Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Avast URL MAL popups and other issues!


  • This topic is locked This topic is locked
22 replies to this topic

#1 derann

derann

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:50 AM

Posted 03 May 2011 - 11:28 AM

Hi Guys,
Apologies if this is posted in the wrong place, but I am new to these forums and require help if at all possible.
I am fairly proficient with using and maintaining my pc but over the last few days I believe I have been infected by some type of malware.
I am using avast free edition to protect the pc and scan it regularly with Malwarebytes and also have threatfire installed.
Operating system is Vista Home Premium
Cpu is Intel quad Q8200 2.33Ghz with 3 Gb of RAM
I download a fair amount of torrents from fairly reliable sites regularly and have had no trouble until now.
Malewarebytes detected no infection I ran a full boot time scan using Avast and it removed a couple of trojans but unfortunately I never wrote down what they were.
I noticed that the little avast icon was no longer displayed on the desktop so redownloaded and installed it.
Avast continues to popup with various threats about url's I have never heard of, lkckclckl1i1i.com is one example.
Also I have noticed that when I run cc cleaner I now seem to get a lot of cookies in appdata\roaming folder which I have never experienced before,

The pc has crashed a few times and just doesnt seem to be running as it should.
Reading through a few of the forums I downloaded Combofix and tried to run it but I keep getting a message that the file is allegedly corrupt.
Any help would be gratefully accepted as I am going round in circles trying to download various malware removal tools and getting nowhere as either they wont run at all or else say that the system is clean.
Regards
Derek


DDS and HijackThis logs attached

Attached Files


Edited by derann, 03 May 2011 - 01:54 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 AM

Posted 09 May 2011 - 12:39 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 derann

derann
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:50 AM

Posted 09 May 2011 - 10:02 AM

Hi Gringo,
Thanks for your reply to my request for assistance.
As instructed I ran DeFogger then DDS,
Rootkit Unhooker did not run but is showing up in running processes!

