Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Network, good; Internet, bad
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Trojan:dos/alureon.E still here!
Go to first new post Cannot access any google sites - youtube ...
Go to first new post "Congratulations, you won" &am ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Microsoft Visual C++ Runtime Library Buf ...
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: I think my computer has a virus!

Page 1 of 2 1 2
Reply  
Thread Tools
play4fun's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Dec 2009
Experience: Somewhat knowledgeable
29-Jan-2010, 10:32 PM #1
Unhappy I think my computer has a virus!
My antivirus showed that I had some infections and I thought it had removed them. My computer has slowed down a little and not sure if i'm still infected or not. A while back I received help from ya'll and I would appreciate if someone could look at my hijackthis log file and assist me if by chance i'm still infected. I run windows 7 with an intel core 2 duo processor with 4 gb of ram. Thanks in advance. I also ran malwarebytes and nothing showed up. Thanks in advance.

Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:36 PM, on 1/29/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequireme...eqlab_srlx.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
O16 - DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} (CUpdateAdvisorCtrl Object) - http://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} (System Requirements Lab) - http://www.systemrequirementslab.com...eqlab_test.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
--
End of file - 7712 bytes
Register for free to hide this ad!
play4fun's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Dec 2009
Experience: Somewhat knowledgeable
02-Feb-2010, 12:09 PM #2
I know that ya'll are busy. If anyone can check out my log I would appreciate it. Thanks.
play4fun's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Dec 2009
Experience: Somewhat knowledgeable
07-Feb-2010, 06:10 PM #3
Sigh, I know that you guys are real busy and if nobody has time to assist me then can you recommend another site that might be able to? On my last virus scan it found something to do with java and it runs a little slow. Thanks for any help you can provide.
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
08-Feb-2010, 08:30 AM #4
First clear your Java cache as shown http://www.java.com/en/download/help/5000020300.xml
Then follow advice here and post the logs those programs make in your next reply to this topic
play4fun's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Dec 2009
Experience: Somewhat knowledgeable
08-Feb-2010, 02:36 PM #5
Thanks for assisting me. I do appreciate it. Here is the logs you requested and when I run the gmr it locks up my computer then reboots. So I don't have a log for it. Should I try safe mode and see if it will let me run it that way?

DDS (Ver_09-12-01.01) - NTFSx86
Run by DJ at 11:25:57.82 on Mon 02/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2318 [GMT -6:00]

============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NetWorx\networx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\DJ\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.espn.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\users\dj\appdata\roaming\mozilla\firefox\profiles\qvapd2ji.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.espn.com
FF - component: c:\users\dj\appdata\roaming\mozilla\firefox\profiles\qvapd2ji.default\exten sions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\users\dj\appdata\roaming\mozilla\firefox\profiles\qvapd2ji.default\exten sions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dj\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2009-2-19 127744]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-12-17 38976]
R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-12-13 68136]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-12-13 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-12-13 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-12-13 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-13 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-13 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-13 40552]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-14 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2010-1-19 24944]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-13 34248]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-5-3 12112]
S3 SRS_iWowPC_Service;SRS Labs iWow PC;c:\windows\system32\drivers\SRS_iWowPC_i386.sys [2010-1-28 37888]
=============== Created Last 30 ================
2010-02-06 21:38:46 0 d-----w- c:\program files\NVIDIA Corporation
2010-02-05 16:52:09 0 d-----w- c:\program files\iPod
2010-02-05 16:52:08 0 d-----w- c:\program files\iTunes
2010-02-05 16:01:43 1059 ----a-w- c:\users\dj\Documents - Shortcut.lnk
2010-02-05 15:28:44 0 d-----w- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2010-02-05 15:28:25 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-02-05 15:23:08 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-02-04 02:28:21 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2010-02-04 01:52:21 0 d-----w- c:\windows\system32\AGEIA
