763F62}
Conduit Engine-->C:\PROGRA~2\CONDUI~1\ConduitEngineUninstall.exe
CSOL-->E:\Program Files (x86)\CSOL\uninstall.exe
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{06C723B9-ADF5-42BC-B949-D14D6C6628B9}" "1033" "0"
DVD Shrink 3.2-->"E:\Program Files (x86)\DVD Shrink\unins000.exe"
DVDFab 8.1.1.2 (08/08/2011) Qt-->"e:\Program Files (x86)\DVDFab 8 Qt\unins000.exe"
EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
EPU-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}\setup.exe" -l0x9
GPU Boost Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B8887E02-C910-4498-A7C0-186ABFDCD110}\setup.exe" -l0x9
HandBrake 0.9.5-->E:\Program Files\Handbrake\uninst.exe
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
KeePass Password Safe 2.16-->"e:\Program Files (x86)\KeePass Password Safe 2\unins000.exe"
Malwarebytes' Anti-Malware version 1.51.1.1800-->"E:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mass Effect 2-->"C:\Program Files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe"
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mozilla Firefox 5.0.1 (x86 en-US)-->E:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.1.6)-->E:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
NEC Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}\setup.exe" -runfromtemp -l0x0409 -removeonly
NEC Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /I{D7BF9739-8A68-4335-BBEE-37752AD9E86B}
nLite 1.4.9.1-->"H:\Program Files (x86)\nLite\unins000.exe"
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
PC Probe II-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PowerAlert Local Software-->MsiExec.exe /I{88E7FC62-7948-4262-93E2-1D0B1E992C84}
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Samsung_MonSetup-->C:\Program Files (x86)\InstallShield Installation Information\{8EA79DBF-D637-448A-89D6-410A087A4493}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft Excel 2010 (KB2523021)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{AA9E4C48-857D-4558-A4F4-343CA7680277}" "1033" "0"
Security Update for Microsoft InfoPath 2010 (KB2510065)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{3C6C6854-EB6B-455C-B0A6-9871F0538028}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2289078)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{1D1A4F08-2F17-475B-BA72-476CE5992FEE}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2289161)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{F134C2C6-30B3-4169-A325-58482B4CE6FC}" "1033" "0"
Security Update for Microsoft PowerPoint 2010 (KB2519975)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{45D7C5CD-B967-44AF-9DAB-E5C8545558AD}" "1033" "0"
Security Update for Microsoft Publisher 2010 (KB2409055)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{C3C277D5-36E3-4B1A-926A-175B2BC019CF}" "1033" "0"
Security Update for Microsoft Word 2010 (KB2345000)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}" "1033" "0"
TurboV EVO-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{491D92A9-69CA-4EB4-81D3-0106F9337957}\setup.exe" -l0x9
Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1033" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{556146F7-74AE-4E0A-B64F-5B8B93469F61}" "1033" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{B5516874-E926-4BFD-B412-D0E70112F244}" "1033" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{D6CE7280-6EE3-419A-8F47-DB111C040B1B}" "1033" "0"
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1033" "0"
Update for Microsoft Office 2010 (KB2523113)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}" "1033" "0"
Update for Microsoft Office 2010 (KB2523113)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2493983)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{309EEC22-83CE-4109-B019-BA9392FAA322}" "1033" "0"
Update for Microsoft Outlook Social Connector (KB2441641)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{10B78785-65AE-4FDB-B598-73A8EC8598B0}" "1033" "0"
Update for Microsoft Outlook Social Connector (KB2441641)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{91140000-0011-0000-0000-0000000FF1CE}" "{A10DC2B7-6FDA-4C17-9DF0-6A834CAC4306}" "1033" "0"
Verizon Download Manager-->MsiExec.exe /I{D547A594-AA85-4B92-80EB-47B371B98C68}
Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}
VLC media player 1.1.5-->e:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows 7 Upgrade Advisor-->MsiExec.exe /I{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
WinPatrol-->C:\PROGRA~2\BILLPS~1\WINPAT~1\Setup.exe /remove /q0

======System event log======

Computer Name: Jbitz-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk4\DR4.
Record Number: 331634
Source Name: Disk
Time Written: 20110724013635.338049-000
Event Type: Error
User:

Computer Name: Jbitz-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk4\DR4.
Record Number: 331633
Source Name: Disk
Time Written: 20110724013634.823248-000
Event Type: Error
User:

Computer Name: Jbitz-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk4\DR4.
Record Number: 331623
Source Name: Disk
Time Written: 20110724013631.516042-000
Event Type: Error
User:

Computer Name: Jbitz-PC
Event Code: 7023
Message: The Superfetch service terminated with the following error:
The system cannot find the file specified.
Record Number: 331615
Source Name: Service Control Manager
Time Written: 20110724013511.789699-000
Event Type: Error
User:

Computer Name: Jbitz-PC
Event Code: 7034
Message: The PowerAlert Agent service terminated unexpectedly. It has done this 1 time(s).
Record Number: 331560
Source Name: Service Control Manager
Time Written: 20110724013432.624035-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Jbitz-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2428319956-2832503307-2180716793-1000:
Process 672 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2428319956-2832503307-2180716793-1000

Record Number: 223
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101007160610.520430-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Jbitz-PC
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F061
Partial Pkey=VXTMG
ACID=ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Detailed Error[?]

Record Number: 185
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20101008183727.000000-000
Event Type: Error
User:

Computer Name: Jbitz-PC
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F061
Partial Pkey=VXTMG
ACID=ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Detailed Error[?]

Record Number: 180
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20101008183512.000000-000
Event Type: Error
User:

Computer Name: Jbitz-PC
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F061
Partial Pkey=VXTMG
ACID=ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Detailed Error[?]

Record Number: 117
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20101008183313.000000-000
Event Type: Error
User:

Computer Name: Jbitz-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 95
Source Name: Microsoft-Windows-Search
Time Written: 20101008183305.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101008182435.054442-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101008182435.054442-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x3236e
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101008182435.038842-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101008182434.914042-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101008182434.914042-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=3
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0403
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\

-----------------EOF-----------------
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 21st, 2011, 10:00 am

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jbitz at 2011-08-21 09:51:37
Microsoft Windows 7 Ultimate
System drive C: has 29 GB (51%) free of 57 GB
Total RAM: 4094 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:52:09 AM, on 8/21/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Windows\DAODx.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\ProgramData\Everstrike\US4Service.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Jbitz\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Jbitz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [US4Service] C:\ProgramData\Everstrike\US4Service.exe
O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jbitz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_SF99B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PowerAlert Agent - Tripp Lite - C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10230 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Jbitz\AppData\Roaming\Mozilla\Firefox\Profiles\zgj3icx9.default

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=E:\Program Files (x86)\AVG\AVG10\Firefox4\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

E:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

E:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

E:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - E:\Program Files (x86)\AVG\AVG10\avgssie.dll [2011-08-05 2274144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"=C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [2010-10-01 329096]
"VERIZONDM"=C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe [2011-02-01 206120]
"US4Service"=C:\ProgramData\Everstrike\US4Service.exe [2010-03-24 39552]
"TurboV EVO"=C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe [2010-04-22 9919104]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-19 336384]
"Six Engine"=C:\Program Files (x86)\ASUS\EPU\EPU.exe [2010-03-16 5309056]
"QFan Help"=C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe [2010-03-25 888960]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-01-22 106496]
"KeePass 2 PreLoad"=e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2011-07-12 1764352]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-10-26 375000]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Jbitz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 136176]
"EPSON WorkForce 500 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE [2008-02-21 221696]
"DAEMON Tools Lite"=E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

C:\Users\Jbitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"TaskbarNoNotification"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-21 09:51:37 ----D---- C:\rsit
2011-08-21 09:51:37 ----D---- C:\Program Files (x86)\trend micro
2011-08-13 12:13:10 ----D---- C:\ProgramData\DVD Shrink
2011-08-12 01:11:30 ----D---- C:\Windows\SysWOW64\drivers\AVG
2011-08-11 22:53:25 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2011-08-11 21:55:10 ----SHD---- C:\Config.Msi
2011-08-11 21:28:35 ----A---- C:\Windows\SysWOW64\DWrite.dll
2011-08-11 21:28:35 ----A---- C:\Windows\SysWOW64\d2d1.dll
2011-08-11 18:26:11 ----A---- C:\Windows\ntbtlog.txt
2011-08-10 21:47:02 ----A---- C:\Windows\SysWOW64\mshtml.dll
2011-08-10 21:47:02 ----A---- C:\Windows\SysWOW64\iertutil.dll
2011-08-10 21:47:02 ----A---- C:\Windows\SysWOW64\ieframe.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\wininet.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\urlmon.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\url.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\mstime.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\ieui.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\iepeers.dll
2011-08-10 21:47:01 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2011-08-10 21:06:37 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2011-08-10 21:06:37 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2011-08-10 20:57:01 ----A---- C:\Windows\SysWOW64\xmllite.dll
2011-08-10 20:57:00 ----A---- C:\Windows\SysWOW64\odbctrac.dll
2011-08-10 20:57:00 ----A---- C:\Windows\SysWOW64\odbcjt32.dll
2011-08-10 20:57:00 ----A---- C:\Windows\SysWOW64\odbccu32.dll
2011-08-10 20:57:00 ----A---- C:\Windows\SysWOW64\odbccr32.dll
2011-08-10 20:57:00 ----A---- C:\Windows\SysWOW64\odbccp32.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 20:55:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\wow32.dll
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\user.exe
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\setup16.exe
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\kernel32.dll
2011-08-10 20:55:20 ----A---- C:\Windows\SysWOW64\instnm.exe

======List of files/folders modified in the last 1 month======

2011-08-21 09:51:37 ----RD---- C:\Program Files (x86)
2011-08-21 09:47:34 ----D---- C:\Windows\Temp
2011-08-21 08:46:31 ----D---- C:\Windows\System32
2011-08-21 08:46:31 ----D---- C:\Windows\inf
2011-08-21 08:45:18 ----D---- C:\Users\Jbitz\AppData\Roaming\Dropbox
2011-08-21 08:42:24 ----D---- C:\Windows\SysWOW64
2011-08-20 23:02:41 ----D---- C:\Users\Jbitz\AppData\Roaming\KeePass
2011-08-20 12:36:39 ----SHD---- C:\System Volume Information
2011-08-17 06:41:13 ----D---- C:\Windows\Prefetch
2011-08-15 20:28:00 ----D---- C:\Users\Jbitz\AppData\Roaming\DAEMON Tools Lite
2011-08-13 18:52:18 ----D---- C:\Users\Jbitz\AppData\Roaming\dvdcss
2011-08-13 12:13:10 ----HD---- C:\ProgramData
2011-08-13 10:11:20 ----D---- C:\Windows\Logs
2011-08-12 06:38:50 ----D---- C:\ProgramData\MFAData
2011-08-12 01:12:37 ----SHD---- C:\Windows\Installer
2011-08-12 01:11:45 ----D---- C:\ProgramData\AVG10
2011-08-12 01:11:30 ----D---- C:\Windows\SysWOW64\drivers
2011-08-11 22:08:48 ----SHD---- C:\$Recycle.Bin
2011-08-11 22:08:47 ----RD---- C:\Users
2011-08-11 22:02:16 ----D---- C:\Windows
2011-08-11 22:00:59 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2011-08-11 22:00:58 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-08-11 21:56:26 ----D---- C:\Windows\winsxs
2011-08-11 20:56:30 ----D---- C:\Windows\pss
2011-08-11 17:59:43 ----D---- C:\Users\Jbitz\AppData\Roaming\Mozilla
2011-08-11 17:59:07 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-11 10:59:26 ----D---- C:\Users\Jbitz\AppData\Roaming\Media Player Classic
2011-08-11 10:55:36 ----D---- C:\Windows\Minidump
2011-08-11 10:55:36 ----D---- C:\Windows\debug
2011-08-11 10:53:43 ----RD---- C:\Program Files
2011-08-11 09:58:50 ----D---- C:\Windows\Microsoft.NET
2011-08-11 09:58:49 ----RSD---- C:\Windows\assembly
2011-08-11 07:39:29 ----D---- C:\Windows\SysWOW64\migration
2011-08-11 07:39:29 ----D---- C:\Windows\AppPatch
2011-08-11 07:39:29 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-10 22:09:27 ----D---- C:\ProgramData\Microsoft Help
2011-08-04 21:27:43 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys []
R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys []
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R0 US30Sys;US30Sys; C:\Windows\SysWOW64\drivers\US40fs64.sys [2010-09-10 108160]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-04-22 13440]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys []
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys []
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys []
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys []
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys []
S3 aig1hy4v;aig1hy4v; C:\Windows\SysWOW64\drivers\aig1hy4v.sys []
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-19 365568]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
R2 AVGIDSAgent;AVGIDSAgent; E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
R2 avgwd;AVG WatchDog; E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm); C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-02-01 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm); C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-02-01 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 PowerAlert Agent;PowerAlert Agent; C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe [2010-05-14 1644368]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » August 22nd, 2011, 6:52 am

Hi jbitz,

Thank you for the logs and feedback. :)

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Computer Use Clarification

Please clarify for what purposes this computer is used in your next post.

Step 2:
Online Multi Anti-Virus File Scan

I need to ask you to upload a file for further inspection.

Please go to either: Jotti or Virus Total and upload - only one file per scan - the following file(s) for scanning:

    C:\Windows\SysWOW64\drivers\aig1hy4v.sys

Using Jotti

  1. Choose the appropriate language. Once a language is selected, you will see a message "Ready to receive files".
  2. Please copy the above full path and file name(s).
  3. Click on the Browse button and paste the copied name into the "File name:" text box. Then click on the Open button.
    The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on the Submit button.
      If you receive the message: "This file has been scanned before. The results for this previous scan are listed below."
      Please click on the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various Anti-Virus scanners. This may take a few minutes.
  6. When all the scans have been completed. Highlight the results text from the Jotti's malware scan box.
  7. Copy the selected text. Open Notepad. Paste the contents into Notepad. Save the file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Copy and Paste the entire contents of all the Jotti scan results into your next reply.

