Need Help Super Slow Comp That Freezes

This forum is for removing Malware, Spyware, Adware. Post your HijackThis, DDS, RSIT, Combofix logs here.

Moderator: Moderators

Need Help Super Slow Comp That Freezes

Postby christopherdamon » Tue Nov 29, 2011 3:25 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:41 PM, on 11/28/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Christopher\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe /s
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [F.lux] "C:\Users\Christopher\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SRS HDAudio Lab Service (SRSHDAudioService) - SRS Labs, Inc. - C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: UZBX - Unknown owner - C:\Users\CHRIST~1\AppData\Local\Temp\UZBX.exe (file missing)
O23 - Service: VRS Recording System (VRSService) - NCH Software - C:\Program Files\NCH Swift Sound\VRS\vrs.exe

--
End of file - 9070 bytes
christopherdamon
 
Posts: 14
Joined: Mon Aug 09, 2010 1:31 am

Re: Need Help Super Slow Comp That Freezes

Postby christopherdamon » Tue Nov 29, 2011 3:26 am

ComboFix 11-11-23.01 - Christopher 11/23/2011 14:59:07.9.1 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2037.896 [GMT -8:00]
Running from: c:\users\Christopher\Desktop\Music\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 22:41 . 2011-11-23 23:05 -------- d-----w- c:\users\Christopher\AppData\Local\CrashDumps
2011-11-23 22:36 . 2011-11-23 23:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-23 22:35 . 2009-01-25 21:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-11-23 22:35 . 2011-11-23 22:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-11-23 22:34 . 2011-11-23 22:34 -------- d-----w- c:\programdata\Comodo
2011-11-23 22:34 . 2011-11-23 22:34 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-11-23 22:34 . 2011-11-23 22:34 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-11-23 22:34 . 2011-11-23 22:34 -------- d-----w- c:\program files\COMODO
2011-11-23 22:34 . 2011-11-23 22:34 -------- d-----w- c:\programdata\Comodo Downloader
2011-11-23 22:25 . 2010-07-16 22:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-11-23 22:25 . 2010-07-16 22:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-23 22:25 . 2011-01-17 17:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-23 22:25 . 2010-12-16 16:38 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-11-23 22:24 . 2010-12-11 00:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-23 22:24 . 2010-12-10 21:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-23 22:24 . 2010-12-16 16:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-23 22:24 . 2011-11-23 22:52 -------- d-----w- c:\program files\PC Tools Security
2011-11-23 22:24 . 2011-11-23 22:27 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-23 22:24 . 2011-11-23 22:24 -------- d-----w- c:\users\Christopher\AppData\Roaming\PC Tools
2011-11-23 22:23 . 2011-11-23 22:24 -------- d-----w- c:\programdata\PC Tools
2011-11-23 22:06 . 2011-11-23 22:06 -------- d-----w- c:\users\Christopher\AppData\Local\ID Vault
2011-11-22 06:10 . 2011-11-22 06:10 -------- d-----w- c:\program files\Speccy
2011-11-17 00:01 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-17 00:00 . 2011-11-17 01:09 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-17 00:00 . 2011-11-17 01:09 -------- d-----w- c:\program files\Symantec
2011-11-17 00:00 . 2011-11-17 00:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-11-16 23:59 . 2011-11-22 07:43 -------- d-----w- c:\windows\system32\drivers\N360
2011-11-16 23:59 . 2011-11-16 23:59 -------- d-----w- c:\program files\Norton Security Suite
2011-11-16 23:59 . 2011-11-16 23:59 -------- d-----w- c:\program files\NortonInstaller
2011-11-16 23:58 . 2011-11-16 23:59 -------- d-----w- c:\programdata\Norton
