Computer Problems

chauncyjay

Newbie

Posts: 15

« on: October 14, 2010, 10:08:59 PM »

I've been having some issues with my desktop lately, random freezes and crashes. I've determined that I do indeed have a (multitude) virus (of viruses) of some sort. I am being denied administrator access to all possible route that i have been directed to via my friend, and he directed me here. Please help. I don't know what kind of information I need to post, so let's start there.


	Logged

chauncyjay

Newbie

Posts: 15

Re: Computer Problems

« Reply #1 on: October 14, 2010, 10:13:23 PM »

DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by CJ at 0:11:24.99 on Fri 10/15/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4289 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Rosewill\Common\RegistryWriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtblfs.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\CJ\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
dRun: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

================= FIREFOX ===================

FF - ProfilePath - C:\Users\CJ\AppData\Roaming\Mozilla\Firefox\Profiles\wzpkbrhe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/|http://www.facebook.com/|https://www.americaneagle.org/Default.aspx|http://www.ccsu.edu/|https://www.chase.com/Chase.html|http://www.amazon.com/|http://www.newegg.com/
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trueC:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-5-31 54480]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-7-1 352976]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Rosewill\Common\RegistryWriter.exe [2009-8-6 69632]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
S2 avg8emc;AVG Free8 E-mail Scanner;C:\Program Files (x86)\AVG\AVG8\avgemc.exe --> C:\Program Files (x86)\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe --> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 GEST Service;GEST Service for program management.;C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-2-20 68136]
S2 gupdate1c9d5a926f47c08;Google Update Service (gupdate1c9d5a926f47c08);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-15 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-11-11 25832]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2009-6-10 867328]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-13 1255736]

=============== Created Last 30 ================

2010-10-15 03:43:16   --------   d-----w-   C:\Users\CJ\AppData\Roaming\Malwarebytes
2010-10-15 03:43:10   38224   ----a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-15 03:43:10   --------   d-----w-   C:\PROGRA~3\Malwarebytes
2010-10-15 03:43:09   24664   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2010-10-15 03:43:09   --------   d-----w-   C:\Program Files (x86)\nothingsuspicious
2010-10-15 03:21:01   --------   d-----w-   C:\Windows\pss
2010-10-15 03:13:34   150200   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2010-10-14 03:48:58   --------   d-----w-   C:\Users\CJ\AppData\Roaming\Auslogics
2010-10-14 03:48:55   --------   d-----w-   C:\Program Files (x86)\Auslogics
2010-10-14 03:09:02   --------   d-----w-   C:\PROGRA~3\McAfee Security Scan
2010-10-14 03:08:57   --------   d-----w-   C:\Program Files (x86)\McAfee Security Scan
2010-10-14 02:41:19   --------   d-----w-   C:\Program Files (x86)\Kaspersky Lab
2010-10-14 02:41:19   --------   d-----w-   C:\PROGRA~3\Kaspersky Lab
2010-10-12 20:58:19   148992   ----a-w-   C:\Windows\System32\t2embed.dll
2010-10-12 20:58:19   109056   ----a-w-   C:\Windows\SysWow64\t2embed.dll
2010-10-12 20:58:08   4582912   ----a-w-   C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-12 20:58:07   2085376   ----a-w-   C:\Windows\System32\ole32.dll
2010-10-12 20:58:06   4247040   ----a-w-   C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-12 20:58:06   1413632   ----a-w-   C:\Windows\SysWow64\ole32.dll
2010-10-11 18:37:51   --------   d-----w-   C:\Program Files (x86)\Roadkil.Net
2010-10-05 15:51:36   218496   ----a-w-   C:\Windows\SysWow64\PnkBstrB.xtr
2010-10-05 15:51:33   --------   d-----w-   C:\Users\CJ\AppData\Local\PunkBuster
2010-10-04 18:02:39   --------   d-----w-   C:\Program Files\iTunes
2010-10-04 18:02:39   --------   d-----w-   C:\Program Files\iPod
2010-10-04 18:02:39   --------   d-----w-   C:\Program Files (x86)\iTunes
2010-10-04 18:00:43   --------   d-----w-   C:\Program Files\Bonjour
2010-10-04 18:00:43   --------   d-----w-   C:\Program Files (x86)\Bonjour
2010-10-03 14:48:56   --------   d-----w-   C:\Program Files\Ventrilo
2010-09-29 07:00:25   243712   ----a-w-   C:\Windows\System32\drivers\ks.sys
2010-09-29 07:00:25   184832   ----a-w-   C:\Windows\System32\drivers\usbvideo.sys
2010-09-28 21:55:44   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2010-09-28 21:55:44   2048   ----a-w-   C:\Windows\System32\tzres.dll
2010-09-28 21:55:32   13312   ----a-w-   C:\Program Files\Internet Explorer\iecompat.dll
2010-09-28 21:55:32   13312   ----a-w-   C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-24 02:53:28   --------   d-----w-   C:\Users\CJ\AppData\Roaming\Hi-Rez Studios
2010-09-20 05:05:29   --------   d-----w-   C:\Users\CJ\D2-1.12A-enUS
2010-09-20 04:39:21   --------   d-----w-   C:\Program Files (x86)\Elaborate Bytes
2010-09-20 04:13:40   --------   d-----w-   C:\Users\CJ\AppData\Roaming\EVEMon
2010-09-20 04:10:06   --------   d-----w-   C:\Program Files (x86)\EVEMon

==================== Find3M ====================

2010-10-15 03:58:01   24072   ----a-w-   C:\Windows\gdrv.sys
2010-09-08 15:17:46   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 15:17:46   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17   1192960   ----a-w-   C:\Windows\System32\wininet.dll
2010-09-08 05:34:34   57856   ----a-w-   C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04   978432   ----a-w-   C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15   44544   ----a-w-   C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38   482816   ----a-w-   C:\Windows\System32\html.iec
2010-09-08 03:35:30   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31   386048   ----a-w-   C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09   12625920   ----a-w-   C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49   12625408   ----a-w-   C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34   3123712   ----a-w-   C:\Windows\System32\win32k.sys
2010-08-31 04:32:30   954752   ----a-w-   C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30   954288   ----a-w-   C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02   236032   ----a-w-   C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48   9728   ----a-w-   C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04   463360   ----a-w-   C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48   402944   ----a-w-   C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26   161792   ----a-w-   C:\Windows\System32\drivers\srvnet.sys
2010-08-21 06:38:47   1024512   ----a-w-   C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49   340992   ----a-w-   C:\Windows\System32\schannel.dll
2010-08-21 06:31:06   633856   ----a-w-   C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47   558592   ----a-w-   C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33   738816   ----a-w-   C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24   224256   ----a-w-   C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24   530432   ----a-w-   C:\Windows\SysWow64\comctl32.dll
2010-07-29 06:30:34   82944   ----a-w-   C:\Windows\SysWow64\iccvid.dll
2010-07-27 22:55:50   95520   ----a-w-   C:\Windows\System32\dnssd.dll
2010-07-27 22:55:50   119584   ----a-w-   C:\Windows\System32\dns-sd.exe
2010-07-27 22:44:10   91424   ----a-w-   C:\Windows\SysWow64\dnssd.dll
2010-07-27 22:44:10   107808   ----a-w-   C:\Windows\SysWow64\dns-sd.exe
2010-07-17 09:00:04   423656   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2010-01-03 03:07:57   802304   ----a-w-   C:\Program Files (x86)\setup.exe
2010-01-03 03:07:57   576000   ----a-w-   C:\Program Files (x86)\ISSetup.dll
2010-01-03 03:06:06   473   ----a-w-   C:\Program Files (x86)\layout.bin

============= FINISH: 0:12:02.11 ===============


	Logged

chauncyjay

Newbie

Posts: 15

Re: Computer Problems

« Reply #2 on: October 14, 2010, 10:13:55 PM »

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2009 8:14:50 PM
System Uptime: 10/14/2010 11:57:31 PM (1 hours ago)

Motherboard: EVGA | | 141-BL-E757
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | Socket 423 | 2661/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 932 GiB total, 251.86 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AVG Free8 Network Redirector x64
Device ID: ROOT\LEGACY_AVGTDIA\0000
Manufacturer:
Name: AVG Free8 Network Redirector x64
PNP Device ID: ROOT\LEGACY_AVGTDIA\0000
Service: AvgTdiA

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AVG Free AVI Loader Driver x64
Device ID: ROOT\LEGACY_AVGLDX64\0000
Manufacturer:
Name: AVG Free AVI Loader Driver x64
PNP Device ID: ROOT\LEGACY_AVGLDX64\0000
Service: AvgLdx64

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
AC3Filter (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Aion
Altitude
Amnesia: The Dark Descent Demo
Apple Application Support
Apple Software Update
Audiosurf
Auslogics Disk Defrag
Bob Came In Pieces
Borderlands
Braid
Bullet Candy
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Company of Heroes
Company of Heroes: Tales of Valor
Counter-Strike: Source
Creative System Information
Crysis
Crysis Warhead
Crysis Wars
Dedicated Server
Dragon Age: Origins
Empire: Total War
Energy Saver Advance B8.1015.1
er100LT
EVE Online (remove only)
EVEMon
EVGA Precision 1.3.2
EVGA SLI Enhancement Patch
Fallout 3
FileZilla Client 3.3.1
Foxit Reader
Fraps (remove only)
Galcon Fusion
Global Agenda Live
Global Agenda Public Test Client
Google Chrome
Google Earth
Google Update Helper
GridRunner Revolution
Gyromancer
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
Half-Life: Source
HiJackThis
Java Auto Updater
Java(TM) 6 Update 21
Just Cause 2
Kaspersky Anti-Virus 2011
League of Legends
Left 4 Dead 2 Add-on Support
Left 4 Dead 2 Authoring Tools
Left 4 Dead 2 Dedicated Server
Left 4 Dead 2 Demo
Logitech Touch Mouse Server 1.0
Malwarebytes' Anti-Malware
Mass Effect
Mass Effect 2
McAfee Security Scan Plus
Medieval II: Total War
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mini Ninjas
mIRC
Mozilla Firefox (3.5.13)
NCsoft Launcher
Netflix in Windows Media Center
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.0
Osmos Demo
PCSpim
Pidgin
Portal
Quake
Quake II
Quake II: Ground Zero
Quake II: The Reckoning
Quake III Arena
Quake III: Team Arena
Quake Mission Pack 1: Scourge of Armagon
Quake Mission Pack 2: Dissolution of Eternity
QuickTime
Red Faction Guerrilla
Roadkil's Unstoppable Copier Version 5.2
Rome: Total War Gold Edition
Rosewill Wireless Network 11N USB adapter RNX-EasyN1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Skype Toolbars
Skype™ 4.2
Sound Blaster X-Fi
Source Dedicated Server
Source SDK
Source SDK Base
Source SDK Base - Orange Box
Space Giraffe
StarCraft
StarCraft II
Steam
Super Laser Racer
System Requirements Lab
Team Fortress 2
Team Fortress 2 Dedicated Server
The Witcher: Enhanced Edition
Torchlight
Torchlight Editor
Trine
Unreal Gold
Unreal Tournament
Unreal Tournament 3
VirtualCloneDrive
Visual C++ 8.0 Runtime Setup Package (x64)
Warcraft III
Warcraft III: All Products
Windows Media Player Firefox Plugin
World of Warcraft
Zero Gear

==== Event Viewer Messages From Past Week ========

10/15/2010 12:04:20 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
10/14/2010 12:14:21 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/14/2010 11:58:27 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
10/14/2010 11:58:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx64 AvgMfx64 AvgTdiA
10/14/2010 11:58:02 PM, Error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The system cannot find the file specified.
10/14/2010 11:58:01 PM, Error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The system cannot find the file specified.
10/14/2010 11:47:19 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
10/14/2010 11:47:19 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume1.
10/13/2010 10:35:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8800392e000, 0x0000000000000001, 0xfffff8800fefe1ce, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101310-19125-01.

==== End Of File ===========================


	Logged

Jintan

Administrator
Hero Member

Posts: 3883

Re: Computer Problems

« Reply #3 on: October 15, 2010, 03:46:26 PM »

Welcome to Malware Crypt chauncyjay,

Not seeing any outright infection in these logs so far. You do seem to have parts of AVG still installed, which could actually be a factor in some of the problems you mention. Since I would not know yet what knowledge you have of using your system, when you run into admin access issues, do you start programs (like your browser) by right clicking them, and selecting "Run as administrator"?

For right now, I would suggest you go here and download and run the AVG uninstaller. For your system it would be the AVG Remover(64bit) (avg2011remover_en.exe), Be sure to temp disable all security software before running that. Here are some antivirus disable tips if needed.

Reboot after. Then let's get a different view of your system, using a scan tool that has been updated for Windows 7, as well as 64 bit systems.

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top check "Scan All Users", then click "Complete Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.


	Logged

Jintan

Administrator
Hero Member

Posts: 3883

Re: Computer Problems

« Reply #4 on: October 15, 2010, 03:55:51 PM »

I noticed the recent problems also created a dump file we can check.

Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

Then Navigate (go to Start, right click Computer, left click Explore) to the following file:

C:\Windows\memory.dmp

If that is there, then just zip a copy of it, and send it to [noparse]jintan@malwarecrypt.com[/noparse] as an attachment. Please place "Submitted Files - chauncyjay/mc/dmp" as the email Subject.

Also, I suspect this folder's unusual name might be instead you modifying the log results?

C:\Program Files (x86)\nothingsuspicious

If so, please avoid changing log info. Can cause confusion, inaccurate assessments and can lead to errors we could instead avoid.


	Logged

chauncyjay

Newbie

Posts: 15

Re: Computer Problems

« Reply #5 on: October 17, 2010, 01:30:16 PM »

Just so its clear, the folder you posted about was actually an attempt to rename MalwareBytes upon installing it. I remember hearing somewhere that certain viruses/malware restrict access to certain programs based on name, so it was a failed attempt at "fooling" some of that software.

The following two posts are the results of the scan that was run.


	Logged

chauncyjay

Newbie

Posts: 15

Re: Computer Problems

« Reply #6 on: October 17, 2010, 01:30:54 PM »

OTL Extras logfile created on: 10/17/2010 3:22:29 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\CJ\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 78.00% Memory free
12.00 Gb Paging File | 11.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 298.01 Gb Free Space | 31.99% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.34 Gb Free Space | 98.53% Space Free | Partition Type: FAT32

Computer Name: CJ-PC | User Name: CJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4246244673-1180196177-2491319184-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{64A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20 (64-bit)
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"nbi-glassfish-mod-sun-3.0.0.74.2" = Sun GlassFish Enterprise Server v3
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"nbi-nb-base-6.8.0.0.0-1" = NetBeans IDE 6.8
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = er100LT
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1015.1
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BFC70D3C-2670-44FB-90D0-124802B70636}" = Aion
"{C877BDC3-5D93-7A0B-8836-15163B33D351}" = Rome: Total War Gold Edition
"{D10227CA-792C-4517-872A-8AF5DB472D48}" = PCSpim
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E89084ED-D142-421E-BBA9-A1767354FE50}" = EVGA SLI Enhancement Patch
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F912EF57-65C8-48E8-911F-7FCAF8ADD62E}" = Rosewill Wireless Network 11N USB adapter RNX-EasyN1
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"FileZilla Client" = FileZilla Client 3.3.1
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"mIRC" = mIRC
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"Precision" = EVGA Precision 1.3.2
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 12900" = Audiosurf
"Steam App 13210" = Unreal Tournament 3
"Steam App 13240" = Unreal Tournament
"Steam App 13250" = Unreal Gold
"Steam App 17020" = Global Agenda Live
"Steam App 17040" = Global Agenda Public Test Client
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 17460" = Mass Effect
"Steam App 18820" = Zero Gear
"Steam App 205" = Source Dedicated Server
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 2200" = Quake III Arena
"Steam App 2310" = Quake
"Steam App 2320" = Quake II
"Steam App 2330" = Quake II: The Reckoning
"Steam App 23380" = Gyromancer
"Steam App 2340" = Quake II: Ground Zero
"Steam App 2350" = Quake III: Team Arena
"Steam App 240" = Counter-Strike: Source
"Steam App 26800" = Braid
"Steam App 27800" = Space Giraffe
"Steam App 27810" = GridRunner Revolution
"Steam App 280" = Half-Life: Source
"Steam App 29200" = Osmos Demo
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 35000" = Mini Ninjas
"Steam App 35700" = Trine
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 41300" = Altitude
"Steam App 41500" = Torchlight
"Steam App 41520" = Torchlight Editor
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 44100" = Super Laser Racer
"Steam App 44200" = Galcon Fusion
"Steam App 4560" = Company of Heroes
"Steam App 46000" = Bob Came In Pieces
"Steam App 4700" = Medieval II: Total War
"Steam App 5" = Dedicated Server
"Steam App 560" = Left 4 Dead 2 Dedicated Server
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 57310" = Amnesia: The Dark Descent Demo
"Steam App 590" = Left 4 Dead 2 Demo
"Steam App 6600" = Bullet Candy
"Steam App 8190" = Just Cause 2
"Steam App 8980" = Borderlands
"Steam App 9030" = Quake Mission Pack 2: Dissolution of Eternity
"Steam App 9040" = Quake Mission Pack 1: Scourge of Armagon
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"VirtualCloneDrive" = VirtualCloneDrive
"Warcraft III" = Warcraft III
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4246244673-1180196177-2491319184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-Aion" = Aion
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


	Logged

chauncyjay

Newbie

Posts: 15

Re: Computer Problems

« Reply #7 on: October 17, 2010, 01:31:10 PM »

OTL logfile created on: 10/17/2010 3:22:29 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\CJ\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 78.00% Memory free
12.00 Gb Paging File | 11.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 298.01 Gb Free Space | 31.99% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.34 Gb Free Space | 98.53% Space Free | Partition Type: FAT32

Computer Name: CJ-PC | User Name: CJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 15:21:55 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\CJ\Downloads\OTL.exe
PRC - [2010/10/13 23:04:31 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/09/17 18:57:30 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008/05/13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Rosewill\Common\RegistryWriter.exe

========== Modules (SafeList) ==========

MOD - [2010/10/17 15:21:55 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\CJ\Downloads\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/13 23:04:31 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/10/06 10:01:30 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/05/13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Rosewill\Common\RegistryWriter.exe -- (RalinkRegistryWriter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/13 23:04:31 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/06/09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/11/10 21:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/10/25 11:34:46 | 002,051,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2007/10/25 11:34:36 | 000,147,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2007/10/25 11:34:32 | 000,290,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2007/10/25 11:34:30 | 000,016,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2007/10/25 11:34:28 | 000,219,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2007/10/25 11:34:18 | 000,864,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2007/10/25 11:34:14 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2007/10/25 11:33:18 | 001,570,328 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/10/25 11:33:16 | 000,189,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/10/25 11:33:14 | 000,363,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/10/25 11:33:10 | 000,123,416 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/10/25 11:33:08 | 000,252,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/10/25 11:33:06 | 000,141,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2007/10/25 11:33:04 | 000,321,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/10/25 11:33:02 | 000,680,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2007/10/25 11:33:02 | 000,219,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007/10/25 11:33:00 | 000,699,928 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - [2007/10/25 11:32:58 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2007/07/17 18:42:38 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/07/17 18:42:32 | 000,054,288 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/10/17 15:20:27 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4246244673-1180196177-2491319184-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4246244673-1180196177-2491319184-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4246244673-1180196177-2491319184-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 88 D5 D8 C3 E7 CA 01 [binary data]
IE - HKU\S-1-5-21-4246244673-1180196177-2491319184-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4246244673-1180196177-2491319184-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4246244673-1180196177-2491319184-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.reddit.com/|http://www.facebook.com/|https://www.americaneagle.org/Default.aspx|http://www.ccsu.edu/|https://www.chase.com/Chase.html|http://www.amazon.com/|http://www.newegg.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/04 14:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/04 14:01:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010/10/13 22:41:36 | 000,000,000 | ---D | M]

[2010/01/28 12:31:34 | 000,000,000 | ---D | M] -- C:\Users\CJ\AppData\Roaming\Mozilla\Extensions
[2010/10/14 23:17:06 | 000,000,000 | ---D | M] -- C:\Users\CJ\AppData\Roaming\Mozilla\Firefox\Profiles\wzpkbrhe.default\extensions
[2010/09/20 10:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CJ\AppData\Roaming\Mozilla\Firefox\Profiles\wzpkbrhe.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/09/20 10:39:52 | 000,000,000 | ---D | M] -- C:\Users\CJ\AppData\Roaming\Mozilla\Firefox\Profiles\wzpkbrhe.default\extensions\info@djzig.com
[2010/10/14 23:13:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/10 11:28:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/29 13:58:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/02 22:04:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/14 23:13:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/03/11 19:11:35 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-4246244673-1180196177-2491319184-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\.DEFAULT..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited)
O4 - HKU\S-1-5-18..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\CJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\CJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6d05bbfd-c467-11df-b38e-001fbc091f79}\Shell - "" = AutoRun
O33 - MountPoints2\{6d05bbfd-c467-11df-b38e-001fbc091f79}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/17 15:14:46 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2010/10/14 23:43:16 | 000,000,000 | ---D | C] -- C:\Users\CJ\AppData\Roaming\Malwarebytes
[2010/10/14 23:43:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/14 23:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/14 23:43:09 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/14 23:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\nothingsuspicious
[2010/10/14 23:21:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/10/14 10:23:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/13 23:48:58 | 000,000,000 | ---D | C] -- C:\Users\CJ\AppData\Roaming\Auslogics
[2010/10/13 23:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2010/10/13 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/10/13 23:08:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/10/13 22:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/10/13 22:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010/10/13 22:40:51 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/10/12 16:58:19 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/12 16:58:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/12 16:58:07 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/12 16:57:56 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/12 16:57:29 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/12 16:57:26 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/12 16:57:26 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/12 16:57:22 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/12 16:57:22 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/12 16:57:13 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/12 16:57:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/12 16:57:12 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/12 16:57:12 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/12 16:57:12 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/12 16:57:11 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/12 16:57:11 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/12 16:57:11 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/12 16:57:11 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/12 16:57:11 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/12 16:57:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/12 16:57:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/12 16:57:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/12 16:57:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/12 16:57:09 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/12 16:57:06 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/12 16:57:04 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/12 16:57:04 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/12 16:57:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/11 14:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roadkil.Net
[2010/10/05 11:51:33 | 000,000,000 | ---D | C] -- C:\Users\CJ\AppData\Local\PunkBuster
[2010/10/05 11:51:31 | 000,000,000 | ---D | C] -- C:\Users\CJ\Documents\EA Games
[2010/10/04 14:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/04 14:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/10/04 14:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/04 14:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/04 14:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/10/03 10:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/09/23 22:53:28 | 000,000,000 | ---D | C] -- C:\Users\CJ\AppData\Roaming\Hi-Rez Studios
[2010/09/21 03:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/09/20 01:05:29 | 000,000,000 | ---D | C] -- C:\Users\CJ\D2-1.12A-enUS
[2010/09/20 00:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/09/20 00:13:40 | 000,000,000 | ---D | C] -- C:\Users\CJ\AppData\Roaming\EVEMon
[2010/09/20 00:10:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVEMon
[2010/01/02 22:51:47 | 000,802,304 | ---- | C] (Acresso Software Inc. ) -- C:\Program Files (x86)\setup.exe
[2010/01/02 22:51:47 | 000,576,000 | ---- | C] (Acresso Software Inc.) -- C:\Program Files (x86)\ISSetup.dll
[2009/02/21 10:29:46 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/17 15:20:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/17 15:20:27 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010/10/17 15:20:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/17 15:20:13 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 15:19:38 | 000,064,756 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000000-00001102-00000005-00311102}.rfx
[2010/10/17 15:19:38 | 000,060,844 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000000-00001102-00000005-00311102}.rfx
[2010/10/17 15:19:38 | 000,060,844 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000000-00001102-00000005-00311102}.rfx
[2010/10/17 15:19:30 | 000,010,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 15:19:30 | 000,010,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 15:16:23 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/17 15:16:23 | 000,628,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/17 15:16:23 | 000,108,260 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/15 11:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/15 00:10:50 | 000,544,768 | ---- | M] () -- C:\Users\CJ\Desktop\dds.scr
[2010/10/14 23:43:13 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 23:48:55 | 000,001,140 | ---- | M] () -- C:\Users\CJ\Desktop\Auslogics Disk Defrag.lnk
[2010/10/13 23:30:51 | 000,001,011 | ---- | M] () -- C:\Users\CJ\Desktop\CCleaner.lnk
[2010/10/13 23:08:59 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/13 23:04:31 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/10/13 22:51:20 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/10/13 22:50:42 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/13 22:42:55 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/10/13 22:42:55 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/10/13 22:35:01 | 513,759,679 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/13 03:22:37 | 002,891,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/11 14:37:51 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk
[2010/10/11 11:12:44 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/10/05 12:02:04 | 000,218,496 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/10/03 12:52:44 | 000,000,218 | ---- | M] () -- C:\Users\CJ\.recently-used.xbel
[2010/10/03 10:48:57 | 000,000,917 | ---- | M] () -- C:\Users\CJ\Desktop\Ventrilo.lnk
[2010/09/30 22:15:42 | 000,008,874 | ---- | M] () -- C:\Users\CJ\Documents\test.odp
[2010/09/22 22:11:00 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/09/20 00:41:01 | 000,001,254 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/15 00:10:49 | 000,544,768 | ---- | C] () -- C:\Users\CJ\Desktop\dds.scr
[2010/10/14 23:43:13 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 23:48:55 | 000,001,140 | ---- | C] () -- C:\Users\CJ\Desktop\Auslogics Disk Defrag.lnk
[2010/10/13 23:08:59 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/13 22:42:55 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/10/13 22:42:55 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/10/11 14:37:51 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk
[2010/10/05 11:51:36 | 000,218,496 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/10/04 14:03:04 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/03 12:52:44 | 000,000,218 | ---- | C] () -- C:\Users\CJ\.recently-used.xbel
[2010/10/03 10:48:57 | 000,000,917 | ---- | C] () -- C:\Users\CJ\Desktop\Ventrilo.lnk
[2010/09/30 22:15:41 | 000,008,874 | ---- | C] () -- C:\Users\CJ\Documents\test.odp
[2010/09/20 00:39:53 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/02/07 02:11:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/02 22:51:47 | 523,344,867 | ---- | C] () -- C:\Program Files (x86)\data2.cab
[2010/01/02 22:51:47 | 001,669,931 | ---- | C] () -- C:\Program Files (x86)\setup.isn
[2010/01/02 22:51:47 | 001,061,129 | ---- | C] () -- C:\Program Files (x86)\data1.cab
[2010/01/02 22:51:47 | 000,255,777 | ---- | C] () -- C:\Program Files (x86)\setup.inx
[2010/01/02 22:51:47 | 000,214,975 | ---- | C] () -- C:\Program Files (x86)\data1.hdr
[2010/01/02 22:51:47 | 000,021,494 | ---- | C] () -- C:\Program Files (x86)\0x0409.ini
[2010/01/02 22:51:47 | 000,001,241 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2010/01/02 22:51:47 | 000,000,473 | ---- | C] () -- C:\Program Files (x86)\layout.bin
[2009/11/13 12:15:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/12 17:56:26 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/08/06 01:20:37 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\RAEXTUI.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/27 21:14:52 | 000,000,180 | ---- | C] () -- C:\Users\CJ\AppData\Roaming\setup.log
[2009/05/27 21:14:20 | 000,000,760 | ---- | C] () -- C:\Users\CJ\AppData\Roaming\setup_ldm.iss
[2009/02/21 10:31:08 | 000,006,123 | ---- | C] () -- C:\Windows\SysWow64\AudioDrv.ini
[2009/02/21 10:29:46 | 000,098,174 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/02/21 10:29:46 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
[2009/02/21 10:29:46 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2009/02/21 10:29:46 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/02/21 10:29:46 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/02/21 10:29:00 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2009/02/21 10:28:56 | 000,108,544 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/02/21 10:28:56 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/02/20 12:41:07 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

< End of report >


	Logged

chauncyjay

Newbie

Posts: 15

Re: Computer Problems

« Reply #8 on: October 17, 2010, 01:51:12 PM »

As for emailing the MEMORY.DMP file, compressed with winzip, it is still 104MB, and exceeds the attachment cap on either of my email accounts.


	Logged

Jintan

Administrator
Hero Member

Posts: 3883

Re: Computer Problems

« Reply #9 on: October 17, 2010, 04:10:05 PM »

That is a honker of a dump file. I assume it is a full memory dump. But at that size I am not sure I would be able to assess it very much.

Quote

rename MalwareBytes upon installing it. I remember hearing somewhere that certain viruses/malware restrict access to certain programs based on name

Trying to figure out temp work-arounds is a good idea. Instead of folder names though, the emphasis is usually on the file name. Which you may also have tried. If you noticed the dds.scr name, scr is to run screen saver files, which also happens to be executable files. The dds scanner is really an exe file. Sometimes system file names work, such as alg.exe. Just have to make sure you aren't placing that in the same folder as the real system file (Windows would block the name duplication anyway).

These latest scan results still aren't showing any malware. You mention making changes to run Malwarebytes. Was something interfering with that? If you were successful in running a scan with it, and that located and removed malware, see if you can post a copy of the log (under the Logs tab in the Malwarebytes display).

Did running the AVG remover improve anything? If site accesses are still blocked, post a few of the site page addresses in your next reply, so we can check for some common issues. Since malware sometimes adds sites to Internet Explorer's blocks, in IE, click Tools - Internet Options - Security tab, then click the Restricted sites icon, then the Sites button. Just make sure no non-malware sites got listed there.

See if you can run the following scan.

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.

If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.

Post that log please.


	Logged

chauncyjay

Newbie

Posts: 15

Re: Computer Problems

« Reply #10 on: October 17, 2010, 09:19:04 PM »

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251


	Logged

Jintan

Administrator
Hero Member

Posts: 3883

Re: Computer Problems

« Reply #11 on: October 18, 2010, 09:01:43 AM »

That does not look like the actual results log. Did Eset locate any infection? Also, what websites are blocked still please?


	Logged

chauncyjay

Newbie

Posts: 15

Re: Computer Problems

« Reply #12 on: October 18, 2010, 09:44:26 AM »

It did locate and remove one infection. That was the only log file i could find that was generated by the scan that was done. I've not been having problems with blocked websites, but I've not been able to run certain applications as administrator. I've had somewhat of an increase in system stability since that last scan, and I haven't had any system crashes since I've started posting on the board. Also, I ran scans with various anti-virus applications (uninstalling previous ones, except AVG somehow surviving) and each scan seemed to want to take an infinite amount of time, that is, every time I would check on the scan, the completion time would be longer, and it would make increasingly less progress (10% to 15% to 19% to 19% to 19% etc.).


	Logged

Jintan

Administrator
Hero Member

Posts: 3883

Re: Computer Problems

« Reply #13 on: October 18, 2010, 05:29:55 PM »

Check this folder, and see if Eset folder is there:

C:\Program Files (x86)

Then check for a log in that, but also check for the name of any files it has quarantined to that folder.

--------------

Could you give an example of programs you can not run as Administrator? Also what method do you use to learn you were not able to run them as Administrator?

---------------

The progressively slowing scan procedures could indicate that available resources are maxing out. Follow the MS steps here up until step 5. Before making any changes, post back here is "Automatically manage paging file size for all drives" has a check next to it.

----------------

Often antivirus uninstalls leave files/settings behind that can cause problems. And may not be picked up in the specific scan tools we use. Besides AVG and Kaspersky, what other AV programs were uninstalled there recently?


	Logged

Pages: [1]

« previous next »