Using Virus Total

  1. Please copy the above full path and file name(s).
  2. Click on the Browse button and paste the copied name into the "File name:" text box. Then click on the Open button.
    The file name should now appear in the online scanner's text entry box.
  3. Click on the Send File button.
  4. The file will be queued, uploaded and scanned by various Anti-Virus scanners. This may take a few minutes.
      If you receive the message: "File has already been analysed."
      Please click on the Reanalyse file now button, so your file will be scanned.
  5. When the scan is completed click on the Compact icon.
  6. The results will be shown in a grid-like window. Right-click on the text, choose Select All, then Copy the entire contents.
  7. Open Notepad. Paste the result contents into the Notepad window. Save this file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Copy and Paste the entire contents of all the Virus Total scan results into your next reply.

Step 3:
MGA Diagnostics

  1. Please download this tool from Microsoft and Save it to your Desktop.
  2. Double-click on the MGADiag.exe icon to launch the program.
    Vista - W7 users: Right-click on MGADiag.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
    If you receive an Open File Security Warning click on the Run button.
  3. Click on the Continue button to proceed.
  4. The program will now run. It will take a short while to complete its diagnosis, please be patient.
  5. When it has finished click on the Copy button.
  6. Open Notepad by clicking Start > Run, type in Notepad then click OK.
  7. Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
  8. Click on the OK button to exit the MGA Diagnostics program.
  9. Then Copy and Paste the entire contents of mgadiag.txt into your next reply.

Step 4:
WVCheck

  1. Please download WVCheck and Save it to your Desktop.
  2. Double click WVCheck.exe, to run the process.
    Vista - W7 users: Right-click on WVCheck.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. Read the comments on the screen and then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is finished, a scan report named WVCheck_hhmm_dd-mm-yyyy.txt will automatically saved to your Desktop and opened in Notepad.
  5. Please Copy and Paste the entire contents of WVCheck_hhmm_dd-mm-yyyy.txt into your next reply.

Step 5:
CKScanner

  1. Please download CKScanner and Save it to your Desktop.
    Make sure that CKScanner.exe is on your Desktop before running the application!
  2. Double-click on the CKScanner.exe icon to launch the program and then click on the Search For Files button.
    Vista - W7 users: Right-click on CKScanner.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
    A text file will be created on your desktop named ckfiles.txt.
  4. Click on the Exit button to close the program.
  5. Double-click on the ckfiles.txt file to open it.
  6. Then Copy and Paste the entire contents of the file into your next reply.

Step 6:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. Please clarify for what purposes the computer is used.
  3. Jotti scan results or Virus Total scan results.
  4. mgadiag.txt.
  5. WVCheck_hhmm_dd-mm-yyyy.txt.
  6. ckfiles.txt.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 22nd, 2011, 9:50 pm

Did you have any problems carrying out the instructions?
File does not exist. Not able to scan.
C:\Windows\SysWOW64\drivers\aig1hy4v.sys

Please clarify for what purposes the computer is used.
Home theater, Internet browsing, Gaming.

Jotti scan results or Virus Total scan results.
N/A

mgadiag.txt.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-W6YVT-8VK4H-VXTMG
Windows Product Key Hash: l/ZusM8Lr0NYL+CFMD6x9EVw4Rc=
Windows Product ID: 00426-437-4278232-85722
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {F8FC5581-2A7A-4CF5-8E77-84FCFB697A67}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7600.win7_gdr.110622-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: E:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F8FC5581-2A7A-4CF5-8E77-84FCFB697A67}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VXTMG</PKey><PID>00426-437-4278232-85722</PID><PIDType>5</PIDType><SID>S-1-5-21-2428319956-2832503307-2180716793</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1456 </Version><SMBIOSVersion major="2" minor="6"/><Date>20100504000000.000000+000</Date></BIOS><HWID>5FBB3607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-437-427823-01-1033-7600.0000-2812010
Installation ID: 007081390631164565171276918283495630354051578696606811
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: VXTMG
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 8/22/2011 9:35:24 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:26:2011 01:18
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OgAAAAIABgABAAEAAQACAAAAAQABAAEA6GH0ay7216Ek5rwgHIhU8hAztvJIjkreje9iPd79RFworA==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 050410 APIC1420
FACP 050410 FACP1420
SRAT AMD FAM_F_10
HPET 050410 OEMHPET
MCFG 050410 OEMMCFG
OEMB 050410 OEMB1420
SSDT A M I POWERNOW



WVCheck_hhmm_dd-mm-yyyy.txt.
Windows Validation Check
Version: 1.9.12.5
Log Created On: 2141_22-08-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-08-22 23:28:09
Last Success Time for Update Download: 2011-08-12 01:52:31
Last Success Time for Update Installation: 2011-08-12 01:55:14


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 6/7/2011 5:55:10
Modification; 20/11/2010 8:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 6/7/2011 5:55:9
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 5/7/2011 10:1:8
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 5/7/2011 10:1:8
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 13/7/2009 19:52:11
Modification; 13/7/2009 21:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_5b856235bcd79403\slwga.dll
Size: 15360 bytes
Creation; 5/7/2011 10:1:8
Modification; 21/12/2010 1:15:31
MD5; b7213e92b270761b88b313b62ba0e13b
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_5be2bf06d6168a3a\slwga.dll
Size: 15360 bytes
Creation; 5/7/2011 10:1:8
Modification; 21/12/2010 1:9:5
MD5; 86b7d4d7a87ecb9e6bded44c52c8d5d9
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 19:36:22
Modification; 13/7/2009 21:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 5/7/2011 10:1:8
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 5/7/2011 10:1:8
Modification; 21/12/2010 0:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - e8b0ffc209e504cb7e79fc24e6c085f0


-------- End of File, program close at 2142_22-08-2011 --------

ckfiles.txt.

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.GHLBGR
----- EOF -----
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » August 23rd, 2011, 12:26 pm

Hi jbitz,

Thank you for the logs and your feedback. :)

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

First we need to make sure we have a back up of the Registry to return to if we need it:

  1. Select Start > Control Panel then double-click on the System icon in the Control Panel.
  2. In the left-hand pane click on the System Protection option.
  3. When the Dialog comes up, click on the System Protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
  6. You will get a message that the Restore Point was created successfully. Click on the Close button.
  7. Click on the OK button and close the System window in the Control Panel.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2:
DeFogger

We need to disable the active CD Emulation drivers as they will almost certainly interfere with the cleanup process.

  1. Please download DeFogger by jpshortstuff and save it to your Desktop.
  2. Double click on DeFogger.exe to run the tool.
    Vista - W7 users: Right-click on DeFogger.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. When the application window appears click on the Disable button to disable your CD Emulation drivers.
  4. Click on the Yes button to continue.
  5. When the Finished! message appears click on the OK button.
  6. Then click on the OK button when DeFogger asks to reboot the machine.

Please do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your Desktop.

Step 3:
SystemLook

  1. Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
    Alternate download site.
  2. Double-click on SystemLook.exe to run the program.
    Vista - W7 users: Right-click on SystemLook.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. Copy and Paste the text in the code box below into SystemLook's main text entry window:
    Code: Select all
    :filefind
    aig1hy4v.*
    *hy4v.*
    aig1*.*
  4. Click on the Look button to start the scan.
    When SystemLook has completed its task a Notepad window will open showing the results of the scan.
    A log file will be created on your Desktop named SystemLook.txt.
  5. Please post the contents of the SystemLook.txt file in your next reply.