2010-02-03 23:50:04 0 d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-02-02 23:32:16 0 d-----w- c:\users\dj\appdata\roaming\DriverCure
2010-02-02 23:32:09 0 d-----w- c:\programdata\ParetoLogic
2010-02-02 23:32:09 0 d-----w- c:\programdata\DriverCure
2010-02-02 03:24:30 473088 ----a-w- c:\windows\system32\audiosrv.dll
2010-02-02 03:24:30 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2010-02-02 03:24:30 374784 ----a-w- c:\windows\system32\AudioEng.dll
2010-02-01 01:47:40 0 d-----w- c:\program files\MonInfo
2010-01-29 21:09:46 0 d-----w- c:\program files\common files\eSellerate
2010-01-29 21:09:44 0 d-----w- c:\program files\AnswersThatWork
2010-01-29 07:09:17 65602 ------w- c:\windows\system32\cook3260.dll
2010-01-29 07:09:17 217127 ------w- c:\windows\system32\drv43260.dll
2010-01-29 07:09:17 208935 ------w- c:\windows\system32\drv33260.dll
2010-01-29 07:09:17 176165 ------w- c:\windows\system32\drv23260.dll
2010-01-29 07:09:17 102439 ------w- c:\windows\system32\sipr3260.dll
2010-01-29 07:09:16 626688 ------w- c:\windows\system32\vp7vfw.dll
2010-01-29 07:09:16 1184984 ------w- c:\windows\system32\wvc1dmod.dll
2010-01-29 07:09:15 0 d-----w- c:\program files\VSO
2010-01-29 03:11:29 0 d-----w- c:\programdata\SRS Labs
2010-01-29 03:10:34 80384 ------w- c:\windows\system32\drivers\tshd4_kern_i386.sys
2010-01-29 03:10:34 61952 ------w- c:\windows\system32\drivers\cshp_kern_i386.sys
2010-01-29 03:10:34 37888 ------w- c:\windows\system32\drivers\SRS_iWowPC_i386.sys
2010-01-29 03:02:49 0 d-----w- c:\program files\Trend Micro
2010-01-29 01:13:14 0 d-----w- c:\users\dj\appdata\roaming\Malwarebytes
2010-01-29 01:13:10 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 01:13:09 19160 ------w- c:\windows\system32\drivers\mbam.sys
2010-01-29 01:13:09 0 d-----w- c:\programdata\Malwarebytes
2010-01-29 01:13:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 03:12:06 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 03:12:06 2614272 ----a-w- c:\windows\explorer.exe
2010-01-26 21:53:34 237568 ------w- c:\windows\system32\rmc_rtspdl.dll
2010-01-26 21:53:34 156672 ------w- c:\windows\system32\rmc_fixasf.exe
2010-01-26 21:52:52 0 d-----w- c:\windows\Applian Director
2010-01-26 21:52:52 0 d-----w- c:\program files\Applian Director
2010-01-26 21:52:30 0 d-----w- c:\windows\Replay Media Catcher
2010-01-26 21:52:30 0 d-----w- c:\program files\Replay Media Catcher
2010-01-26 20:04:39 0 d-----w- c:\program files\Conduit
2010-01-26 20:04:20 0 d-----w- c:\windows\Freecorder
2010-01-26 20:01:46 0 d-----w- c:\windows\Ask & Record Toolbar
2010-01-26 18:48:03 0 d-----w- c:\program files\WMR14
2010-01-24 03:16:43 0 d-----w- c:\program files\Mystery Case Files - Huntsville
2010-01-24 03:11:03 0 d-----w- c:\program files\Mystery Case Files - Prime Suspects
2010-01-24 03:10:44 0 d-----w- c:\program files\bfgclient
2010-01-24 03:10:28 0 d-----w- C:\BigFishGamesCache
2010-01-23 07:16:29 0 d-----w- c:\programdata\ArcSoft
2010-01-23 07:14:59 0 d-----w- c:\windows\Downloaded Installations
2010-01-22 00:01:27 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 02:21:42 0 d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-01-20 23:43:49 7437 ----a-w- c:\windows\system32\nvinfo.pb
2010-01-20 23:43:44 182888 ----a-w- c:\windows\system32\nvcod189.dll
2010-01-20 03:24:59 4 ------w- c:\windows\system32\GVTunner.ref
2010-01-20 03:24:59 24944 ------w- c:\windows\system32\drivers\GVTDrv.sys
2010-01-20 03:16:39 17488 ----a-w- c:\windows\gdrv.sys
2010-01-20 02:55:35 0 d-----w- c:\program files\obj
2010-01-20 02:55:25 0 d-----w- c:\windows\GBD
2010-01-20 02:53:10 0 d-----w- c:\programdata\WinZip
2010-01-20 02:51:20 0 d-----w- c:\programdata\InstallShield
2010-01-18 04:57:13 12672 ------w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-01-18 04:57:12 0 d-----w- c:\program files\CPUID
2010-01-18 04:25:24 0 d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2010-01-18 04:25:05 479752 ------w- c:\windows\system32\XAudio2_0.dll
2010-01-18 04:25:05 462864 ------w- c:\windows\system32\d3dx10_37.dll
2010-01-18 04:25:05 3786760 ------w- c:\windows\system32\D3DX9_37.dll
2010-01-18 04:25:05 25608 ------w- c:\windows\system32\X3DAudio1_3.dll
2010-01-18 04:25:05 238088 ------w- c:\windows\system32\xactengine3_0.dll
2010-01-18 04:25:05 1420824 ------w- c:\windows\system32\D3DCompiler_37.dll
2010-01-18 02:17:02 0 d-----w- c:\program files\4Videosoft Studio
2010-01-17 03:29:39 0 d-----w- c:\users\dj\appdata\roaming\NVIDIA
2010-01-17 03:28:41 411368 ------w- c:\windows\system32\deploytk.dll
2010-01-14 20:52:05 0 d-----w- c:\users\dj\appdata\roaming\NeroDCTemplates
2010-01-14 04:22:31 87 ---ha-r- c:\windows\ctfile.rfc
2010-01-14 04:22:31 72704 ------w- c:\windows\system32\CmdRtr.DLL
2010-01-14 04:22:31 146432 ------w- c:\windows\system32\APOMngr.DLL
2010-01-14 04:22:13 0 d-----w- c:\windows\system32\RTCOM
2010-01-14 04:10:43 0 d-----w- c:\programdata\PC Drivers HeadQuarters
2010-01-13 09:13:53 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 09:13:53 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 18:03:34 9388648 ----a-w- c:\windows\system32\nvd3dum.dll
2010-01-12 18:03:34 68200 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 18:03:34 4338792 ----a-w- c:\windows\system32\nvencodemft.dll