DDS Log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Derek at 15:52:29.39 on 09/05/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1281 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\recvrsvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\Derek\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [NETGEARDigitalEntertainer] c:\program files\netgear\netgear digital entertainer for windows\receiver.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ThreatFire] "c:\program files\threatfire\TFTray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\derek\appdata\roaming\mozilla\firefox\profiles\h7qq1gk5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\derek\appdata\roaming\mozilla\plugins\npDXStudioPlugin.DLL
.
---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-6 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-10-24 28552]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-5-10 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-5-10 59664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-3 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-3 307288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-3 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-3 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-3 42184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-4-23 21504]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 recvrsvc.exe;NETGEAR Receiver Service;c:\program files\netgear\netgear digital entertainer for windows\recvrsvc.exe [2009-4-29 172808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-26 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-5-4 45616]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2007-4-26 17792]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-5-10 33552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-14 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2146496]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-14 136176]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [2010-8-2 103552]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-4-27 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-4-27 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-4-27 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-4-27 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-4-27 25704]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2010-4-23 16896]
.
=============== Created Last 30 ================
.
2011-05-07 00:00:21 -------- d-----w- c:\users\derek\appdata\local\temp
2011-05-06 23:42:54 -------- d-----w- C:\$RECYCLE.BIN
2011-05-06 23:13:35 98816 ----a-w- c:\windows\sed.exe
2011-05-06 23:13:35 89088 ----a-w- c:\windows\MBR.exe
2011-05-06 23:13:35 256512 ----a-w- c:\windows\PEV.exe
2011-05-06 23:13:35 161792 ----a-w- c:\windows\SWREG.exe
2011-05-06 22:44:28 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-06 22:19:15 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-06 21:17:08 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-06 11:28:02 -------- d-----w- c:\users\derek\Pavark
2011-05-06 11:13:30 -------- d-----w- c:\progra~2\SecTaskMan
2011-05-06 11:13:23 -------- d-----w- c:\program files\Security Task Manager
2011-05-05 21:40:24 3263 ----a-w- C:\register.reg
2011-05-05 01:27:18 -------- d-----w- c:\program files\MagicISO
2011-05-04 12:18:40 -------- d-----w- c:\program files\ESET
2011-05-04 11:30:16 2418162 ----a-w- C:\MGtools.exe
2011-05-03 20:52:22 -------- d-----w- c:\program files\WhatsRunning
2011-05-03 15:46:23 -------- d-----w- C:\Combo-Fix
2011-05-03 09:58:50 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-03 09:58:49 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-03 09:58:18 40112 ----a-w- c:\windows\avastSS.scr
2011-05-03 09:58:01 -------- d-----w- c:\program files\AVAST Software
2011-05-03 09:58:01 -------- d-----w- c:\progra~2\AVAST Software
2011-05-03 01:53:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-03 01:53:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-03 01:52:38 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-02 17:56:06 -------- d-----w- c:\users\derek\appdata\roaming\SUPERAntiSpyware.com
2011-05-02 17:56:06 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-05-02 17:55:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-02 16:22:24 102400 ----a-w- c:\windows\RegBootClean.exe
2011-05-02 11:46:36 -------- d-----w- c:\users\derek\appdata\roaming\Ydmeik
2011-05-01 20:10:41 -------- d-----w- c:\program files\TomTom International B.V
2011-05-01 20:10:30 -------- d-----w- c:\program files\TomTom HOME 2
2011-04-30 14:24:34 -------- d-----w- c:\windows\BBS Tools
2011-04-30 14:24:34 -------- d-----w- c:\program files\BBS Tools
2011-04-28 00:22:13 784136 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-04-26 16:09:09 -------- d-----w- c:\users\derek\appdata\local\dj3
2011-04-26 15:20:54 -------- d-----w- c:\program files\Dracula - The Path of the Dragon - Part 3
2011-04-26 14:54:50 -------- d-----w- c:\users\derek\appdata\roaming\Colibri Games
2011-04-26 14:54:50 -------- d-----w- c:\progra~2\Colibri Games
2011-04-26 14:54:20 -------- d-----w- c:\program files\The Tiny Bang Story
2011-04-25 17:37:09 -------- d-----w- c:\users\derek\appdata\roaming\Funlinker
2011-04-25 16:14:48 -------- d-----w- c:\progra~2\Avalon-Legends-Solitaire
2011-04-25 16:11:41 -------- d-----w- c:\users\derek\appdata\roaming\DGform
2011-04-23 20:57:43 -------- d-----w- c:\program files\iPod
2011-04-23 20:57:41 -------- d-----w- c:\program files\iTunes
2011-04-23 20:54:57 -------- d-----w- c:\program files\Bonjour
2011-04-23 17:07:24 -------- d-----w- c:\progra~2\Particles
2011-04-23 17:06:55 -------- d-----w- c:\progra~2\Far Mills
2011-04-23 14:05:53 -------- d-----w- c:\users\derek\appdata\roaming\GigantGames