Step 4:
Uninstall Program

Please remove the rogue program Conduit Engine using the instructions below:

  1. Select Start > Control Panel > Programs > Programs and Features.
  2. Under the Programs heading, click on Uninstall a program.
  3. Scroll down the list of installed programs and locate the following program:

      Conduit Engine

  4. Right-click on Uninstall to uninstall it.
  5. When finished Close the Control Panel window.
  6. Restart the computer to complete removal of the program.

Step 5:
TDSSKiller - Scan

  1. Please download TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  2. Double-click on TDSSKiller.exe to launch it.
    Vista - W7 users: Right-click on TDSSKiller.exe and select "Run As Administrator..." to launch the program. If you receive a UAC prompt, please allow it.
    If TDSSKiller does not run rename the program file. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  3. Click the Start Scan button. Do not use the computer during the scan!
  4. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip.
  5. Now click on Report to open the log file created by TDSSKiller.
  6. The log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt is created and saved to the root directory. (Usually C: drive).
  7. Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.

PLEASE DO NOT TRY TO FIX ANYTHING AT THIS STAGE.

Step 6:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. SystemLook.txt.
  3. TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.
  4. How is the computer now running?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 23rd, 2011, 5:01 pm

Did you have any problems carrying out the instructions? No
SystemLook.txt. attached
TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt. attached
How is the computer now running? System is better. I'm getting 2.9 Mbps which is good. Browser redirect problem disappeared. Task manager CPU usage 0% at idle. Memory usage seems high 44%.

SystemLook 30.07.11 by jpshortstuff
Log created at 16:45 on 23/08/2011 by Jbitz
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "aig1hy4v.*"
No files found.

Searching for "*hy4v.*"
No files found.

Searching for "aig1*.*"
No files found.