2010-01-12 18:03:34 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 18:03:34 4061800 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 18:03:34 318568 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-01-12 18:03:34 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 18:03:34 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 18:03:34 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
2010-01-12 18:03:34 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 18:03:34 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-01-12 18:03:34 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-01-12 04:18:44 65332 ----a-w- c:\windows\system32\NvwsApps.xml
2010-01-12 04:18:44 271481 ----a-w- c:\windows\system32\NvApps.xml
2010-01-12 04:18:00 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-12 04:18:00 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 04:18:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-12 04:18:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-10 23:41:42 0 d-----w- c:\program files\Belarc
2010-01-10 23:01:54 0 d--h--w- c:\users\dj\PP_MOTION.TMP
2010-01-10 23:01:52 0 d-----w- c:\users\dj\CyberLink
2010-01-10 23:01:44 0 d--h--w- c:\users\dj\PP_ROTATE_SLIDE.TMP
2010-01-10 22:43:19 16384 ------w- c:\windows\system32\lgfwunis.exe
2010-01-10 22:43:18 0 d-----w- c:\program files\lg_fwupdate
==================== Find3M ====================
2010-01-29 07:09:21 87608 ----a-w- c:\users\dj\appdata\roaming\inst.exe
2010-01-29 07:09:21 47360 ----a-w- c:\users\dj\appdata\roaming\pcouffin.sys
2010-01-20 01:11:06 1640992 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-01-20 01:11:00 57376 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-01-20 01:11:00 371232 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-01-20 01:11:00 2622496 ----a-w- c:\windows\system32\RtkAPO.dll
2010-01-20 00:37:54 2991328 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-01-13 19:17:32 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-01-12 18:03:34 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 18:03:34 4321384 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-01-12 18:03:34 1280616 ----a-w- c:\windows\system32\nvapi.dll
2010-01-07 17:56:45 29480 ------w- c:\windows\system32\msxml3a.dll
2010-01-07 17:56:44 505128 ------w- c:\windows\system32\msvcp71.dll
2010-01-07 17:56:44 353576 ------w- c:\windows\system32\msvcr71.dll
2010-01-05 21:57:16 297376 ----a-w- c:\windows\system32\FMAPO.dll
2009-12-19 02:09:28 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-12-19 02:09:28 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-18 03:10:04 38976 ------w- c:\windows\system32\drivers\pssdk42.sys
2009-12-16 00:26:40 76488 ----a-w- c:\windows\system32\RTEEL32A.dll
2009-12-16 00:26:40 62664 ----a-w- c:\windows\system32\RTEEG32A.dll
2009-12-16 00:26:40 357576 ----a-w- c:\windows\system32\RTEEP32A.dll
2009-12-16 00:26:40 168648 ----a-w- c:\windows\system32\RTEED32A.dll
2009-12-14 01:06:12 47360 ------w- c:\windows\system32\drivers\pcouffin.sys
2009-12-13 20:20:07 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-12-13 19:08:10 0 ------w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-11 15:55:54 293584 ----a-w- c:\windows\system32\RP3DHT32.dll
2009-12-11 15:55:54 293584 ----a-w- c:\windows\system32\RP3DAA32.dll
2009-12-06 01:42:28 85504 ------w- c:\windows\system32\ff_vfw.dll
2009-12-04 21:43:54 132368 ----a-w- c:\windows\system32\MaxxAudioAPO.dll
2009-11-24 15:55:08 185584 ----a-w- c:\windows\system32\SRSTSHD.dll
2009-11-24 15:55:08 173296 ----a-w- c:\windows\system32\SRSHP360.dll
2009-11-24 15:55:08 140528 ----a-w- c:\windows\system32\SRSWOW.dll
2009-11-21 02:34:54 182888 ------w- c:\windows\system32\nvcod178.dll
2009-11-19 00:42:48 311568 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2009-11-19 00:42:48 1938704 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2009-11-19 00:42:48 1783056 ----a-w- c:\windows\system32\WavesLib.dll
2009-11-18 13:13:00 531032 ----a-w- c:\windows\system32\MBAPO32.dll
2009-11-18 13:13:00 50776 ----a-w- c:\windows\system32\MBPPCn32.dll
2009-11-18 13:12:00 68696 ----a-w- c:\windows\system32\MBWrp32.dll
2009-11-18 13:12:00 53848 ----a-w- c:\windows\system32\MBppld32.dll
2009-11-18 00:13:36 96160 ----a-w- c:\windows\system32\AERTARen.dll
2009-11-18 00:10:14 146336 ----a-w- c:\windows\system32\AERTACap.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 11:26:39.00 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
08-Feb-2010, 03:01 PM #6
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully

Download ComboFix from Here to your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
play4fun's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Dec 2009
Experience: Somewhat knowledgeable
08-Feb-2010, 03:21 PM #7
Here is the logfile for Combofix. I have to run some errands so I will check when I get back to see what else I need to do. I really do appreciate you helping me fix these problems.

ComboFix 10-02-08.01 - DJ 02/08/2010 13:11:52.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2469 [GMT -6:00]
Running from: c:\users\DJ\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\temp
c:\users\DJ\AppData\Roaming\inst.exe
c:\windows\GBD
c:\windows\GBD\0setup.exe
c:\windows\system32\VB6KO.DLL
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.