2011-04-18 14:52:13 -------- d-----w- c:\users\derek\appdata\roaming\ShamanGS
2011-04-15 11:13:59 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a79c2122-094d-4f90-ad73-64ae7dc44ee9}\mpengine.dll
2011-04-13 17:18:01 -------- d-----w- c:\program files\Total Audio MP3 Converter
2011-04-13 14:52:46 -------- d-----w- c:\users\derek\appdata\roaming\Mp3tag
2011-04-13 14:52:37 -------- d-----w- c:\program files\Mp3tag
2011-04-11 23:40:18 -------- d-----w- c:\users\derek\Calibre Library
2011-04-11 23:40:13 -------- d-----w- c:\users\derek\appdata\roaming\calibre
2011-04-11 23:39:31 -------- d-----w- c:\program files\Calibre2
2011-04-11 12:05:02 -------- d-----w- c:\users\derek\Library
2011-04-11 12:04:57 -------- d-----w- c:\progra~2\kinoma
2011-04-11 12:04:05 -------- d-----w- c:\users\derek\appdata\local\Sony Corporation
2011-04-11 12:04:05 -------- d-----w- c:\program files\Sony
2011-04-11 12:04:05 -------- d-----w- c:\program files\common files\Sony Shared
2011-04-11 12:02:17 -------- d-----w- c:\users\derek\appdata\local\kinoma
2011-04-09 21:27:37 -------- d-----w- c:\users\derek\appdata\roaming\Enki Games
2011-04-09 21:22:02 -------- d-----w- c:\users\derek\appdata\roaming\thejoyoffarming
.
==================== Find3M ====================
.
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 19:28:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-05 19:28:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-23 07:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 07:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 07:27:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 07:27:00 5654120 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-02-23 07:27:00 4942952 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 07:27:00 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 07:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 07:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 07:27:00 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-23 07:27:00 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 07:27:00 10079336 ----a-w- c:\windows\system32\nvd3dum.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
============= FINISH: 15:56:08.46 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 22/04/2010 19:54:21
System Uptime: 09/05/2011 13:15:26 (2 hours ago)
.
Motherboard: Foxconn | | G31MX Series
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2331/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 54.053 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM (UDF)
K: is FIXED (NTFS) - 1863 GiB total, 1041.748 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: isatap.{AD1CCC16-74E4-45A0-B57B-8A7C9D2E43CB}
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
A Girl in the City 1.00
ABBYY FineReader 6.0 Sprint
Abigail and the Kingdom of Fairs 1.00
Acoustica Effects Pack
Acrobat.com
Activision Value\National Lampoon's University Tycoon
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Adobe Shockwave Player 11.5
aerosoft's - London Brighton Express
aerosoft's - VFR London X
Agatha Christie Trio 1.00
Aladdin and the Wonderful Lamp The 1001 Nights Extended 1.00
Allora and The Broken Portal 1.00
AllToAVI v4 r5394
Amanda Rose The Game of Time 1.00
Amelies Cafe Holiday Spirit 1.00
Amnesia - The Dark Descent
Ancient Secrets Mystery of the Vanishing Bride 1.00
AoA DVD Copy
Apparitions Kotsmine Hills 1.00
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Art of Murder Cards of Destiny BFG 1.00
Art of Murder The Secret Files 1.00
Aspectus Rinascimento Chronicles 1.00
µTorrent
Audible Download Manager
Avalon Legends Solitaire 1.00
avast! Free Antivirus
Awakening 2 Moonfell Wood 1.00
Awakening The Dreamless Castle 1.00
Aztec Tribe New Land 1.00
Baron Wittard - Nemesis of Ragnarok
BBS Tools
Bejeweled 3 1.00
Big Fish Games: Game Manager
Black Mirror 2
Blood and Ruby New 1.00
Blue Madonna A Carol Reed Mystery 1.00
Bonjour
Brighton-Portsmouth
Business Card Designer Plus 7.1.0.0
calibre
Camelias Locket The Tale of Dead Jim Cane 1.00
Cave Quest 1.00
CCleaner
CDBurnerXP
Celtic Lore Sidhe Hills 1.00
Christmas Puzzle 1.00
Christmas Wonderland 1.00
Chronicles of Albian The Magic Convention 1.00
Chronicles of Mystery Secret of the Lost Kingdom 1.00
Chronicles of Mystery: The Tree of Life
Cities XL 2011
Class_50_Content_Update
CloneDVD2
Clutter 1.00
ConvertXtoDVD 4.0.11.326
Conveyor Chaos 1.00
Crazy Machines New from the Lab 1.00
Crossworlds The Flying City 1.00
Curse of the Ghost Ship 1.00
Dark Parables 2 The Exiled Prince Collectors Edition 1.00
Dark Ritual 1.00
DespatchPal
Diamon Jones Devils Contract 1.00
Direct Show Ogg Vorbis Filter (remove only)
Diskeeper 2010 Pro Premier
Dr.Monocles Optical Experiment 1.00
Drawn Dark Flight Regular Edition 1.00
Drawn Dark Flight Regular V1.1 1.1.0
Dream Chronicles The Book of Water Collectors Edition 1.00
Dream Day 7 True Love 1.00
Dream Mysteries Case of the Red Fox 1.00
DVD Shrink 3.2
DVDInfoPro V6
DX Studio Player v3.2.68
Dying for Daylight 1.00
EA Download Manager
East Coast Express Part 1
East Coast Express Part 2
Echoes of Sorrow 1.00
Elixir of Immortality 1.00
Elves Inc.Christmas Mission 1.00
Emily Archer and the Curse of Tutankhamun 1.00
Empress of the Deep 2 Song of the Blue Whale CE 1.00
eMule
Epic Adventures Cursed Onboard 1.00
Epic Escapes Dark Seas 1.00
Escape - Special Edition Bundle 1.00
ESET Online Scanner v3
Exact Audio Copy 1.0beta1
F1 2010
Fallen Shadows 1.00
Family Tree Maker 2010
ffdshow [rev 3154] [2009-12-09]
FileZilla Client 3.3.4.1
Fishers Family Farm 1.00
Flight Operation X - British Airways
Flight Simulator X
Flight Simulator X Service Pack 1
Fly The Airbus A380 v2 for FSX
foobar2000 v1.0.3
FOX LiveUpdate
Frame Maker Pro 2.55
Free RM to MP3 Converter 1.12
Free WMV to AVI MPEG Converter v1.2
Glary Utilities Pro 2.30.0.1066
Golden Trails The New Western Rush with Extras 1.1.3
Google Earth
Google Update Helper
Gotcha Celebrity Secrets 1.00
Gravely Silent House of Deadlock Collectors Edition 1.00
Great Eastern
Guardians of Magic Amandas Awakening 1.00
Hallowed Legends Samhain CE 1.00
HDO Alice in Wonderland The Incredible Adventure 1.00
HDO Blake and Mortimer The Curse of the Thirty Denarii 1.00
Hexus 1.00
Hidden Mysteries Salem Secrets 1.00
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Officejet 6500 E710a-f Basic Device Software
HP Officejet 6500 E710a-f Help
HP Officejet 6500 E710a-f Product Improvement Study
HP Update
I.R.I.S. OCR
ImgBurn
Insider Tales The Stolen Venus 2 1.00
Insider Tales Triple Pack 1.00
iTunes
Jack of all Tribes 1.00
Jane Angel Templar Mystery 1.00
Jane Lucky 1.00
Java Auto Updater
Java™ 6 Update 20
Jewel Quest Mysteries The Seventh Gate Collectors Edition 1.27
Jewelry Secret Mystery Stones 1.00
Jodie Drake 1.00
Kingdom of Seven Seals 1.00
Koi Solitaire 1.00
Leeds Loop
Letters from Nowhere 2 1.00
Little Shop - Road Trip 1.00
Live ATC Chatter
London-Brighton Add Pack
London and South East v1.2
London Brighton Express 1.1 Update
London South Coast
Lost in Time The Clockwork Tower 1.00
Luxor 5th Passage 1.00
Maestro Music of Death Collectors Edition 1.00
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Making Tracks Greater Eastern for MSTS
Malwarebytes' Anti-Malware
Margrave The Curse of the Severed Heart CE 1.00
Marketsplash Shortcuts
Master Thief Skyscraping Sting 1.00
Menu Template Package 1 Ver 1.10
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Train Simulator
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0
Microsoft WSE 3.0 Runtime
Midland Mainline
mIRC
Moyea FLV Editor Pro Version: 3.1.13.0
Mozilla Firefox 4.0.1 (x86 en-GB)
MP3 Player Utilities 4.11
Mp3/Tag Studio 3.5 (beta 21)
Mp3tag v2.48
MSTS Patch 1.7.0519
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
Murder Island Secret of Tantalus 1.00
Muse 1.00
My Kingdom for the Princess 2 1.1
Mystery Agency A Vampires Kiss 1.00
Mystery Agency Secrets of the Orient 1.00
Mystery Case Files &reg;: 13th Skull ™
Mystery Case Files &reg;: 13th Skull ™ Collector's Edition
Mystery Case Files 13th Skull Collectors Edition 1.00
Mystery Novel 1.00
Mystery Seekers The Secret of the Haunted Mansion 1.00
Neighbors from Hell
Nene Valley Railway v1.2
Nene Valley Railway v1.51
NETGEAR Digital Entertainer for Windows
NoLimits Coasters 1.7 (remove only)
NoLimits Fairground 1.0
NoLimits Track Packager 1.5
Nora Roberts Vision in White 1.00
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
Once Upon a Farm 1.00
OpenAL
Our Worst Fears Stained Skin 1.00
Paint Shop Pro 7
Panda ActiveScan 2.0
ParkPack v1
Patin-Couffin 19
PC Suite
Photo Collage Creator 3.61
Plato Photo Booth 11.09.01
PRS-500 USB driver
PuppetShow Lost Town CE 1.00
PVSonyDll
QuickTime
Quiz Time 5 1.00
Rapture3D 2.4.4 Game
Rare Treasures Dinnerware Trading Company BFG 1.00
Reader Library by Sony
Reading the Dead 1.00
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Relics of Fate A Penny Macey Mystery 1.00
Replay Video Capture
Robins Island Adventure 1.00
RollerCoaster Tycoon 2
Rollercoaster Tycoon 2 UCES
RollerCoaster Tycoon 2: Time Twister
RollerCoaster Tycoon 2: Wacky Worlds
Royal Challenge Solitaire 1.00
Save Our Spirit 1.00
SD40-2_Content_Update
Secret Missions Mata Hari and the Kaisers Submarines 1.00
Secunia PSI (2.0.0.3001)
Security Task Manager 1.8c
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB979332)
Serpent of Isis Your Journey Continues 1.00
Shades of Death Royal Blood 1.00
Shaman Odyssey Tropic Adventure 1.00
Sherlock Holmes - The Hound of the Baskervilles CE
Ship Simulator Extremes
Shiver Vanishing Hitchhiker Collectors Edition 1.00
Shrink Pic (remove)
Silent Scream The Dancer 1.00
Simple Adblock
Sims Medieval - Censor Remover
SIW version 2010.04.28
Slingo Mystery 2 1.00
Soul Journey 1.00
Southern Region
Spin It Again
Spybot - Search & Destroy
Strange Cases The Lighthouse Mystery Collectors Edition 1.00
Stray Souls Dollhouse Story Collectors Edition 1.00
Super nude patch 3 1.0
SUPERAntiSpyware
System Requirements Lab
Tamara the 13th 1.00
Tesco Download Manager
The Agency of Anomalies Mystic Hospital Collectors Edition 1.00
The Curse of the Ring 1.00
The Dragon Dance 1.00
The Incas Legacy 1.00
The Joy of Farming 1.00
The Revenge 1.00
The Secret Legacy A Kate Brooks Adventure 1.00
The Sims Medieval
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 World Adventures
The Swanage Railway 1.0
The Tale of The Lost Bride and A Hidden Treasure 1.00
ThreatFire
Time to Hurry Nicoles Story 1.00
TomTom HOME 2.8.1.2218
TomTom HOME Visual Studio Merge Modules
Total Audio MP3 Converter v2.2 build 968
TouchCopy 09
Train Store V3.2
Treasure Hunters 1.00
Treasure Seekers Follow the Ghosts Collectors Edition 1.00
Treasure Seekers: The Time Has Come Collector's Edition
Ultimate Traffic
Ultimate Traffic 2 Power Pack
Unlocker 1.8.9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vesuvia 1.00
Virtual Villagers The Lost Children 1.00
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Watermark 2.9.35
VLC media player 1.1.9
Voodoo Whisperer Curse of a Legend Collectors Edition 1.00
Wedding Album Maker Gold 3.08
West Coast Express
Wild West Story The Beginning 1.00
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Live ID Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinPcap 4.1.1
WinRAR archiver
WM Recorder 14
Wondershare Media Converter(Build 1.2.0.0)
Youda Survivor 2 1.00
Yucatan 1.00
.
==== Event Viewer Messages From Past Week ========
.
09/05/2011 13:16:25, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
09/05/2011 13:11:02, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
07/05/2011 00:46:56, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
07/05/2011 00:39:34, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
07/05/2011 00:18:51, Error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 00:18:51, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/05/2011 00:18:50, Error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 00:18:50, Error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 00:18:50, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 00:18:50, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 00:18:50, Error: Service Control Manager [7034] - The NETGEAR Receiver Service service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 00:18:50, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 00:18:50, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
07/05/2011 00:18:50, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
07/05/2011 00:18:50, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
07/05/2011 00:18:50, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/05/2011 00:18:50, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
06/05/2011 23:28:37, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
06/05/2011 22:17:09, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
06/05/2011 12:09:46, Error: Service Control Manager [7030] - The WYVVZXF service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
06/05/2011 12:07:26, Error: Service Control Manager [7000] - The BF service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/05/2011 12:07:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BF service to connect.
06/05/2011 12:06:55, Error: Service Control Manager [7030] - The BF service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
05/05/2011 12:55:45, Error: volsnap [36] - The shadow copies of volume K: were aborted because the shadow copy storage could not grow due to a user imposed limit.
04/05/2011 20:26:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
04/05/2011 20:26:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
04/05/2011 20:25:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
04/05/2011 20:25:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04/05/2011 20:25:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
04/05/2011 20:25:22, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi ElbyCDIO pavboot SASDIFSV SASKUTIL spldr sptd TfFsMon TfSysMon Wanarpv6
04/05/2011 20:25:22, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
04/05/2011 20:23:30, Error: sptd [4] - Driver detected an internal error in its data structures for .
03/05/2011 02:39:40, Error: EventLog [6008] - The previous system shutdown at 22:01:20 on 02/05/2011 was unexpected.
02/05/2011 20:50:27, Error: EventLog [6008] - The previous system shutdown at 20:45:11 on 02/05/2011 was unexpected.
02/05/2011 20:44:21, Error: EventLog [6008] - The previous system shutdown at 20:42:28 on 02/05/2011 was unexpected.
02/05/2011 20:38:47, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
02/05/2011 20:20:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
02/05/2011 20:16:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
02/05/2011 20:16:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
02/05/2011 20:16:02, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC ElbyCDIO NetBIOS netbt nsiproxy pavboot PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr sptd tdx Wanarpv6
02/05/2011 20:16:02, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/05/2011 20:16:02, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/05/2011 20:16:02, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02/05/2011 20:16:02, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/05/2011 20:16:02, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/05/2011 20:16:02, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
02/05/2011 20:16:02, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/05/2011 20:16:02, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/05/2011 20:16:02, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/05/2011 20:16:02, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/05/2011 19:56:51, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
02/05/2011 19:56:50, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
02/05/2011 19:43:28, Error: EventLog [6008] - The previous system shutdown at 19:41:19 on 02/05/2011 was unexpected.
02/05/2011 19:37:32, Error: EventLog [6008] - The previous system shutdown at 19:34:39 on 02/05/2011 was unexpected.
02/05/2011 18:45:32, Error: EventLog [6008] - The previous system shutdown at 18:36:15 on 02/05/2011 was unexpected.
02/05/2011 18:36:15, Error: EventLog [6008] - The previous system shutdown at 18:33:27 on 02/05/2011 was unexpected.
02/05/2011 16:45:30, Error: EventLog [6008] - The previous system shutdown at 16:42:27 on 02/05/2011 was unexpected.
02/05/2011 15:17:35, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
02/05/2011 15:17:35, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
02/05/2011 13:31:12, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed
02/05/2011 13:08:46, Error: EventLog [6008] - The previous system shutdown at 13:06:13 on 02/05/2011 was unexpected.
02/05/2011 13:00:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: qccxfds
02/05/2011 12:44:25, Error: EventLog [6008] - The previous system shutdown at 12:41:36 on 02/05/2011 was unexpected.
02/05/2011 02:32:50, Error: EventLog [6008] - The previous system shutdown at 02:30:51 on 02/05/2011 was unexpected.
02/05/2011 02:28:36, Error: EventLog [6008] - The previous system shutdown at 02:26:53 on 02/05/2011 was unexpected.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 AM

Posted 09 May 2011 - 11:57 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 derann

derann
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:50 AM

Posted 09 May 2011 - 02:28 PM

Hi Gringo
Here is the Combofix log as requested,
I noted that after running Combofix and then going online I got the message: Firefox is not currently set as your default browser, although it was before I ran Combofix, is this normal?




ComboFix 11-05-08.04 - Derek 09/05/2011 19:43:35.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1397 [GMT 1:00]
Running from: c:\users\Derek\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
.
.
2011-05-09 19:04 . 2011-05-09 19:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-09 19:04 . 2011-05-09 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-09 19:04 . 2011-05-09 19:04 -------- d-----w- c:\users\Ann\AppData\Local\temp
2011-05-07 00:00 . 2011-05-09 19:05 -------- d-----w- c:\users\Derek\AppData\Local\temp
2011-05-06 22:44 . 2011-05-06 22:44 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-06 22:19 . 2011-05-06 21:22 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-06 21:17 . 2011-04-29 11:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-06 11:28 . 2011-05-06 11:28 -------- d-----w- c:\users\Derek\Pavark
2011-05-06 11:13 . 2011-05-06 11:23 -------- d-----w- c:\programdata\SecTaskMan
2011-05-06 11:13 . 2011-05-06 11:13 -------- d-----w- c:\program files\Security Task Manager
2011-05-05 21:40 . 2011-05-05 21:40 3263 ----a-w- C:\register.reg
2011-05-05 01:27 . 2011-05-05 01:27 -------- d-----w- c:\program files\MagicISO
2011-05-04 12:18 . 2011-05-04 12:18 -------- d-----w- c:\program files\ESET
2011-05-04 11:30 . 2011-05-04 11:30 2418162 ----a-w- C:\MGtools.exe
2011-05-03 20:52 . 2011-05-07 16:58 -------- d-----w- c:\program files\WhatsRunning
2011-05-03 15:46 . 2011-05-03 15:47 -------- d-----w- C:\Combo-Fix
2011-05-03 09:59 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-03 09:59 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-03 09:59 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-03 09:59 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-03 09:58 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-03 09:58 . 2011-04-18 17:13 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-03 09:58 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-03 09:58 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-03 09:58 . 2011-05-03 09:58 -------- d-----w- c:\programdata\AVAST Software
2011-05-03 09:58 . 2011-05-03 09:58 -------- d-----w- c:\program files\AVAST Software
2011-05-03 01:53 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-03 01:53 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-03 01:52 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-02 17:56 . 2011-05-02 17:56 -------- d-----w- c:\users\Derek\AppData\Roaming\SUPERAntiSpyware.com
2011-05-02 17:56 . 2011-05-02 17:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-02 17:55 . 2011-05-06 22:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-02 17:29 . 2011-05-02 17:29 -------- d-----w- c:\programdata\WindowsSearch
2011-05-02 16:22 . 2011-05-02 16:22 102400 ----a-w- c:\windows\RegBootClean.exe
2011-05-02 11:46 . 2011-05-02 11:56 -------- d-----w- c:\users\Derek\AppData\Roaming\Ydmeik
2011-05-01 20:10 . 2011-05-01 20:10 -------- d-----w- c:\program files\TomTom International B.V
2011-05-01 20:10 . 2011-05-01 20:10 -------- d-----w- c:\program files\TomTom HOME 2
2011-04-30 14:24 . 2011-04-30 14:29 -------- d-----w- c:\program files\BBS Tools
2011-04-30 14:24 . 2011-04-30 14:24 -------- d-----w- c:\windows\BBS Tools
2011-04-28 00:22 . 2011-04-28 00:22 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-26 16:09 . 2011-04-26 17:11 -------- d-----w- c:\users\Derek\AppData\Local\dj3
2011-04-26 15:20 . 2011-04-22 05:40 -------- d-----w- c:\program files\Dracula - The Path of the Dragon - Part 3
2011-04-26 14:54 . 2011-04-26 14:54 -------- d-----w- c:\users\Derek\AppData\Roaming\Colibri Games
2011-04-26 14:54 . 2011-04-26 14:54 -------- d-----w- c:\programdata\Colibri Games
2011-04-26 14:54 . 2011-04-26 14:54 -------- d-----w- c:\program files\The Tiny Bang Story
2011-04-25 17:37 . 2011-04-25 17:37 -------- d-----w- c:\users\Derek\AppData\Roaming\Funlinker
2011-04-25 16:14 . 2011-04-25 16:14 -------- d-----w- c:\programdata\Avalon-Legends-Solitaire
2011-04-25 16:11 . 2011-04-25 16:11 -------- d-----w- c:\users\Derek\AppData\Roaming\DGform
2011-04-23 20:57 . 2011-04-23 20:57 -------- d-----w- c:\program files\iPod
2011-04-23 20:57 . 2011-04-23 20:58 -------- d-----w- c:\program files\iTunes
2011-04-23 20:54 . 2011-04-23 20:54 -------- d-----w- c:\program files\Bonjour
2011-04-23 17:07 . 2011-04-23 17:07 -------- d-----w- c:\programdata\Particles
2011-04-23 17:06 . 2011-04-23 17:06 -------- d-----w- c:\programdata\Far Mills
2011-04-23 14:05 . 2011-04-23 14:05 -------- d-----w- c:\users\Derek\AppData\Roaming\GigantGames
2011-04-18 14:52 . 2011-04-18 14:52 -------- d-----w- c:\users\Derek\AppData\Roaming\ShamanGS
2011-04-15 11:13 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A79C2122-094D-4F90-AD73-64AE7DC44EE9}\mpengine.dll
2011-04-13 17:18 . 2011-04-13 17:19 -------- d-----w- c:\program files\Total Audio MP3 Converter
2011-04-13 14:52 . 2011-04-13 14:54 -------- d-----w- c:\users\Derek\AppData\Roaming\Mp3tag
2011-04-13 14:52 . 2011-04-13 14:52 -------- d-----w- c:\program files\Mp3tag
2011-04-11 23:40 . 2011-04-14 20:41 -------- d-----w- c:\users\Derek\Calibre Library
2011-04-11 23:40 . 2011-04-14 18:53 -------- d-----w- c:\users\Derek\AppData\Roaming\calibre
2011-04-11 23:39 . 2011-04-11 23:40 -------- d-----w- c:\program files\Calibre2
2011-04-11 21:29 . 2011-04-11 21:29 -------- d-----w- c:\users\Ann\AppData\Local\Sony Corporation
2011-04-11 21:29 . 2011-04-11 21:29 -------- d-----w- c:\users\Ann\AppData\Local\kinoma
2011-04-11 12:05 . 2011-04-11 12:05 -------- d-----w- c:\users\Derek\Library
2011-04-11 12:04 . 2011-04-11 12:04 -------- d-----w- c:\programdata\kinoma
2011-04-11 12:04 . 2011-04-11 12:04 -------- d-----w- c:\program files\DIFX
2011-04-11 12:04 . 2011-04-11 12:05 -------- d-----w- c:\users\Derek\AppData\Local\Sony Corporation
2011-04-11 12:04 . 2011-04-11 12:04 -------- d-----w- c:\program files\Sony
2011-04-11 12:04 . 2011-04-11 12:04 -------- d-----w- c:\program files\Common Files\Sony Shared
2011-04-11 12:02 . 2011-04-11 12:02 -------- d-----w- c:\users\Derek\AppData\Local\kinoma
2011-04-09 21:27 . 2011-04-09 21:27 -------- d-----w- c:\users\Derek\AppData\Roaming\Enki Games
2011-04-09 21:22 . 2011-04-09 21:22 -------- d-----w- c:\users\Derek\AppData\Roaming\thejoyoffarming
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-06 21:22 . 2010-04-27 19:01 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 19:57 . 2011-04-05 19:57 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-05 19:57 . 2011-04-05 19:57 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-05 19:57 . 2011-04-05 19:57 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-05 19:57 . 2011-04-05 19:57 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-05 19:57 . 2011-04-05 19:57 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-05 19:57 . 2011-04-05 19:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-05 19:57 . 2011-04-05 19:57 367104 ----a-w- c:\windows\system32\html.iec
2011-04-05 19:57 . 2011-04-05 19:57 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-05 19:57 . 2011-04-05 19:57 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-05 19:57 . 2011-04-05 19:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-05 19:57 . 2011-04-05 19:57 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-05 19:57 . 2011-04-05 19:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-05 19:57 . 2011-04-05 19:57 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-05 19:57 . 2011-04-05 19:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-05 19:57 . 2011-04-05 19:57 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-05 19:57 . 2011-04-05 19:57 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-05 19:57 . 2011-04-05 19:57 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-05 19:57 . 2011-04-05 19:57 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-05 19:57 . 2011-04-05 19:57 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-05 19:57 . 2011-04-05 19:57 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-05 19:57 . 2011-04-05 19:57 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-05 19:28 . 2011-04-05 19:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-05 19:28 . 2011-04-05 19:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-03 15:40 . 2011-05-03 01:53 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-03 01:53 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-03 01:53 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-03 01:53 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-23 07:27 . 2011-02-23 07:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 07:27 . 2011-02-23 07:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 07:27 . 2011-02-23 07:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 07:27 . 2011-02-23 07:27 5654120 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-02-23 07:27 . 2011-02-23 07:27 4942952 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 07:27 . 2011-02-23 07:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 07:27 . 2011-02-23 07:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 07:27 . 2011-02-23 07:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-23 07:27 . 2011-02-23 07:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 07:27 . 2011-02-23 07:27 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-02-23 07:27 . 2011-02-23 07:27 10468360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-23 07:27 . 2010-04-03 21:55 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 07:27 . 2010-04-03 21:55 10079336 ----a-w- c:\windows\system32\nvd3dum.dll
2011-02-22 14:13 . 2011-04-05 19:55 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-04-05 19:55 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-04-05 19:55 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-01 11:20 . 2011-04-05 19:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-03-09 07:12 27648 --sha-w- c:\windows\System32\AVSredirect.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"NETGEARDigitalEntertainer"="c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe" [2009-04-29 3498712]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-04 288048]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-06 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\n:\0autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vista Caller-ID.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Vista Caller-ID.lnk
backup=c:\windows\pss\Vista Caller-ID.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Derek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Derek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Derek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Shrink Pic.lnk]
backup=c:\windows\pss\Shrink Pic.lnk.Startup
backupExtension=.Startup
path=c:\users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shrink Pic.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 23:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2011-02-03 07:55 11509760 ----a-w- c:\program files\Electronic Arts\EADM\EADMUI\EADMUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 10:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-05 19:28 273544 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-03-09 02:52 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-04 14:37 288048 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1968005606-1059869509-243170324-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-02 2146496]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
R3 FXDrv32;FXDrv32;D:\FXDrv32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
R3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\qscnusb.sys [2009-09-17 103552]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-10-13 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-10-13 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-10-13 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-10-13 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-10-13 25704]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-18 691696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 recvrsvc.exe;NETGEAR Receiver Service;c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\recvrsvc.exe [2009-04-29 172808]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-12-10 45616]
S3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2007-04-26 17792]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NORMANDY
*Deregistered* - Lavasoft Kernexplorer
*Deregistered* - Normandy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 15:14]
.
2011-05-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-12-31 10:47]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-14 18:01]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-14 18:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\h7qq1gk5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-A Girl in the City 1.00 - c:\program files\Games\A Girl in the City\Uninstall.exe