-= EOF =-
2011/08/23 16:49:11.0069 4020 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 16:49:11.0365 4020 ================================================================================
2011/08/23 16:49:11.0365 4020 SystemInfo:
2011/08/23 16:49:11.0365 4020
2011/08/23 16:49:11.0365 4020 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/23 16:49:11.0365 4020 Product type: Workstation
2011/08/23 16:49:11.0365 4020 ComputerName: JBITZ-PC
2011/08/23 16:49:11.0365 4020 UserName: Jbitz
2011/08/23 16:49:11.0365 4020 Windows directory: C:\Windows
2011/08/23 16:49:11.0365 4020 System windows directory: C:\Windows
2011/08/23 16:49:11.0365 4020 Running under WOW64
2011/08/23 16:49:11.0365 4020 Processor architecture: Intel x64
2011/08/23 16:49:11.0365 4020 Number of processors: 3
2011/08/23 16:49:11.0365 4020 Page size: 0x1000
2011/08/23 16:49:11.0365 4020 Boot type: Normal boot
2011/08/23 16:49:11.0365 4020 ================================================================================
2011/08/23 16:49:11.0989 4020 Initialize success
2011/08/23 16:49:16.0295 5060 ================================================================================
2011/08/23 16:49:16.0295 5060 Scan started
2011/08/23 16:49:16.0295 5060 Mode: Manual;
2011/08/23 16:49:16.0295 5060 ================================================================================
2011/08/23 16:49:16.0513 5060 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/23 16:49:16.0529 5060 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
2011/08/23 16:49:16.0544 5060 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/23 16:49:16.0560 5060 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/23 16:49:16.0591 5060 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/23 16:49:16.0607 5060 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/23 16:49:16.0622 5060 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/23 16:49:16.0654 5060 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/23 16:49:16.0685 5060 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/23 16:49:16.0700 5060 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/23 16:49:16.0716 5060 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/23 16:49:16.0732 5060 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/08/23 16:49:16.0747 5060 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/23 16:49:16.0872 5060 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/23 16:49:16.0981 5060 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/23 16:49:16.0997 5060 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/23 16:49:17.0012 5060 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
2011/08/23 16:49:17.0028 5060 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/23 16:49:17.0044 5060 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
2011/08/23 16:49:17.0059 5060 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/23 16:49:17.0075 5060 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/23 16:49:17.0106 5060 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/23 16:49:17.0122 5060 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/23 16:49:17.0137 5060 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/23 16:49:17.0153 5060 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/08/23 16:49:17.0168 5060 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/23 16:49:17.0184 5060 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
2011/08/23 16:49:17.0215 5060 AVGIDSDriver (eee718457f24f2154f23a7fad1a0cea3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/23 16:49:17.0231 5060 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/08/23 16:49:17.0246 5060 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/23 16:49:17.0262 5060 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/08/23 16:49:17.0278 5060 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/08/23 16:49:17.0293 5060 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
2011/08/23 16:49:17.0309 5060 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/08/23 16:49:17.0324 5060 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/23 16:49:17.0356 5060 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/23 16:49:17.0371 5060 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/23 16:49:17.0402 5060 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/23 16:49:17.0418 5060 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/23 16:49:17.0418 5060 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/23 16:49:17.0434 5060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/23 16:49:17.0465 5060 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/23 16:49:17.0480 5060 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/23 16:49:17.0496 5060 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/23 16:49:17.0496 5060 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/23 16:49:17.0527 5060 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/23 16:49:17.0543 5060 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/23 16:49:17.0558 5060 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/23 16:49:17.0574 5060 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/23 16:49:17.0590 5060 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/23 16:49:17.0621 5060 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/23 16:49:17.0636 5060 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/23 16:49:17.0652 5060 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/23 16:49:17.0668 5060 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/23 16:49:17.0683 5060 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/23 16:49:17.0699 5060 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/23 16:49:17.0730 5060 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/08/23 16:49:17.0761 5060 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/23 16:49:17.0777 5060 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/23 16:49:18.0026 5060 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/23 16:49:18.0042 5060 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/23 16:49:18.0073 5060 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/23 16:49:18.0120 5060 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/23 16:49:18.0167 5060 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/23 16:49:18.0198 5060 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/23 16:49:18.0214 5060 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/23 16:49:18.0229 5060 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/23 16:49:18.0245 5060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/23 16:49:18.0276 5060 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/23 16:49:18.0292 5060 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/23 16:49:18.0292 5060 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/23 16:49:18.0323 5060 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/23 16:49:18.0338 5060 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/23 16:49:18.0354 5060 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/23 16:49:18.0370 5060 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/23 16:49:18.0385 5060 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/23 16:49:18.0401 5060 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/23 16:49:18.0416 5060 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/23 16:49:18.0432 5060 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/23 16:49:18.0448 5060 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/23 16:49:18.0463 5060 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/23 16:49:18.0479 5060 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/23 16:49:18.0494 5060 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/23 16:49:18.0526 5060 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/23 16:49:18.0541 5060 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/23 16:49:18.0557 5060 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/23 16:49:18.0572 5060 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/23 16:49:18.0604 5060 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/23 16:49:18.0619 5060 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/23 16:49:18.0666 5060 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/23 16:49:18.0697 5060 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/23 16:49:18.0713 5060 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/23 16:49:18.0728 5060 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/23 16:49:18.0744 5060 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/23 16:49:18.0760 5060 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/23 16:49:18.0775 5060 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/23 16:49:18.0791 5060 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/23 16:49:18.0806 5060 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/23 16:49:18.0822 5060 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/23 16:49:18.0838 5060 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/23 16:49:18.0853 5060 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/23 16:49:18.0869 5060 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/23 16:49:18.0884 5060 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/23 16:49:18.0900 5060 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/23 16:49:18.0931 5060 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/23 16:49:18.0947 5060 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/23 16:49:18.0962 5060 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/23 16:49:18.0978 5060 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/23 16:49:18.0994 5060 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/23 16:49:19.0009 5060 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/23 16:49:19.0025 5060 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/23 16:49:19.0087 5060 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/23 16:49:19.0103 5060 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/23 16:49:19.0118 5060 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/23 16:49:19.0134 5060 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/23 16:49:19.0150 5060 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/23 16:49:19.0165 5060 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/23 16:49:19.0181 5060 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/23 16:49:19.0196 5060 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/23 16:49:19.0212 5060 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/23 16:49:19.0228 5060 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/23 16:49:19.0243 5060 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/23 16:49:19.0259 5060 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/23 16:49:19.0274 5060 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/23 16:49:19.0306 5060 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
2011/08/23 16:49:19.0321 5060 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/23 16:49:19.0337 5060 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/23 16:49:19.0352 5060 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/23 16:49:19.0368 5060 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/23 16:49:19.0384 5060 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/23 16:49:19.0399 5060 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/23 16:49:19.0415 5060 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/23 16:49:19.0430 5060 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/23 16:49:19.0446 5060 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/23 16:49:19.0462 5060 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/23 16:49:19.0477 5060 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/08/23 16:49:19.0493 5060 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/23 16:49:19.0508 5060 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/23 16:49:19.0540 5060 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/23 16:49:19.0571 5060 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/23 16:49:19.0586 5060 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/23 16:49:19.0602 5060 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/23 16:49:19.0618 5060 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/23 16:49:19.0633 5060 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/23 16:49:19.0649 5060 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/23 16:49:19.0664 5060 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/23 16:49:19.0680 5060 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/23 16:49:19.0711 5060 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/23 16:49:19.0727 5060 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/23 16:49:19.0758 5060 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/08/23 16:49:19.0774 5060 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/23 16:49:19.0789 5060 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/08/23 16:49:19.0820 5060 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/08/23 16:49:19.0836 5060 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/08/23 16:49:19.0852 5060 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/08/23 16:49:19.0867 5060 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/23 16:49:19.0883 5060 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/23 16:49:19.0914 5060 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/23 16:49:19.0930 5060 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/23 16:49:19.0945 5060 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/23 16:49:19.0961 5060 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/23 16:49:19.0976 5060 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/23 16:49:19.0992 5060 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/23 16:49:20.0023 5060 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/23 16:49:20.0070 5060 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/23 16:49:20.0086 5060 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/23 16:49:20.0117 5060 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/23 16:49:20.0148 5060 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/23 16:49:20.0179 5060 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/23 16:49:20.0195 5060 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/23 16:49:20.0210 5060 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/23 16:49:20.0226 5060 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/23 16:49:20.0242 5060 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/23 16:49:20.0257 5060 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/23 16:49:20.0273 5060 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/23 16:49:20.0288 5060 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/23 16:49:20.0304 5060 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/23 16:49:20.0320 5060 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/23 16:49:20.0351 5060 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/08/23 16:49:20.0366 5060 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/23 16:49:20.0382 5060 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/23 16:49:20.0398 5060 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/23 16:49:20.0413 5060 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/08/23 16:49:20.0444 5060 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/23 16:49:20.0460 5060 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/23 16:49:20.0476 5060 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/08/23 16:49:20.0491 5060 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/23 16:49:20.0507 5060 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/23 16:49:20.0538 5060 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/23 16:49:20.0554 5060 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/23 16:49:20.0569 5060 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/23 16:49:20.0585 5060 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/23 16:49:20.0616 5060 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/23 16:49:20.0632 5060 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/23 16:49:20.0647 5060 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/23 16:49:20.0663 5060 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/23 16:49:20.0678 5060 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/23 16:49:20.0694 5060 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/23 16:49:20.0710 5060 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/23 16:49:20.0725 5060 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/23 16:49:20.0772 5060 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/08/23 16:49:20.0788 5060 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/23 16:49:20.0819 5060 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/23 16:49:20.0834 5060 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/23 16:49:20.0850 5060 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/23 16:49:20.0866 5060 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/08/23 16:49:20.0881 5060 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/08/23 16:49:20.0897 5060 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/23 16:49:20.0944 5060 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/08/23 16:49:20.0990 5060 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/23 16:49:21.0006 5060 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/23 16:49:21.0037 5060 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/23 16:49:21.0037 5060 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/23 16:49:21.0068 5060 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/23 16:49:21.0084 5060 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/23 16:49:21.0115 5060 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/23 16:49:21.0131 5060 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/23 16:49:21.0146 5060 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/23 16:49:21.0162 5060 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/23 16:49:21.0178 5060 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/23 16:49:21.0193 5060 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/23 16:49:21.0209 5060 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/23 16:49:21.0240 5060 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/23 16:49:21.0256 5060 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/23 16:49:21.0271 5060 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/23 16:49:21.0287 5060 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/23 16:49:21.0302 5060 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/23 16:49:21.0318 5060 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/23 16:49:21.0334 5060 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/23 16:49:21.0349 5060 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/23 16:49:21.0365 5060 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/08/23 16:49:21.0380 5060 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/23 16:49:21.0412 5060 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/23 16:49:21.0412 5060 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/23 16:49:21.0443 5060 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/23 16:49:21.0458 5060 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/23 16:49:21.0474 5060 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/08/23 16:49:21.0490 5060 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/08/23 16:49:21.0505 5060 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/23 16:49:21.0521 5060 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/23 16:49:21.0536 5060 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/23 16:49:21.0552 5060 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/23 16:49:21.0583 5060 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/23 16:49:21.0599 5060 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/23 16:49:21.0614 5060 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 16:49:21.0630 5060 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/23 16:49:21.0646 5060 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/23 16:49:21.0677 5060 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/23 16:49:21.0708 5060 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/23 16:49:21.0724 5060 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/23 16:49:21.0755 5060 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/23 16:49:21.0786 5060 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/23 16:49:21.0817 5060 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/23 16:49:21.0833 5060 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/23 16:49:21.0848 5060 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/08/23 16:49:21.0848 5060 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
2011/08/23 16:49:21.0864 5060 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/23 16:49:21.0864 5060 Boot (0x1200) (eafb5537a7f9f17fba8b134f442047ac) \Device\Harddisk1\DR1\Partition0
2011/08/23 16:49:21.0880 5060 Boot (0x1200) (3f8ccb797c4a8b2598a741cca45e3c97) \Device\Harddisk1\DR1\Partition1
2011/08/23 16:49:21.0880 5060 Boot (0x1200) (c9bd97385bb2dadf99887d4463610585) \Device\Harddisk2\DR2\Partition0
2011/08/23 16:49:21.0895 5060 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition0
2011/08/23 16:49:21.0895 5060 Boot (0x1200) (3700ec990749b8ab462b96ab27d9b744) \Device\Harddisk0\DR0\Partition1
2011/08/23 16:49:21.0911 5060 Boot (0x1200) (56fb5684077f2e95727690d7445a7eff) \Device\Harddisk0\DR0\Partition2
2011/08/23 16:49:21.0911 5060 ================================================================================
2011/08/23 16:49:21.0911 5060 Scan finished
2011/08/23 16:49:21.0911 5060 ================================================================================
2011/08/23 16:49:21.0911 4212 Detected object count: 0
2011/08/23 16:49:21.0911 4212 Actual detected object count: 0
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » August 24th, 2011, 9:18 am