2011-11-16 23:53 . 2011-11-16 23:54 -------- d-----w- c:\users\User\AppData\Local\ID Vault
2011-11-16 23:53 . 2011-11-16 23:53 -------- d-----w- c:\programdata\IsolatedStorage
2011-11-16 23:53 . 2011-11-16 23:53 -------- d-----w- c:\users\User\AppData\Roaming\ID Vault
2011-11-16 23:52 . 2011-11-16 23:52 -------- d-----w- c:\users\Christopher\AppData\Roaming\ID Vault
2011-11-16 23:51 . 2011-07-05 18:24 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2011-11-16 23:49 . 2011-11-16 23:50 -------- d-----w- c:\programdata\GID
2011-11-16 23:49 . 2011-11-16 23:49 -------- d-----w- c:\program files\SFT
2011-11-16 23:48 . 2011-11-20 11:50 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-11-16 23:47 . 2011-11-16 23:47 -------- d-----w- c:\programdata\White Sky, Inc
2011-11-16 23:40 . 2011-11-16 23:40 -------- d-----w- C:\extensions
2011-11-16 23:40 . 2011-11-16 23:40 -------- d-----w- c:\program files\Conduit
2011-11-16 23:40 . 2011-11-16 23:40 -------- d-----w- c:\users\Christopher\AppData\Local\Conduit
2011-11-16 23:40 . 2011-11-16 23:40 -------- d-----w- c:\program files\uTorrentBar
2011-11-16 23:40 . 2011-11-16 23:40 -------- d-----w- c:\users\Christopher\AppData\Local\uTorrent
2011-11-16 23:39 . 2011-11-22 07:51 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2011-11-16 23:39 . 2011-11-16 23:39 -------- d-----w- c:\users\User\AppData\Local\uTorrent
2011-11-15 11:57 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30F3C13B-1ACD-4EC8-B9D7-2A291FC48A71}\mpengine.dll
2011-11-09 03:50 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 03:50 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 03:50 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-03 20:23 . 2011-11-23 07:32 -------- d-----w- c:\users\User\AppData\Local\Akamai
2011-10-28 04:12 . 2011-10-28 04:12 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-10-28 04:11 . 2011-10-28 04:11 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-10-28 04:02 . 2011-10-28 04:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-10-28 04:00 . 2011-10-28 04:00 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-10-28 03:12 . 2011-10-28 03:12 -------- d-----w- c:\users\Christopher\AppData\Local\Microsoft Help
2011-10-28 03:12 . 2011-11-09 11:06 -------- d-----w- c:\programdata\Microsoft Help
2011-10-27 06:29 . 2011-10-27 06:29 -------- d-----w- c:\program files\Common Files\xing shared
2011-10-27 06:28 . 2011-10-27 06:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-27 06:28 . 2011-10-27 06:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-27 06:28 . 2011-10-27 06:29 -------- d-----w- c:\program files\Real
2011-10-27 02:53 . 2011-10-27 02:53 -------- d-----w- c:\program files\VstPlugins
2011-10-27 02:53 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2011-10-27 02:53 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-10-27 02:53 . 2011-10-27 02:53 -------- d-----w- c:\program files\Outsim
2011-10-27 02:49 . 2011-10-27 02:53 -------- d-----w- c:\program files\Image-Line
2011-10-25 20:41 . 2011-10-25 22:11 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2011-10-25 20:41 . 2011-10-25 20:41 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2011-10-25 17:08 . 2011-10-25 17:08 -------- d-----w- c:\program files\iPod
2011-10-25 17:08 . 2011-10-25 17:09 -------- d-----w- c:\program files\iTunes
2011-10-25 17:04 . 2011-10-25 17:04 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 02:35 . 2011-10-14 10:09 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 10:09 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-27 04:26 . 2011-10-13 19:44 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 19:44 233472 ----a-w- c:\windows\system32\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Christopher\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-10-27 273528]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 182584]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2011-11-18 4680264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching "= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 11:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2010-03-09 12:28 11989960 ----a-w- c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 12:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
2011-08-09 23:56 417112 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-30 05:16 136176 ----atw- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-12 01:15 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-12 01:15 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-10 01:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-12-30 22:53 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-12 01:15 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 20:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 21:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRS]
2011-07-08 02:24 1206276 ----a-w- c:\program files\NCH Swift Sound\VRS\vrs.exe
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [2011-11-15 819320]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111122.030\IDSvix86.sys [2011-11-16 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2010-11-16 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0501000.01D\SYMNETS.SYS [2011-07-09 299640]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [2011-11-18 63048]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-17 32672]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
R2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [2011-02-02 12648]
R2 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [2011-07-08 1206276]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-16 106104]
R3 LRC;LRC;c:\users\CHRIST~1\AppData\Local\Temp\LRC.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-11-23 4012424]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2010-11-15 390944]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-18 111152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-30 1343400]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 GIDv2;GIDv2; [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 154424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 18:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-11-23 23:46]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887291465-960148841-4248970860-1001Core.job
- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30 05:16]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887291465-960148841-4248970860-1001UA.job
- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30 05:16]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887291465-960148841-4248970860-1004Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-28 04:28]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887291465-960148841-4248970860-1004UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-28 04:28]
.
2011-11-23 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-11-23 23:46]
.
2011-11-23 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-11-23 23:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2887291465-960148841-4248970860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2887291465-960148841-4248970860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(844)
c:\windows\System32\SyncCenter.dll
c:\windows\System32\bthprops.cpl
.
Completion time: 2011-11-23 15:13:10
ComboFix-quarantined-files.txt 2011-11-23 23:13
ComboFix2.txt 2011-09-27 05:02
ComboFix3.txt 2011-07-15 02:09
ComboFix4.txt 2011-05-23 23:18
ComboFix5.txt 2011-11-23 22:55
.
Pre-Run: 60,898,955,264 bytes free
Post-Run: 60,808,146,944 bytes free
.
- - End Of File - - 7359AA4D93C479EF0BA93ECC2626B72D


Image
christopherdamon
 
Posts: 14
Joined: Mon Aug 09, 2010 1:31 am

Re: Need Help Super Slow Comp That Freezes

Postby patrik » Tue Nov 29, 2011 11:05 am

Hello, sorry for delay.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Looks like you have a lot of antivirus and antispyware apps:
You need to leave an one antivirus and antispyware application.

Next step.
Open notepad, copy/paste the text in the code box below into notepad:
Code: Select all
Driver::
LRC
XDva375
XDva387

Name the Notepad file CFScript and Save it to your desktop. Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
Image
When finished, it will produce a report for you.

Post back with a combofix log.
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm

Re: Need Help Super Slow Comp That Freezes

Postby christopherdamon » Tue Nov 29, 2011 5:39 pm

ComboFix 11-11-29.04 - Christopher 11/29/2011 9:19.10.1 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2037.1578 [GMT -8:00]
Running from: c:\users\Christopher\Desktop\ComboFix.exe
Command switches used :: c:\users\Christopher\Desktop\CFScript.txt
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA375
-------\Legacy_XDVA387
-------\Service_XDva375
-------\Service_XDva387
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 17:28 . 2011-11-29 17:28 -------- d-----w- c:\users\User\AppData\Local\temp
2011-11-29 17:28 . 2011-11-29 17:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-29 17:28 . 2011-11-29 17:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-11-29 17:28 . 2011-11-29 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-29 17:14 . 2011-11-29 17:14 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A73013D4-F20B-4EC3-865E-B78D659679F5}\offreg.dll
2011-11-29 03:08 . 2011-11-29 03:08 -------- d-----w- c:\program files\Trend Micro
2011-11-25 02:26 . 2011-11-25 02:31 -------- d-----w- c:\program files\BHODemon 2
2011-11-25 02:22 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A73013D4-F20B-4EC3-865E-B78D659679F5}\mpengine.dll
2011-11-25 02:20 . 2011-11-25 02:20 -------- d-----w- c:\program files\Sophos
2011-11-24 06:48 . 2011-11-24 06:48 224621 ----a-w- c:\programdata\1322116654.bdinstall.bin
2011-11-24 06:38 . 2011-11-24 06:38 -------- d-----w- c:\users\Christopher\AppData\Roaming\QuickScan
2011-11-24 06:08 . 2011-11-25 03:19 81984 ----a-w- c:\windows\system32\bdod.bin
2011-11-24 05:20 . 2011-11-24 05:20 -------- d-----w- c:\users\Christopher\AppData\Local\COMODO
2011-11-24 03:38 . 2011-11-25 02:11 -------- d-----w- c:\users\Christopher\AppData\Roaming\BitDefender
2011-11-24 03:36 . 2011-11-25 02:11 -------- d-----w- c:\program files\BitDefender
2011-11-24 03:36 . 2011-11-24 06:43 -------- d-----w- c:\programdata\BitDefender
2011-11-24 03:26 . 2011-11-25 02:11 -------- d-----w- c:\program files\Common Files\BitDefender
2011-11-24 02:08 . 2011-11-24 02:08 -------- d-----w- c:\users\Christopher\AppData\Roaming\Avira
2011-11-24 00:12 . 2011-11-24 00:40 -------- d-----w- c:\users\Christopher\DoctorWeb
2011-11-24 00:07 . 2011-09-16 07:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-24 00:07 . 2011-09-18 16:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-24 00:07 . 2011-09-16 07:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-24 00:07 . 2011-11-24 00:07 -------- d-----w- c:\programdata\Avira
2011-11-24 00:07 . 2011-11-24 00:07 -------- d-----w- c:\program files\Avira
2011-11-23 23:46 . 2011-11-25 03:29 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-11-23 22:41 . 2011-11-29 08:10 -------- d-----w- c:\users\Christopher\AppData\Local\CrashDumps
2011-11-23 22:36 . 2011-11-23 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-23 22:35 . 2009-01-25 21:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-11-23 22:35 . 2011-11-23 22:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-11-23 22:34 . 2011-11-24 02:08 -------- d-----w- c:\programdata\Comodo
2011-11-23 22:34 . 2011-11-23 23:37 -------- d-----w- c:\program files\COMODO
2011-11-23 22:34 . 2011-11-23 22:34 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-11-23 22:34 . 2011-11-23 23:36 -------- d-----w- c:\programdata\Comodo Downloader
2011-11-23 22:25 . 2010-07-16 22:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-11-23 22:25 . 2010-07-16 22:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-23 22:25 . 2011-01-17 17:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-23 22:25 . 2010-12-16 16:38 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-11-23 22:24 . 2010-12-11 00:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-23 22:24 . 2010-12-10 21:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-23 22:24 . 2010-12-16 16:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-23 22:24 . 2011-11-25 02:12 -------- d-----w- c:\program files\PC Tools Security
2011-11-23 22:24 . 2011-11-25 02:12 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-23 22:23 . 2011-11-23 22:24 -------- d-----w- c:\programdata\PC Tools
2011-11-23 22:06 . 2011-11-24 06:32 -------- d-----w- c:\users\Christopher\AppData\Local\ID Vault
2011-11-22 06:10 . 2011-11-22 06:10 -------- d-----w- c:\program files\Speccy
2011-11-17 00:01 . 2011-07-06 20:44 27888 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-17 00:00 . 2011-11-24 05:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-11-16 23:58 . 2011-11-24 05:57 -------- d-----w- c:\programdata\Norton
2011-11-16 23:53 . 2011-11-16 23:54 -------- d-----w- c:\users\User\AppData\Local\ID Vault
2011-11-16 23:53 . 2011-11-16 23:53 -------- d-----w- c:\programdata\IsolatedStorage
2011-11-16 23:53 . 2011-11-16 23:53 -------- d-----w- c:\users\User\AppData\Roaming\ID Vault
2011-11-16 23:52 . 2011-11-16 23:52 -------- d-----w- c:\users\Christopher\AppData\Roaming\ID Vault