2010-02-08 19:16 . 2010-02-08 19:16 -------- d-----w- c:\users\DJ\AppData\Local\temp
2010-02-08 19:16 . 2010-02-08 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-06 21:38 . 2010-02-06 21:39 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-05 16:52 . 2010-02-05 16:52 -------- d-----w- c:\program files\iPod
2010-02-05 16:52 . 2010-02-05 17:56 -------- d-----w- c:\program files\iTunes
2010-02-05 16:50 . 2010-02-05 16:50 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-05 15:28 . 2010-02-05 15:28 -------- d-----w- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2010-02-05 15:28 . 2009-02-27 01:21 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-02-05 15:23 . 2010-01-12 18:03 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-02-04 02:28 . 2009-11-24 15:55 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2010-02-04 01:52 . 2010-02-04 01:52 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-04 01:52 . 2010-02-04 01:52 -------- d-----w- c:\windows\system32\AGEIA
2010-02-03 23:50 . 2010-02-03 23:50 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-02-02 23:32 . 2010-02-02 23:32 -------- d-----w- c:\users\DJ\AppData\Roaming\DriverCure
2010-02-02 23:32 . 2010-02-02 23:37 -------- d-----w- c:\programdata\DriverCure
2010-02-02 23:32 . 2010-02-02 23:32 -------- d-----w- c:\programdata\ParetoLogic
2010-02-02 03:24 . 2009-11-11 08:02 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2010-02-02 03:24 . 2009-11-11 08:02 473088 ----a-w- c:\windows\system32\audiosrv.dll
2010-02-02 03:24 . 2009-11-11 08:02 374784 ----a-w- c:\windows\system32\AudioEng.dll
2010-02-01 01:47 . 2010-02-01 01:47 -------- d-----w- c:\program files\MonInfo
2010-01-29 21:09 . 2007-06-08 19:53 1753088 ------w- c:\windows\system32\ExGrid.dll
2010-01-29 21:09 . 2007-06-05 16:20 602112 ------w- c:\windows\system32\ExMenu.dll
2010-01-29 21:09 . 2007-06-05 16:19 516096 ------w- c:\windows\system32\ExTab.dll
2010-01-29 21:09 . 2007-04-03 22:51 614400 ------w- c:\windows\system32\ExButton.dll
2010-01-29 21:09 . 2007-04-03 22:51 307200 ------w- c:\windows\system32\ExPMenu.dll
2010-01-29 21:09 . 2010-01-29 21:09 -------- d-----w- c:\program files\Common Files\eSellerate
2010-01-29 21:09 . 2005-10-11 20:40 356352 ------w- c:\windows\system32\eSellerateEngine.dll
2010-01-29 21:09 . 2005-10-04 14:11 118784 ------w- c:\windows\system32\eWebControl.dll
2010-01-29 21:09 . 1998-04-24 06:00 368912 ------w- c:\windows\system32\vbar332.dll
2010-01-29 21:09 . 2010-01-29 21:09 -------- d-----w- c:\program files\AnswersThatWork
2010-01-29 07:09 . 2009-09-03 03:58 65602 ------w- c:\windows\system32\cook3260.dll
2010-01-29 07:09 . 2009-09-03 03:58 217127 ------w- c:\windows\system32\drv43260.dll
2010-01-29 07:09 . 2009-09-03 03:58 208935 ------w- c:\windows\system32\drv33260.dll
2010-01-29 07:09 . 2009-09-03 03:58 176165 ------w- c:\windows\system32\drv23260.dll
2010-01-29 07:09 . 2009-09-03 03:58 102439 ------w- c:\windows\system32\sipr3260.dll
2010-01-29 07:09 . 2009-09-03 03:58 626688 ------w- c:\windows\system32\vp7vfw.dll
2010-01-29 07:09 . 2009-09-03 03:57 1184984 ------w- c:\windows\system32\wvc1dmod.dll
2010-01-29 07:09 . 2010-01-29 07:09 -------- d-----w- c:\program files\VSO
2010-01-29 03:11 . 2010-01-29 03:11 -------- d-----w- c:\programdata\SRS Labs
2010-01-29 03:11 . 2010-01-29 03:11 -------- d-----w- c:\users\DJ\AppData\Local\SRS Labs
2010-01-29 03:10 . 2008-11-18 04:59 37888 ------w- c:\windows\system32\drivers\SRS_iWowPC_i386.sys
2010-01-29 03:10 . 2008-11-18 04:59 80384 ------w- c:\windows\system32\drivers\tshd4_kern_i386.sys
2010-01-29 03:10 . 2008-11-18 04:59 61952 ------w- c:\windows\system32\drivers\cshp_kern_i386.sys
2010-01-29 03:02 . 2010-01-29 03:02 -------- d-----w- c:\program files\Trend Micro
2010-01-29 01:13 . 2010-01-29 01:13 -------- d-----w- c:\users\DJ\AppData\Roaming\Malwarebytes
2010-01-29 01:13 . 2010-01-07 22:07 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 01:13 . 2010-01-29 01:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 01:13 . 2010-01-29 01:13 -------- d-----w- c:\programdata\Malwarebytes
2010-01-29 01:13 . 2010-01-07 22:07 19160 ------w- c:\windows\system32\drivers\mbam.sys
2010-01-27 03:12 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 03:12 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-26 21:53 . 2010-01-27 06:30 237568 ------w- c:\windows\system32\rmc_rtspdl.dll
2010-01-26 21:53 . 2010-01-27 06:30 156672 ------w- c:\windows\system32\rmc_fixasf.exe
2010-01-26 21:53 . 2010-01-26 21:53 -------- d-----w- c:\users\DJ\AppData\Local\mdnslib
2010-01-26 21:52 . 2010-01-26 21:52 -------- d-----w- c:\windows\Applian Director
2010-01-26 21:52 . 2010-01-26 21:52 -------- d-----w- c:\program files\Applian Director
2010-01-26 21:52 . 2010-01-27 07:02 -------- d-----w- c:\program files\Replay Media Catcher
2010-01-26 21:52 . 2010-01-26 21:52 -------- d-----w- c:\windows\Replay Media Catcher