Hi jbitz,

Thank you for the logs and feedback. That's good to know that the redirects have now stopped. :)
There is still some work to do, so please stick with me.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
SystemLook - 64-bit

Please can you delete the copy of SystemLook.exe already downloaded to your Desktop and then follow the instructions to download and run the 64-bit of the tool as follows:

  1. Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
    Alternate download site.
  2. Double-click on SystemLook_x64.exe to run the program.
    Vista - W7 users: Right-click on SystemLook_x64.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. Copy and Paste the text in the code box below into SystemLook's main text entry window:
    Code: Select all
    :filefind
    aig1hy4v.*
    *hy4v.*
    aig1*.*
  4. Click on the Look button to start the scan.
    When SystemLook has completed its task a Notepad window will open showing the results of the scan.
    A log file will be created on your Desktop named SystemLook.txt.
  5. Please post the contents of the SystemLook.txt file in your next reply.

Step 2:
OTL - Scan

  1. Please download OTL by Old Timer. Save it to your Desktop.
  2. Double click on OTL.exe to run the program.
    Vista - W7 users: Right-click on OTL.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. Under Output, ensure that the Minimal Output option is selected.
  4. Click the Scan All Users checkbox.
    Note: Please leave the remaining selections on the default settings.
  5. Click on Run Scan at the top left hand corner.
  6. When done, two Notepad files will automatically open:
    • OTL.txt <-- Will be opened, maximized.
    • Extras.txt <-- Will be minimized on task bar.
  7. Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.

Step 3:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. SystemLook.txt.
  3. OTL.txt.
  4. Extras.txt.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby jbitz » August 24th, 2011, 12:29 pm

I spoke to soon. I'm still have an problem with my firefox browser being redirected. If I go back to my search and click on the link it usually brings me to the correct link the second time.

Thanks for all your help so far.

Here are the logs:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:15 on 24/08/2011 by Jbitz
Administrator - Elevation successful

========== filefind ==========

Searching for "aig1hy4v.*"
No files found.

Searching for "*hy4v.*"
No files found.

Searching for "aig1*.*"
No files found.

-= EOF =-

OTL logfile created on: 8/24/2011 12:18:17 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Jbitz\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.33% Memory free
7.99 Gb Paging File | 5.82 Gb Available in Paging File | 72.83% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 28.17 Gb Free Space | 50.49% Space Free | Partition Type: NTFS
Drive E: | 185.55 Gb Total Space | 131.82 Gb Free Space | 71.05% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1318.63 Gb Free Space | 70.78% Space Free | Partition Type: NTFS
Drive H: | 1677.34 Gb Total Space | 759.59 Gb Free Space | 45.29% Space Free | Partition Type: NTFS

Computer Name: JBITZ-PC | User Name: Jbitz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jbitz\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\ProgramData\Everstrike\US4Service.exe ()
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe (
ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Windows\DAODx.exe ()


========== Modules (No Company Name) ==========

MOD - E:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - E:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - E:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll ()
MOD - E:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\ProgramData\Everstrike\US4Service.exe ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsusService.dll ()
MOD - C:\Windows\DAODx.exe ()
MOD - C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AVGIDSAgent) -- E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (tgsrvc_verizondm) SupportSoft Repair Service (verizondm) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (PowerAlert Agent) -- C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe (Tripp Lite)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (US30Sys) -- C:\Windows\SysWOW64\drivers\US40fs64.sys (© Everstrike Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 A4 63 A4 ED 5A CC 01 [binary data]
IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jbitz\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jbitz\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: E:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/12 01:11:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2011/08/11 17:59:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: E:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/24 11:29:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: E:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8B1DCD74-16C1-48EB-9717-A3A8C870BA1D}: C:\Users\Jbitz\AppData\Local\{8B1DCD74-16C1-48EB-9717-A3A8C870BA1D}\ [2011/07/19 22:47:55 | 000,000,000 | ---D | M]