2011-11-16 23:51 . 2011-07-05 18:24 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2011-11-16 23:49 . 2011-11-16 23:50 -------- d-----w- c:\programdata\GID
2011-11-16 23:49 . 2011-11-16 23:49 -------- d-----w- c:\program files\SFT
2011-11-16 23:48 . 2011-11-20 11:50 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-11-16 23:47 . 2011-11-16 23:47 -------- d-----w- c:\programdata\White Sky, Inc
2011-11-16 23:40 . 2011-11-16 23:40 -------- d-----w- C:\extensions
2011-11-16 23:40 . 2011-11-25 03:11 -------- d-----w- c:\users\Christopher\AppData\Local\Conduit
2011-11-16 23:40 . 2011-11-16 23:40 -------- d-----w- c:\users\Christopher\AppData\Local\uTorrent
2011-11-16 23:39 . 2011-11-22 07:51 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2011-11-16 23:39 . 2011-11-16 23:39 -------- d-----w- c:\users\User\AppData\Local\uTorrent
2011-11-09 03:50 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 03:50 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 03:50 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-08 02:47 . 2011-10-08 02:47 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-08 02:47 . 2011-10-08 02:47 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-08 02:47 . 2011-10-08 02:47 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-08 02:47 . 2011-10-08 02:47 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-08 02:47 . 2011-10-08 02:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-08 02:47 . 2011-10-08 02:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-09-01 02:35 . 2011-10-14 10:09 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 10:09 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Christopher\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-10-27 273528]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 182584]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BHODemon 2.0.lnk - c:\program files\BHODemon 2\BHODemon.exe [2005-6-19 946176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2011-11-18 4680264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching "= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 11:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2010-03-09 12:28 11989960 ----a-w- c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 12:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
2011-08-09 23:56 417112 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-30 05:16 136176 ----atw- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-12 01:15 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-12 01:15 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-10 01:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-12-30 22:53 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-12 01:15 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 20:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 21:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRS]
2011-07-08 02:24 1206276 ----a-w- c:\program files\NCH Swift Sound\VRS\vrs.exe
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-08 488208]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-24 86224]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [2011-11-18 63048]
R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-17 32672]
R2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [2011-02-02 12648]
R2 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [2011-07-08 1206276]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\3E57.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-11-23 4012424]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2010-11-15 390944]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UZBX;UZBX;c:\users\CHRIST~1\AppData\Local\Temp\UZBX.exe [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-18 111152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-30 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-10-08 19600]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-08 39640]
S1 GIDv2;GIDv2; [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 18:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-11-23 23:46]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887291465-960148841-4248970860-1001Core.job
- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30 05:16]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887291465-960148841-4248970860-1001UA.job
- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30 05:16]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887291465-960148841-4248970860-1004Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-28 04:28]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2887291465-960148841-4248970860-1004UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-28 04:28]
.
2011-11-23 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-11-23 23:46]
.
2011-11-23 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-11-23 23:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3E57.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2887291465-960148841-4248970860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2887291465-960148841-4248970860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2011-11-29 09:37:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 17:37
ComboFix2.txt 2011-11-24 08:24
ComboFix3.txt 2011-11-23 23:13
ComboFix4.txt 2011-09-27 05:02
ComboFix5.txt 2011-11-29 17:17
.
Pre-Run: 56,766,980,096 bytes free
Post-Run: 56,177,111,040 bytes free
.
- - End Of File - - EC2A75A5BDC685EEC4DCBCB9F7DA8B36
christopherdamon
 
Posts: 14
Joined: Mon Aug 09, 2010 1:31 am


Return to Spyware Removal

Who is online

Users browsing this forum: No registered users and 9 guests

cron