2010-01-26 20:04 . 2010-01-20 18:14 52224 ----a-w- c:\users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\qvapd2ji.default\exten sions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
2010-01-26 20:04 . 2010-01-20 18:14 101376 ----a-w- c:\users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\qvapd2ji.default\exten sions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
2010-01-26 20:04 . 2010-01-26 20:04 -------- d-----w- c:\program files\Conduit
2010-01-26 20:04 . 2010-01-27 07:01 -------- d-----w- c:\users\DJ\AppData\Local\FLVService
2010-01-26 20:04 . 2010-01-26 20:04 -------- d-----w- c:\windows\Freecorder
2010-01-26 20:01 . 2010-01-26 20:01 -------- d-----w- c:\windows\Ask & Record Toolbar
2010-01-26 18:48 . 2010-01-26 18:54 -------- d-----w- c:\program files\WMR14
2010-01-26 01:23 . 2010-01-26 01:23 -------- d-----w- c:\program files\ArcSoft
2010-01-24 03:16 . 2010-01-24 03:18 -------- d-----w- c:\program files\Mystery Case Files - Huntsville
2010-01-24 03:11 . 2010-01-24 03:13 -------- d-----w- c:\program files\Mystery Case Files - Prime Suspects
2010-01-24 03:10 . 2010-01-24 03:10 -------- d-----w- c:\program files\bfgclient
2010-01-24 03:10 . 2010-01-24 04:11 -------- d-----w- C:\BigFishGamesCache
2010-01-23 07:19 . 2010-01-26 01:26 -------- d-----w- c:\users\DJ\AppData\Roaming\ArcSoft
2010-01-23 07:16 . 2010-01-23 07:16 -------- d-----w- c:\programdata\ArcSoft
2010-01-23 07:14 . 2010-01-26 01:20 -------- d-----w- c:\windows\Downloaded Installations
2010-01-22 00:01 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 02:21 . 2010-01-21 02:21 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-01-20 23:43 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod189.dll
2010-01-20 21:01 . 2010-01-20 21:12 -------- d-----w- c:\users\DJ\AppData\Local\AquaMark3
2010-01-20 03:24 . 2010-01-20 03:58 24944 ------w- c:\windows\system32\drivers\GVTDrv.sys
2010-01-20 03:16 . 2010-02-08 18:25 17488 ----a-w- c:\windows\gdrv.sys
2010-01-20 02:55 . 2010-01-20 02:55 -------- d-----w- c:\program files\obj
2010-01-20 02:53 . 2010-01-20 03:39 -------- d-----w- c:\programdata\WinZip
2010-01-20 02:51 . 2010-01-20 02:51 -------- d-----w- c:\programdata\InstallShield
2010-01-18 04:57 . 2009-03-27 07:16 12672 ------w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-01-18 04:57 . 2010-01-18 04:57 -------- d-----w- c:\program files\CPUID
2010-01-18 04:25 . 2010-01-18 04:25 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2010-01-18 04:25 . 2008-03-05 22:03 479752 ------w- c:\windows\system32\XAudio2_0.dll
2010-01-18 04:25 . 2008-03-05 22:03 238088 ------w- c:\windows\system32\xactengine3_0.dll
2010-01-18 04:25 . 2008-03-05 22:00 25608 ------w- c:\windows\system32\X3DAudio1_3.dll
2010-01-18 04:25 . 2008-03-05 21:56 3786760 ------w- c:\windows\system32\D3DX9_37.dll
2010-01-18 04:25 . 2008-03-05 21:56 1420824 ------w- c:\windows\system32\D3DCompiler_37.dll
2010-01-18 04:25 . 2008-02-06 05:07 462864 ------w- c:\windows\system32\d3dx10_37.dll
2010-01-18 02:17 . 2010-01-18 02:17 -------- d-----w- c:\program files\4Videosoft Studio
2010-01-17 03:29 . 2010-01-17 03:29 864256 ----a-w- c:\users\DJ\AppData\Roaming\NVIDIA\SHIMGen_JAU.dll
2010-01-17 03:29 . 2010-01-17 03:29 1116672 ----a-w- c:\users\DJ\AppData\Roaming\NVIDIA\SHIMGen_JAU64.dll
2010-01-17 03:29 . 2010-01-17 03:29 -------- d-----w- c:\users\DJ\AppData\Roaming\NVIDIA
2010-01-17 03:28 . 2010-01-17 03:28 411368 ------w- c:\windows\system32\deploytk.dll
2010-01-17 03:28 . 2010-01-17 03:28 -------- d-----w- c:\program files\Java
2010-01-14 20:52 . 2010-01-14 20:52 -------- d-----w- c:\users\DJ\AppData\Roaming\NeroDCTemplates
2010-01-14 04:22 . 2008-12-04 17:57 146432 ------w- c:\windows\system32\APOMngr.DLL
2010-01-14 04:22 . 2008-09-17 20:05 72704 ------w- c:\windows\system32\CmdRtr.DLL
2010-01-14 04:22 . 2010-02-04 02:28 -------- d-----w- c:\windows\system32\RTCOM
2010-01-14 04:10 . 2010-01-14 04:10 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2010-01-14 03:13 . 2010-01-14 03:13 -------- d-----w- c:\users\DJ\AppData\Local\eSupport.com
2010-01-13 09:13 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 09:13 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 18:03 . 2010-01-12 18:03 9388648 ----a-w- c:\windows\system32\nvd3dum.dll
2010-01-12 18:03 . 2010-01-12 18:03 68200 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 18:03 . 2010-01-12 18:03 4338792 ----a-w- c:\windows\system32\nvencodemft.dll
2010-01-12 18:03 . 2010-01-12 18:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 18:03 . 2010-01-12 18:03 4061800 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 18:03 . 2010-01-12 18:03 318568 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-01-12 18:03 . 2010-01-12 18:03 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 18:03 . 2010-01-12 18:03 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 18:03 . 2010-01-12 18:03 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
2010-01-12 18:03 . 2010-01-12 18:03 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 18:03 . 2010-01-12 18:03 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-01-12 04:18 . 2010-01-12 04:18 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-12 04:18 . 2010-01-12 04:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 04:18 . 2010-01-12 04:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-12 04:18 . 2010-01-12 04:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-10 23:41 . 2010-01-10 23:41 -------- d-----w- c:\program files\Belarc
2010-01-10 23:01 . 2010-01-10 23:19 -------- d--h--w- c:\users\DJ\PP_MOTION.TMP
2010-01-10 23:01 . 2010-01-10 23:01 -------- d-----w- c:\users\DJ\CyberLink
2010-01-10 23:01 . 2010-01-10 23:01 -------- d--h--w- c:\users\DJ\PP_ROTATE_SLIDE.TMP
2010-01-10 22:43 . 2010-01-10 22:44 16384 ------w- c:\windows\system32\lgfwunis.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 17:23 . 2009-12-25 08:06 -------- d-----w- c:\programdata\eMule
2010-02-08 08:52 . 2009-12-14 01:06 -------- d-----w- c:\users\DJ\AppData\Roaming\Vso
2010-02-08 01:17 . 2009-12-13 20:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-06 21:39 . 2009-12-13 19:00 -------- d-----w- c:\programdata\NVIDIA
2010-02-05 16:52 . 2009-12-13 21:44 -------- d-----w- c:\program files\Common Files\Apple
2010-02-05 15:28 . 2009-12-20 23:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-02 23:36 . 2010-01-04 22:49 -------- d-----w- c:\program files\Futuremark
2010-02-01 03:33 . 2010-01-06 22:23 -------- d-----w- c:\program files\CyberLink
2010-02-01 03:32 . 2010-01-06 22:22 -------- d-----w- c:\programdata\CyberLink
2010-02-01 03:31 . 2010-01-06 22:30 36864 ----a-w- c:\programdata\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
2010-02-01 03:29 . 2010-01-06 22:26 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2010-02-01 03:27 . 2010-01-06 22:24 36864 ----a-w- c:\programdata\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2010-02-01 03:26 . 2010-01-06 22:32 53319 ----a-w- c:\programdata\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2010-01-29 19:24 . 2009-12-17 04:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2010-01-29 07:09 . 2009-12-14 01:06 47360 ----a-w- c:\users\DJ\AppData\Roaming\pcouffin.sys
2010-01-29 07:09 . 2009-12-14 01:06 47360 ----a-w- c:\users\DJ\AppData\Roaming\pcouffin.sys
2010-01-25 02:46 . 2009-12-14 06:13 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-20 23:51 . 2009-12-14 15:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 23:42 . 2009-12-20 20:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 02:51 . 2009-12-13 20:12 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-20 02:51 . 2009-12-13 20:12 -------- d-----w- c:\program files\GIGABYTE
2010-01-20 01:11 . 2010-02-04 02:28 1640992 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-01-20 01:11 . 2010-02-04 02:28 57376 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-01-20 01:11 . 2010-02-04 02:28 371232 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-01-20 01:11 . 2010-02-04 02:28 2622496 ----a-w- c:\windows\system32\RtkAPO.dll
2010-01-20 00:37 . 2010-02-04 02:28 2991328 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-01-13 19:17 . 2010-02-04 02:28 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-01-12 18:03 . 2010-02-05 15:22 4321384 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-01-12 18:03 . 2010-02-05 15:22 1280616 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 18:03 . 2010-01-12 18:03 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-01-12 18:03 . 2009-05-01 04:02 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-10 22:30 . 2009-12-13 20:36 53319 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2010-01-09 17:54 . 2010-01-09 05:14 -------- d-----w- c:\users\DJ\AppData\Roaming\Nero
2010-01-09 05:26 . 2010-01-09 04:17 -------- d-----w- c:\program files\Nero
2010-01-09 05:23 . 2010-01-09 05:23 -------- d-----w- c:\program files\Microsoft.NET
2010-01-09 04:48 . 2010-01-09 04:17 -------- d-----w- c:\program files\Common Files\Nero
2010-01-09 04:23 . 2009-12-26 21:50 -------- d-----w- c:\programdata\Nero
2010-01-09 04:16 . 2010-01-09 04:16 -------- d-----w- c:\program files\Common Files\LightScribe
2010-01-09 03:09 . 2010-01-07 17:57 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-01-07 18:12 . 2010-01-06 22:26 -------- d-----w- c:\users\DJ\AppData\Roaming\CyberLink
2010-01-07 18:12 . 2009-12-13 20:37 62648 ----a-w- c:\users\DJ\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-07 17:59 . 2010-01-07 17:59 -------- d-----w- c:\program files\Common Files\CyberLink
2010-01-07 17:56 . 2010-01-06 22:30 29480 ------w- c:\windows\system32\msxml3a.dll
2010-01-07 17:56 . 2003-11-18 12:00 353576 ------w- c:\windows\system32\msvcr71.dll
2010-01-07 17:56 . 2003-06-05 18:57 505128 ------w- c:\windows\system32\msvcp71.dll
2010-01-07 17:24 . 2010-01-06 22:39 -------- d-----w- c:\programdata\LightScribe
2010-01-07 03:04 . 2010-01-07 03:04 -------- d-----w- c:\users\DJ\AppData\Roaming\Xilisoft
2010-01-07 03:00 . 2010-01-07 03:00 -------- d-----w- c:\program files\Xilisoft
2010-01-06 23:09 . 2010-01-06 23:09 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-01-06 23:09 . 2010-01-06 23:09 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-01-06 23:09 . 2009-12-17 04:40 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2010-01-05 21:57 . 2010-02-04 02:28 297376 ----a-w- c:\windows\system32\FMAPO.dll
2010-01-04 22:38 . 2010-01-04 22:38 -------- d-----w- c:\users\DJ\AppData\Roaming\InstallShield
2010-01-04 02:14 . 2010-01-04 02:14 -------- d-----w- c:\program files\Zuma Deluxe
2010-01-02 21:56 . 2010-01-02 21:55 -------- d-----w- c:\program files\Common Files\Logitech
2010-01-02 21:55 . 2009-12-19 02:08 -------- d-----w- c:\program files\Logitech
2010-01-02 01:17 . 2009-12-13 21:45 -------- d-----w- c:\users\DJ\AppData\Roaming\Apple Computer
2010-01-01 18:56 . 2009-12-16 03:04 -------- d-----w- c:\program files\EA SPORTS
2010-01-01 01:09 . 2009-12-31 21:32 -------- d-----w- c:\users\DJ\AppData\Roaming\Download Manager
2009-12-30 06:57 . 2009-12-30 06:57 -------- d-----w- c:\programdata\GameHouse
2009-12-30 06:56 . 2009-12-30 06:56 -------- d-----w- c:\programdata\Trymedia
2009-12-27 19:49 . 2009-12-27 19:49 -------- d-----w- c:\program files\MSXML 4.0
2009-12-27 07:29 . 2009-12-27 02:14 -------- d-----w- c:\users\DJ\AppData\Roaming\Move Networks
2009-12-27 04:02 . 2009-12-21 22:38 -------- d-----w- c:\programdata\PopCap Games
2009-12-27 03:29 . 2009-12-27 03:29 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-12-27 02:14 . 2009-12-27 02:14 144160 ----a-w- c:\users\DJ\AppData\Roaming\Move Networks\uninstall.exe
2009-12-27 02:14 . 2009-12-07 01:22 5603776 ----a-w- c:\users\DJ\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
2009-12-25 19:58 . 2009-12-25 19:58 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-12-21 22:38 . 2009-12-21 22:38 -------- d-----w- c:\program files\PopCap Games
2009-12-20 21:51 . 2009-12-20 20:47 -------- d-----w- c:\programdata\NOS
2009-12-20 20:47 . 2009-12-20 20:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-20 20:47 . 2009-12-20 20:47 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-12-19 03:53 . 2009-12-19 03:53 -------- d--h--r- c:\users\DJ\AppData\Roaming\SecuROM
2009-12-19 02:14 . 2009-12-19 02:14 -------- d-----w- c:\users\DJ\AppData\Roaming\Logitech
2009-12-19 02:14 . 2009-12-19 02:08 -------- d-----w- c:\programdata\Logitech
2009-12-19 02:10 . 2009-12-19 02:10 -------- d-----w- c:\users\DJ\AppData\Roaming\Leadertech
2009-12-19 02:10 . 2009-12-19 02:08 -------- d-----w- c:\program files\Common Files\Logishrd
2009-12-19 02:10 . 2009-12-19 02:08 -------- d-----w- c:\programdata\LogiShrd
2009-12-19 02:09 . 2009-12-19 02:09 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-12-19 02:09 . 2009-12-19 02:09 0 ------w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-18 15:51 . 2009-12-18 15:51 -------- d-----w- c:\program files\Elecard
2009-12-18 15:51 . 2009-12-18 15:51 -------- d-----w- c:\program files\Common Files\Elecard
2009-12-18 15:47 . 2009-12-18 15:47 -------- d-----w- c:\program files\AC3Filter
2009-12-18 04:22 . 2009-12-18 04:22 -------- d-----w- c:\program files\ffdshow
2009-12-18 04:09 . 2009-12-18 04:09 -------- d-----w- c:\program files\Xvid
2009-12-18 04:01 . 2009-12-18 04:01 -------- d-----w- c:\program files\KC Softwares
2009-12-18 03:10 . 2009-12-18 03:10 38976 ------w- c:\windows\system32\drivers\pssdk42.sys
2009-12-18 03:10 . 2009-12-18 03:10 -------- d-----w- c:\program files\NetWorx
2009-12-18 03:10 . 2009-12-18 03:10 -------- d-----w- c:\programdata\SoftPerfect
2009-12-17 04:40 . 2009-12-17 04:40 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2009-12-17 01:39 . 2009-12-17 01:39 -------- d-----w- c:\programdata\SpinTop Games
2009-12-16 03:14 . 2009-12-16 03:14 607 ----a-w- c:\windows\eReg.dat
2009-12-16 00:26 . 2010-02-04 02:28 76488 ----a-w- c:\windows\system32\RTEEL32A.dll
2009-12-16 00:26 . 2010-02-04 02:28 62664 ----a-w- c:\windows\system32\RTEEG32A.dll
2009-12-16 00:26 . 2010-02-04 02:28 357576 ----a-w- c:\windows\system32\RTEEP32A.dll
2009-12-16 00:26 . 2010-02-04 02:28 168648 ----a-w- c:\windows\system32\RTEED32A.dll
2009-12-15 15:50 . 2009-12-15 15:50 -------- d-----w- c:\program files\CCleaner
2009-12-14 15:28 . 2009-12-14 15:25 -------- d-----w- c:\program files\Windows Live
2009-12-14 15:28 . 2009-12-14 15:28 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-12-14 15:27 . 2009-12-14 15:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2009-12-17 2920448]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-20 8452640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-18 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 21:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 19:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 01:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2010-01-10 22:44 557056 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2009-10-07 09:12 1086760 ----a-w- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-17 03:28 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