[2011/08/11 09:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbitz\AppData\Roaming\Mozilla\Extensions
[2010/11/23 22:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbitz\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/11 09:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/24 00:25:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/30 10:20:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/19 22:47:55 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JBITZ\APPDATA\LOCAL\{8B1DCD74-16C1-48EB-9717-A3A8C870BA1D}
[2011/08/12 01:11:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- E:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [US4Service] C:\ProgramData\Everstrike\US4Service.exe ()
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000..\Run: [EPSON WorkForce 500 Series] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Jbitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{485c8fc0-d309-11df-ad0e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{485c8fc0-d309-11df-ad0e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\monsetup.exe
O33 - MountPoints2\{bd4f7a11-33f1-11e0-a2d6-20cf3023bbc1}\Shell - "" = AutoRun
O33 - MountPoints2\{bd4f7a11-33f1-11e0-a2d6-20cf3023bbc1}\Shell\AutoRun\command - "" = J:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (E:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - E:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (E:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - E:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/24 12:16:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Jbitz\Desktop\OTL.exe
[2011/08/23 16:47:29 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jbitz\Desktop\tdsskiller.exe
[2011/08/22 21:36:25 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/08/22 21:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/08/22 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\MigWiz
[2011/08/21 09:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2011/08/21 09:51:37 | 000,000,000 | ---D | C] -- C:\rsit
[2011/08/18 19:24:12 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\Adobe
[2011/08/16 22:03:47 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\Desktop\backups
[2011/08/13 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\Documents\DVDFab
[2011/08/13 16:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2011/08/13 12:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2011/08/13 12:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2011/08/12 18:44:11 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Jbitz\Desktop\dds.scr
[2011/08/12 01:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/08/12 01:11:30 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/08/11 22:55:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jbitz\Desktop\HijackThis.exe
[2011/08/11 22:53:25 | 000,041,272 | RH-- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/11 22:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/11 22:28:16 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Jbitz\Desktop\ATF-Cleaner.exe
[2011/08/11 21:55:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/11 21:28:35 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/08/11 21:28:35 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/08/11 10:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/11 10:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/10 21:47:01 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/10 21:47:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/10 21:47:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/10 21:47:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/10 21:47:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/10 21:47:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/10 21:47:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 21:47:01 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/10 21:47:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 21:47:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/10 21:47:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 21:47:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/10 21:47:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/10 21:47:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/10 21:47:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/10 21:06:37 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 21:06:37 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/10 21:06:37 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 20:57:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 20:57:00 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 20:57:00 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 20:57:00 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 20:57:00 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 20:57:00 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 20:57:00 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 20:57:00 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 20:57:00 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 20:57:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 20:55:20 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 20:55:20 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 20:55:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 20:55:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 20:55:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 20:55:20 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 20:55:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 20:55:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 20:55:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 20:55:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 20:55:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 20:55:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 20:55:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 20:55:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 20:55:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 20:55:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 20:55:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 20:55:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 20:55:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 20:55:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/04 21:51:03 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/04 21:24:30 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\Google
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/24 12:16:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jbitz\Desktop\OTL.exe
[2011/08/24 12:12:13 | 000,165,376 | ---- | M] () -- C:\Users\Jbitz\Desktop\SystemLook_x64.exe
[2011/08/24 11:32:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000UA.job
[2011/08/24 11:31:52 | 000,000,955 | ---- | M] () -- C:\Users\Jbitz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/08/24 11:29:23 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/08/24 09:55:53 | 129,495,093 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/24 05:15:44 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/24 05:15:44 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/24 03:40:43 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/24 03:40:43 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/24 03:40:43 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/24 03:36:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/23 17:05:40 | 000,007,606 | ---- | M] () -- C:\Users\Jbitz\AppData\Local\Resmon.ResmonCfg
[2011/08/23 16:47:31 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jbitz\Desktop\tdsskiller.exe
[2011/08/23 16:44:41 | 000,139,264 | ---- | M] () -- C:\Users\Jbitz\Desktop\SystemLook.exe
[2011/08/23 16:41:25 | 000,000,188 | ---- | M] () -- C:\Users\Jbitz\defogger_reenable
[2011/08/23 16:39:56 | 000,050,477 | ---- | M] () -- C:\Users\Jbitz\Desktop\Defogger.exe
[2011/08/22 21:43:00 | 000,459,264 | ---- | M] () -- C:\Users\Jbitz\Desktop\CKScanner.exe
[2011/08/22 21:32:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000Core.job
[2011/08/13 19:13:55 | 000,001,149 | ---- | M] () -- C:\Users\Jbitz\Desktop\VOBMerge - Shortcut.lnk
[2011/08/13 16:33:45 | 000,000,727 | ---- | M] () -- C:\Users\Jbitz\Desktop\DVDFab 8 Qt.lnk
[2011/08/13 12:13:09 | 000,000,680 | ---- | M] () -- C:\Users\Jbitz\Desktop\DVD Shrink 3.2.lnk
[2011/08/12 18:44:56 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Jbitz\Desktop\dds.scr
[2011/08/12 01:11:31 | 000,000,742 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/12 01:11:30 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/08/12 01:11:30 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/08/11 23:36:58 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/11 22:55:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jbitz\Desktop\HijackThis.exe
[2011/08/11 22:53:25 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 22:28:18 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Jbitz\Desktop\ATF-Cleaner.exe
[2011/08/11 17:59:39 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/11 10:53:43 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/11 09:47:24 | 000,010,547 | ---- | M] () -- C:\Users\Jbitz\Desktop\bookmarks-2011-08-11.json
[2011/08/09 22:32:50 | 000,002,409 | ---- | M] () -- C:\Users\Jbitz\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/24 12:12:13 | 000,165,376 | ---- | C] () -- C:\Users\Jbitz\Desktop\SystemLook_x64.exe
[2011/08/24 11:29:23 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/08/24 11:29:23 | 000,000,955 | ---- | C] () -- C:\Users\Jbitz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/08/24 11:29:23 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/08/23 16:44:41 | 000,139,264 | ---- | C] () -- C:\Users\Jbitz\Desktop\SystemLook.exe
[2011/08/23 16:41:25 | 000,000,188 | ---- | C] () -- C:\Users\Jbitz\defogger_reenable
[2011/08/23 16:39:56 | 000,050,477 | ---- | C] () -- C:\Users\Jbitz\Desktop\Defogger.exe
[2011/08/22 21:43:00 | 000,459,264 | ---- | C] () -- C:\Users\Jbitz\Desktop\CKScanner.exe
[2011/08/13 19:13:55 | 000,001,149 | ---- | C] () -- C:\Users\Jbitz\Desktop\VOBMerge - Shortcut.lnk
[2011/08/13 16:33:45 | 000,000,727 | ---- | C] () -- C:\Users\Jbitz\Desktop\DVDFab 8 Qt.lnk
[2011/08/13 12:13:09 | 000,000,680 | ---- | C] () -- C:\Users\Jbitz\Desktop\DVD Shrink 3.2.lnk
[2011/08/12 20:36:14 | 000,007,606 | ---- | C] () -- C:\Users\Jbitz\AppData\Local\Resmon.ResmonCfg
[2011/08/12 01:11:31 | 000,000,742 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/12 01:11:30 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/08/12 01:11:30 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/08/11 22:53:25 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/11 20:56:30 | 000,001,005 | ---- | C] () -- C:\Users\Jbitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/08/11 17:59:39 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/11 17:59:39 | 000,000,811 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/11 10:53:43 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/11 09:47:24 | 000,010,547 | ---- | C] () -- C:\Users\Jbitz\Desktop\bookmarks-2011-08-11.json
[2011/08/04 21:51:06 | 000,002,409 | ---- | C] () -- C:\Users\Jbitz\Desktop\Google Chrome.lnk
[2011/08/04 21:24:31 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000UA.job
[2011/08/04 21:24:31 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000Core.job
[2011/07/19 22:47:57 | 000,000,120 | ---- | C] () -- C:\Users\Jbitz\AppData\Local\Nmakocesof.dat
[2011/07/19 22:47:57 | 000,000,000 | ---- | C] () -- C:\Users\Jbitz\AppData\Local\Wleqoveraxifok.bin
[2011/07/19 22:41:47 | 000,003,456 | ---- | C] () -- C:\Users\Jbitz\AppData\Roaming\5408.F57
[2011/04/19 22:10:32 | 000,059,904 | R--- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 13:51:44 | 000,003,929 | R--- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/28 07:11:10 | 000,011,832 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/10/28 07:11:10 | 000,010,216 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/10/20 12:37:13 | 000,073,220 | R--- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/10/20 12:37:13 | 000,031,053 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/10/20 12:37:13 | 000,029,114 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/10/20 12:37:13 | 000,027,417 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/10/20 12:37:13 | 000,021,021 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/10/20 12:37:13 | 000,015,670 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/10/20 12:37:13 | 000,013,280 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/10/20 12:37:13 | 000,010,673 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/10/20 12:37:13 | 000,004,943 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/10/20 12:37:13 | 000,001,140 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/10/20 12:37:13 | 000,001,140 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/10/20 12:37:13 | 000,001,137 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/10/20 12:37:13 | 000,001,130 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/10/20 12:37:13 | 000,001,130 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/10/20 12:37:13 | 000,001,104 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/10/20 12:37:13 | 000,000,097 | R--- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/10/20 12:36:40 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF500.ini
[2010/10/08 11:50:22 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/10/08 11:50:22 | 000,013,440 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/10/08 10:38:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/08 10:29:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/08 10:29:56 | 000,032,400 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/08/03 00:21:54 | 000,197,912 | R--- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | R--- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | R--- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | R--- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | RH-- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/30 02:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe

< End of report >

OTL Extras logfile created on: 8/24/2011 12:18:17 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Jbitz\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.33% Memory free
7.99 Gb Paging File | 5.82 Gb Available in Paging File | 72.83% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 28.17 Gb Free Space | 50.49% Space Free | Partition Type: NTFS
Drive E: | 185.55 Gb Total Space | 131.82 Gb Free Space | 71.05% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1318.63 Gb Free Space | 70.78% Space Free | Partition Type: NTFS
Drive H: | 1677.34 Gb Total Space | 759.59 Gb Free Space | 45.29% Space Free | Partition Type: NTFS

Computer Name: JBITZ-PC | User Name: Jbitz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "e:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "e:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "e:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "e:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BCC0AD-0699-48B6-9900-3C53BBCD4DAC}" = AVG 2011
"{1393C72B-B30C-6F19-256E-44FCB007F364}" = WMV9/VC-1 Video Playback
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{70A3B2EC-C568-4B01-9F44-9F186B6B06F6}" = ATI Catalyst Install Manager
"{71F2CF3C-07C9-4FB9-8B22-8BC411C2E3EE}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B46238A8-16C7-8E63-4F5A-1D6EF70ACBBB}" = ccc-utility64
"{B8EB9499-B607-3770-67C7-56514666B51C}" = AMD Fuel
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E33AC780-456C-6295-E0F3-10A8D39A09FB}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"CCleaner" = CCleaner
"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B1F625D-4AF5-4721-5720-94EB8923A730}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73D29183-E068-980B-EC85-DEDA371F7988}" = CCC Help English
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88E7FC62-7948-4262-93E2-1D0B1E992C84}" = PowerAlert Local Software
"{89ADBB8E-8600-D026-9662-84CCB3D9F60A}" = AMD VISION Engine Control Center
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AF82FB45-F415-53A0-A5AE-B6A09A8BEA51}" = Catalyst Control Center Graphics Previews Common
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D547A594-AA85-4B92-80EB-47B371B98C68}" = Verizon Download Manager
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CSOL" = CSOL
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.1.2 (08/08/2011) Qt
"EPSON Scanner" = EPSON Scan
"HandBrake" = HandBrake 0.9.5
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.16
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)
"nLite_is1" = nLite 1.4.9.1
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinPatrol" = WinPatrol

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2011 11:11:27 AM | Computer Name = Jbitz-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/11/2011 11:11:27 AM | Computer Name = Jbitz-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/11/2011 3:13:55 PM | Computer Name = Jbitz-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MassEffect2.exe, version: 1.2.1604.0, time
stamp: 0x4bd60ba2 Faulting module name: MassEffect2.exe, version: 1.2.1604.0, time
stamp: 0x4bd60ba2 Exception code: 0xc0000005 Fault offset: 0x006ef14c Faulting process
id: 0x2804 Faulting application start time: 0x01cc58390733ba74 Faulting application
path: E:\Game\Mass Effect 2\Binaries\MassEffect2.exe Faulting module path: E:\Game\Mass
Effect 2\Binaries\MassEffect2.exe Report Id: 0e069c09-c44e-11e0-b158-20cf3023bbc1

Error - 8/11/2011 10:11:25 PM | Computer Name = Jbitz-PC | Source = EventSystem | ID = 4621
Description =

Error - 8/13/2011 10:25:13 AM | Computer Name = Jbitz-PC | Source = Application Hang | ID = 1002
Description = The program javaw.exe version 6.0.230.5 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 33a8 Start Time:
01cc59c1952a86ae Termination Time: 10 Application Path: C:\Program Files (x86)\Java\jre6\bin\javaw.exe

Report
Id:

Error - 8/13/2011 1:48:05 PM | Computer Name = Jbitz-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16768 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 660 Start
Time: 01cc5893dfbb8a07 Termination Time: 11 Application Path: C:\Windows\Explorer.EXE

Report
Id: 4fe1b2ab-c5d4-11e0-93eb-20cf3023bbc1

Error - 8/13/2011 1:51:38 PM | Computer Name = Jbitz-PC | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.1.7600.16768 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2ec4 Start
Time: 01cc59e12763c488 Termination Time: 13 Application Path: C:\Windows\explorer.exe

Report
Id: e3226753-c5d4-11e0-93eb-20cf3023bbc1

Error - 8/14/2011 11:20:54 AM | Computer Name = Jbitz-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16839,
time stamp: 0x4e0015ef Faulting module name: avgxpl.dll, version: 10.0.0.1385, time
stamp: 0x4df82b7b Exception code: 0xc0000005 Fault offset: 0x0012b213 Faulting process
id: 0xf38 Faulting application start time: 0x01cc5a95c1bb51b6 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
E:\Program Files (x86)\AVG\AVG10\avgxpl.dll Report Id: 001b0010-c689-11e0-b343-20cf3023bbc1

Error - 8/14/2011 3:46:54 PM | Computer Name = Jbitz-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16839 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1c5c Start
Time: 01cc5aba61870fc5 Termination Time: 3 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 2770148c-c6ae-11e0-b343-20cf3023bbc1

Error - 8/14/2011 6:47:29 PM | Computer Name = Jbitz-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MassEffect2.exe, version: 1.2.1604.0, time
stamp: 0x4bd60ba2 Faulting module name: MassEffect2.exe, version: 1.2.1604.0, time
stamp: 0x4bd60ba2 Exception code: 0xc0000005 Fault offset: 0x006ef14c Faulting process
id: 0x2284 Faulting application start time: 0x01cc5ac9c4a99c43 Faulting application
path: E:\Game\Mass Effect 2\Binaries\MassEffect2.exe Faulting module path: E:\Game\Mass
Effect 2\Binaries\MassEffect2.exe Report Id: 632b970b-c6c7-11e0-b343-20cf3023bbc1

[ System Events ]
Error - 8/22/2011 7:25:47 PM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 8/22/2011 7:50:50 PM | Computer Name = Jbitz-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 8/22/2011 8:25:33 PM | Computer Name = Jbitz-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 8/23/2011 4:41:56 PM | Computer Name = Jbitz-PC | Source = DCOM | ID = 10010
Description =

Error - 8/23/2011 4:43:00 PM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7034
Description = The PowerAlert Agent service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/23/2011 4:43:35 PM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 8/23/2011 5:51:13 PM | Computer Name = Jbitz-PC | Source = DCOM | ID = 10010
Description =

Error - 8/23/2011 5:51:14 PM | Computer Name = Jbitz-PC | Source = DCOM | ID = 10010
Description =

Error - 8/24/2011 3:36:39 AM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7034
Description = The PowerAlert Agent service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/24/2011 3:37:15 AM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2


< End of report >
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Malwarebytes Removed Trojan Internet Browsing Slow

Unread postby Scolabar » August 25th, 2011, 8:17 am

Hi jbitz,

Thank you again for the logs and feedback. :)

Please confirm whether or not you are aware of having installed the following programs:
    µTorrent
    uTorrentBar Toolbar

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 115 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware