Hi everyone, not exactly sure where to begin on this.
After attempting to remove a possible infection I lost full control of all Administrative privileges and found all my profiles corrupted and my restore points gone. Even the names of my User profiles and the corresponding document setting files for the Users are all misnamed and mismatch. When I log onto to my main account I am told that the user profile could not be loaded and a default profile has be loaded instead. I also can only log into my safe mode admin[COLOR=blue !important][COLOR=blue !important][/COLOR][/COLOR]account after an impossibly lo[COLOR=blue !important][COLOR=blue !important][COLOR=blue !important][/COLOR][/COLOR][/COLOR]ng load time which i[COLOR=blue !important][COLOR=blue ! important][/COLOR][/COLOR]t pops up with a black screen and command prompt. I can call up Explorer.exe through it though.
My attempts at repairing this corruption are frustrated due to an inability to access or reset admin control settings or use regedit etc... I receive an error message telling me I require administrative privileges to make such changes, even though the profile I am using is already an "administrator" account. And, when I boot into my Safe Mode Admin profile, the system[COLOR=blue !important][COLOR=blue ! important][/COLOR][/COLOR] hangs impossibly long (about 10-15 minutes) before it loads possibly due to profile corruption. Also, when I attempt to use[COLOR=blue !important][COLOR=blue ! important][/COLOR][/COLOR] utillities such as SubINACL, I receive a message saying the admin has specifically[COLOR=blue !important][COLOR=blue ! important][/COLOR][/COLOR] set permissions to prevent this installation.
I'm not sure at this point what I can do to fix this level of corruption. I have[COLOR=blue !important][COLOR=blue ! important][/COLOR][/COLOR] programs and customizations I will lose if I reformat and re-install, so I am hoping it will not come to this. Any ideas or help would be amazing, thanks.
Here is the DDS report. And I have uploaded Ark and Attach as txt files in the windows zip folder as requested.
(Though it seems to be listed quite a bit, Daemon tools has already been removed and does not show up in my programs folder or in my add/remove programs list.)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_29
Run by Master at 20:00:08 on 2013-06-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2567 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Eraser\Eraser.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=109130&tt=090212_ctrl&babsrc=HP_ss&mntrId=7cc2268e00000000000008863b348ad4
uLocal Page =
mLocal Page =
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} -
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-11 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-11 174664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-30 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-30 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-30 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-11 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-30 46808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-30 418376]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-11-8 225592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-30 22856]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-30 701512]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys --> c:\windows\system32\drivers\athuw.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-7-7 16512]
S3 cpuz134;cpuz134;\??\c:\docume~1\master\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\master\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 ldiskl;ldiskl;\??\c:\docume~1\master\locals~1\temp\ldiskl.sys --> c:\docume~1\master\locals~1\temp\ldiskl.sys [?]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys --> c:\windows\system32\drivers\nvoclock.sys [?]
S3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\RTL8192cu.sys [2013-6-11 987904]
S3 RTL8192su;TRENDnet 300Mbps Wireless N USB Adapter;c:\windows\system32\drivers\rtl8192su.sys --> c:\windows\system32\drivers\RTL8192su.sys [?]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
ShellExec: PortraitProfessional.exe: open="c:\program files\portrait professional 11 trial\PortraitProfessionalTrial.exe" /P "%1"
.
=============== Created Last 30 ================
.
2013-06-12 02:56:51 -------- d-----w- c:\documents and settings\master\Contacts
2013-06-12 02:56:44 -------- d-----w- c:\documents and settings\master\Searches
2013-06-12 02:56:44 -------- d-----w- c:\documents and settings\master\New Folder
2013-06-11 07:16:07 -------- d-----w- c:\documents and settings\master\local settings\application data\SWTORPerf
2013-06-11 06:03:13 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-06-11 05:59:51 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-06-11 05:59:20 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-06-11 05:57:53 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-06-11 05:57:53 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-06-11 05:57:13 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-06-11 05:56:45 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-06-11 05:56:29 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2013-06-11 05:56:29 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2013-06-11 05:56:27 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-06-11 05:50:59 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 05:50:14 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-06-11 05:48:56 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2013-06-11 05:48:42 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-06-11 05:48:39 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-06-11 05:48:19 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2013-06-11 05:47:19 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2013-06-11 05:46:19 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-06-11 05:45:45 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2013-06-11 05:45:45 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2013-06-11 05:45:45 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2013-06-11 05:45:45 110592 -c----w- c:\windows\system32\dllcache\services.exe
2013-06-11 05:45:44 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2013-06-11 05:45:44 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2013-06-11 05:45:44 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2013-06-11 05:43:56 -------- d-----w- c:\windows\system32\LogFiles
2013-06-11 05:41:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-11 05:41:58 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-11 05:41:56 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-11 05:39:38 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2013-06-11 05:39:35 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-06-11 05:37:12 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2013-06-11 05:37:11 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-06-11 05:37:11 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-06-11 05:37:11 2070144 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-06-11 05:37:11 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-06-11 05:37:07 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2013-06-11 05:36:56 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-06-11 05:35:32 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-06-11 05:22:10 987904 ----a-r- c:\windows\system32\drivers\RTL8192cu.sys
2013-06-10 23:52:44 2560 ----a-w- c:\documents and settings\all users\application data\microsoft\usmt\iconlib.dll
2013-06-10 19:29:00 -------- d-----r- c:\documents and settings\master\Copy of Copy of Start Menu
2013-06-10 19:28:56 -------- d--h--r- c:\documents and settings\master\Copy (4) of Recent
.
==================== Find3M ====================
.
2013-06-11 13:08:16 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-06-11 05:50:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59:10 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-26 01:59:16 668672 ----a-w- c:\windows\system32\wininet.dll
2013-04-26 01:59:15 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-04-26 01:59:15 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-26 00:53:30 369664 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:00:59.00 ===============
After attempting to remove a possible infection I lost full control of all Administrative privileges and found all my profiles corrupted and my restore points gone. Even the names of my User profiles and the corresponding document setting files for the Users are all misnamed and mismatch. When I log onto to my main account I am told that the user profile could not be loaded and a default profile has be loaded instead. I also can only log into my safe mode admin[COLOR=blue !important][COLOR=blue !important][/COLOR][/COLOR]account after an impossibly lo[COLOR=blue !important][COLOR=blue !important][COLOR=blue !important][/COLOR][/COLOR][/COLOR]ng load time which i[COLOR=blue !important][COLOR=blue ! important][/COLOR][/COLOR]t pops up with a black screen and command prompt. I can call up Explorer.exe through it though.
My attempts at repairing this corruption are frustrated due to an inability to access or reset admin control settings or use regedit etc... I receive an error message telling me I require administrative privileges to make such changes, even though the profile I am using is already an "administrator" account. And, when I boot into my Safe Mode Admin profile, the system[COLOR=blue !important][COLOR=blue ! important][/COLOR][/COLOR] hangs impossibly long (about 10-15 minutes) before it loads possibly due to profile corruption. Also, when I attempt to use[COLOR=blue !important][COLOR=blue ! important][/COLOR][/COLOR] utillities such as SubINACL, I receive a message saying the admin has specifically[COLOR=blue !important][COLOR=blue ! important][/COLOR][/COLOR] set permissions to prevent this installation.
I'm not sure at this point what I can do to fix this level of corruption. I have[COLOR=blue !important][COLOR=blue ! important][/COLOR][/COLOR] programs and customizations I will lose if I reformat and re-install, so I am hoping it will not come to this. Any ideas or help would be amazing, thanks.
Here is the DDS report. And I have uploaded Ark and Attach as txt files in the windows zip folder as requested.
(Though it seems to be listed quite a bit, Daemon tools has already been removed and does not show up in my programs folder or in my add/remove programs list.)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_29
Run by Master at 20:00:08 on 2013-06-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2567 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Eraser\Eraser.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=109130&tt=090212_ctrl&babsrc=HP_ss&mntrId=7cc2268e00000000000008863b348ad4
uLocal Page =
mLocal Page =
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} -
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-11 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-11 174664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-30 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-30 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-30 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-11 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-30 46808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-30 418376]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-11-8 225592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-30 22856]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-30 701512]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys --> c:\windows\system32\drivers\athuw.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-7-7 16512]
S3 cpuz134;cpuz134;\??\c:\docume~1\master\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\master\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 ldiskl;ldiskl;\??\c:\docume~1\master\locals~1\temp\ldiskl.sys --> c:\docume~1\master\locals~1\temp\ldiskl.sys [?]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys --> c:\windows\system32\drivers\nvoclock.sys [?]
S3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\RTL8192cu.sys [2013-6-11 987904]
S3 RTL8192su;TRENDnet 300Mbps Wireless N USB Adapter;c:\windows\system32\drivers\rtl8192su.sys --> c:\windows\system32\drivers\RTL8192su.sys [?]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
ShellExec: PortraitProfessional.exe: open="c:\program files\portrait professional 11 trial\PortraitProfessionalTrial.exe" /P "%1"
.
=============== Created Last 30 ================
.
2013-06-12 02:56:51 -------- d-----w- c:\documents and settings\master\Contacts
2013-06-12 02:56:44 -------- d-----w- c:\documents and settings\master\Searches
2013-06-12 02:56:44 -------- d-----w- c:\documents and settings\master\New Folder
2013-06-11 07:16:07 -------- d-----w- c:\documents and settings\master\local settings\application data\SWTORPerf
2013-06-11 06:03:13 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-06-11 05:59:51 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-06-11 05:59:20 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-06-11 05:57:53 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-06-11 05:57:53 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-06-11 05:57:13 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-06-11 05:56:45 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-06-11 05:56:29 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2013-06-11 05:56:29 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2013-06-11 05:56:27 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-06-11 05:50:59 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 05:50:14 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-06-11 05:48:56 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2013-06-11 05:48:42 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-06-11 05:48:39 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-06-11 05:48:19 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2013-06-11 05:47:19 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2013-06-11 05:46:19 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-06-11 05:45:45 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2013-06-11 05:45:45 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2013-06-11 05:45:45 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2013-06-11 05:45:45 110592 -c----w- c:\windows\system32\dllcache\services.exe
2013-06-11 05:45:44 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2013-06-11 05:45:44 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2013-06-11 05:45:44 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2013-06-11 05:43:56 -------- d-----w- c:\windows\system32\LogFiles
2013-06-11 05:41:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-11 05:41:58 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-11 05:41:56 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-11 05:39:38 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2013-06-11 05:39:35 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-06-11 05:37:12 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2013-06-11 05:37:11 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-06-11 05:37:11 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-06-11 05:37:11 2070144 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-06-11 05:37:11 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-06-11 05:37:07 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2013-06-11 05:36:56 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-06-11 05:35:32 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-06-11 05:22:10 987904 ----a-r- c:\windows\system32\drivers\RTL8192cu.sys
2013-06-10 23:52:44 2560 ----a-w- c:\documents and settings\all users\application data\microsoft\usmt\iconlib.dll
2013-06-10 19:29:00 -------- d-----r- c:\documents and settings\master\Copy of Copy of Start Menu
2013-06-10 19:28:56 -------- d--h--r- c:\documents and settings\master\Copy (4) of Recent
.
==================== Find3M ====================
.
2013-06-11 13:08:16 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-06-11 05:50:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59:10 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-26 01:59:16 668672 ----a-w- c:\windows\system32\wininet.dll
2013-04-26 01:59:15 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-04-26 01:59:15 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-26 00:53:30 369664 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:00:59.00 ===============