R1 archlp;archlp;c:\windows\System32\drivers\ArcHlp.sys [2/19/2009 2:22 PM 127744]
R1 PSSDK42;PSSDK42;c:\windows\System32\drivers\pssdk42.sys [12/17/2009 9:10 PM 38976]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [12/13/2009 2:12 PM 68136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [3/1/2009 11:05 PM 139776]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [12/14/2009 9:28 AM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 GVTDrv;GVTDrv;c:\windows\System32\drivers\GVTDrv.sys [1/19/2010 9:24 PM 24944]
S3 se32;EnTech softEngine;c:\windows\System32\drivers\se32.sys [5/3/2007 10:19 AM 12112]
S3 SRS_iWowPC_Service;SRS Labs iWow PC;c:\windows\System32\drivers\SRS_iWowPC_i386.sys [1/28/2010 9:10 PM 37888]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 19:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-13 18:22]
2010-02-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-13 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.com/
uInternet Settings,ProxyOverride = *.local
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab
FF - ProfilePath - c:\users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\qvapd2ji.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.espn.com
FF - component: c:\users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\qvapd2ji.default\exten sions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\qvapd2ji.default\exten sions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\DJ\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared Files\brs.exe
MSConfigStartUp-CLMLServer - c:\program files\CyberLink\Power2Go\CLMLSvc.exe
MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
MSConfigStartUp-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-PeerBlock - c:\program files\PeerBlock\peerblock.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePPShortCut - c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePSTShortCut - c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe
AddRemove-{24C97F5B-05B2-469F-A6F3-8F9DA7A5A4BA} - c:\program files\InstallShield Installation Information\{24C97F5B-05B2-469F-A6F3-8F9DA7A5A4BA}\setup.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-02-08 13:17:24
ComboFix-quarantined-files.txt 2010-02-08 19:17
Pre-Run: 525,885,247,488 bytes free
Post-Run: 525,811,105,792 bytes free
- - End Of File - - C7F6AEC038ABE0CA8659164768A31619
play4fun's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Dec 2009
Experience: Somewhat knowledgeable
08-Feb-2010, 06:41 PM #8
Just checking in to see if there is anything more I need to do.
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
09-Feb-2010, 04:41 AM #9
how is it now

It is possible combofix has quarantined a couple of possibly legitimate files so I need to examine them

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

Quote:

c:\qoobox\quarantine\*.*
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
play4fun's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Dec 2009
Experience: Somewhat knowledgeable
09-Feb-2010, 12:47 PM #10
My mouse seems to freeze at times. I have submitted that file to the spykiller like you requested. If there is anything else I need to do please let me know. Thanks again for everything you are doing to help me.
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
09-Feb-2010, 04:55 PM #11
it didn't upload the files I need for some reason

lets try a different way

first go to c:\qoobox\quarantine

find ComboFix-quarantined-files.txt and upload that here
play4fun's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Dec 2009
Experience: Somewhat knowledgeable
09-Feb-2010, 05:47 PM #12
For the life of me I can't find that file. Do you want me to try and upload it again? I will search again and see if I can find it if not I will upload again and send it to the site you requested.
play4fun's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Dec 2009
Experience: Somewhat knowledgeable
10-Feb-2010, 03:30 AM #13
Ok I think I found the file you requested. I will attach it. I also ran another scan and it found a dialer 182 and it's in a registry key and another one was on my external hard drive. I disconnected the external hd and will probably reformat it. My mouse still freezes up some. Hope this is the file you need.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
10-Feb-2010, 02:49 PM #14
what scan showed the dialler
play4fun's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Dec 2009
Experience: Somewhat knowledgeable
10-Feb-2010, 03:05 PM #15
Is that the file you needed? I ran the mcafee virus scan I have on my computer.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 10:19 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.