AddRemove-Aladdin and the Wonderful Lamp The 1001 Nights Extended 1.00 - c:\program files\Games\Aladdin and the Wonderful Lamp The 1001 Nights Extended\Uninstall.exe
AddRemove-Allora and The Broken Portal 1.00 - c:\program files\Games\Allora and The Broken Portal\Uninstall.exe
AddRemove-Amanda Rose The Game of Time 1.00 - c:\program files\Games\Amanda Rose The Game of Time\Uninstall.exe
AddRemove-Amelies Cafe Holiday Spirit 1.00 - c:\program files\Games\Amelies Cafe Holiday Spirit\Uninstall.exe
AddRemove-Apparitions Kotsmine Hills 1.00 - c:\program files\Games\Apparitions Kotsmine Hills\Uninstall.exe
AddRemove-Art of Murder Cards of Destiny BFG 1.00 - c:\program files\Games\Art of Murder Cards of Destiny BFG\Uninstall.exe
AddRemove-Aspectus Rinascimento Chronicles 1.00 - c:\program files\Games\Aspectus Rinascimento Chronicles\Uninstall.exe
AddRemove-Avalon Legends Solitaire 1.00 - c:\program files\Games\Avalon Legends Solitaire\Uninstall.exe
AddRemove-Awakening 2 Moonfell Wood 1.00 - c:\program files\Games\Awakening 2 Moonfell Wood\Uninstall.exe
AddRemove-Awakening The Dreamless Castle 1.00 - c:\program files\Games\Awakening The Dreamless Castle\Uninstall.exe
AddRemove-Blood and Ruby New 1.00 - c:\program files\Games\Blood and Ruby New\Uninstall.exe
AddRemove-Cave Quest 1.00 - c:\program files\Games\Cave Quest\Uninstall.exe
AddRemove-Celtic Lore Sidhe Hills 1.00 - c:\program files\Games\Celtic Lore Sidhe Hills\Uninstall.exe
AddRemove-Christmas Wonderland 1.00 - c:\program files\Games\Christmas Wonderland\Uninstall.exe
AddRemove-Chronicles of Albian The Magic Convention 1.00 - c:\program files\Games\Chronicles of Albian The Magic Convention\Uninstall.exe
AddRemove-Chronicles of Mystery Secret of the Lost Kingdom 1.00 - c:\program files\Games\Chronicles of Mystery Secret of the Lost Kingdom\Uninstall.exe
AddRemove-Clutter 1.00 - c:\program files\Games\Clutter\Uninstall.exe
AddRemove-Conveyor Chaos 1.00 - c:\program files\Games\Conveyor Chaos\Uninstall.exe
AddRemove-Crazy Machines New from the Lab 1.00 - c:\program files\Games\Crazy Machines New from the Lab\Uninstall.exe
AddRemove-Crossworlds The Flying City 1.00 - c:\program files\Games\Crossworlds The Flying City\Uninstall.exe
AddRemove-Curse of the Ghost Ship 1.00 - c:\program files\Games\Curse of the Ghost Ship\Uninstall.exe
AddRemove-Dark Parables 2 The Exiled Prince Collectors Edition 1.00 - c:\program files\Games\Dark Parables 2 The Exiled Prince Collectors Edition\Uninstall.exe
AddRemove-Dark Ritual 1.00 - c:\program files\Games\Dark Ritual\Uninstall.exe
AddRemove-Drawn Dark Flight Regular Edition 1.00 - c:\program files\Games\Drawn Dark Flight Regular Edition\Uninstall.exe
AddRemove-Dream Chronicles The Book of Water Collectors Edition 1.00 - c:\program files\Games\Dream Chronicles The Book of Water Collectors Edition\Uninstall.exe
AddRemove-Dream Day 7 True Love 1.00 - c:\program files\Games\Dream Day 7 True Love\Uninstall.exe
AddRemove-Dream Mysteries Case of the Red Fox 1.00 - c:\program files\Games\Dream Mysteries Case of the Red Fox\Uninstall.exe
AddRemove-Dying for Daylight 1.00 - c:\program files\Games\Dying for Daylight\Uninstall.exe
AddRemove-Echoes of Sorrow 1.00 - c:\program files\Games\Echoes of Sorrow\Uninstall.exe
AddRemove-Elixir of Immortality 1.00 - c:\program files\Games\Elixir of Immortality\Uninstall.exe
AddRemove-Elves Inc.Christmas Mission 1.00 - c:\program files\Games\Elves Inc.Christmas Mission\Uninstall.exe
AddRemove-Emily Archer and the Curse of Tutankhamun 1.00 - c:\program files\Games\Emily Archer and the Curse of Tutankhamun\Uninstall.exe
AddRemove-Empress of the Deep 2 Song of the Blue Whale CE 1.00 - c:\program files\Games\Empress of the Deep 2 Song of the Blue Whale CE\Uninstall.exe
AddRemove-Epic Adventures Cursed Onboard 1.00 - c:\program files\Games\Epic Adventures Cursed Onboard\Uninstall.exe
AddRemove-Epic Escapes Dark Seas 1.00 - c:\program files\Games\Epic Escapes Dark Seas\Uninstall.exe
AddRemove-Fallen Shadows 1.00 - c:\program files\Games\Fallen Shadows\Uninstall.exe
AddRemove-Fishers Family Farm 1.00 - c:\program files\Games\Fishers Family Farm\Uninstall.exe
AddRemove-Gravely Silent House of Deadlock Collectors Edition 1.00 - c:\program files\Games\Gravely Silent House of Deadlock Collectors Edition\Uninstall.exe
AddRemove-Guardians of Magic Amandas Awakening 1.00 - c:\program files\Games\Guardians of Magic Amandas Awakening\Uninstall.exe
AddRemove-Hallowed Legends Samhain CE 1.00 - c:\program files\Games\Hallowed Legends Samhain CE\Uninstall.exe
AddRemove-Hexus 1.00 - c:\program files\Games\Hexus\Uninstall.exe
AddRemove-Hidden Mysteries Salem Secrets 1.00 - c:\program files\Games\Hidden Mysteries Salem Secrets\Uninstall.exe
AddRemove-Insider Tales The Stolen Venus 2 1.00 - c:\program files\Games\Insider Tales The Stolen Venus 2\Uninstall.exe
AddRemove-Jack of all Tribes 1.00 - c:\program files\Games\Jack of all Tribes\Uninstall.exe
AddRemove-Jane Lucky 1.00 - c:\program files\Games\Jane Lucky\Uninstall.exe
AddRemove-Jewel Quest Mysteries The Seventh Gate Collectors Edition 1.27 - c:\program files\Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\Uninstall.exe
AddRemove-Jewelry Secret Mystery Stones 1.00 - c:\program files\Games\Jewelry Secret Mystery Stones\Uninstall.exe
AddRemove-Kingdom of Seven Seals 1.00 - c:\program files\Games\Kingdom of Seven Seals\Uninstall.exe
AddRemove-Koi Solitaire 1.00 - c:\program files\Games\Koi Solitaire\Uninstall.exe
AddRemove-Maestro Music of Death Collectors Edition 1.00 - c:\program files\Games\Maestro Music of Death Collectors Edition\Uninstall.exe
AddRemove-Margrave The Curse of the Severed Heart CE 1.00 - c:\program files\Games\Margrave The Curse of the Severed Heart CE\Uninstall.exe
AddRemove-Master Thief Skyscraping Sting 1.00 - c:\program files\Games\Master Thief Skyscraping Sting\Uninstall.exe
AddRemove-Muse 1.00 - c:\program files\Games\Muse\Uninstall.exe
AddRemove-My Kingdom for the Princess 2 1.1 - c:\program files\Games\My Kingdom for the Princess 2\Uninstall.exe
AddRemove-Mystery Agency A Vampires Kiss 1.00 - c:\program files\Games\Mystery Agency A Vampires Kiss\Uninstall.exe
AddRemove-Mystery Agency Secrets of the Orient 1.00 - c:\program files\Games\Mystery Agency Secrets of the Orient\Uninstall.exe
AddRemove-Mystery Case Files 13th Skull Collectors Edition 1.00 - c:\program files\Games\Mystery Case Files 13th Skull Collectors Edition\Uninstall.exe
AddRemove-Mystery Novel 1.00 - c:\program files\Games\Mystery Novel\Uninstall.exe
AddRemove-Mystery Seekers The Secret of the Haunted Mansion 1.00 - c:\program files\Games\Mystery Seekers The Secret of the Haunted Mansion\Uninstall.exe
AddRemove-Nora Roberts Vision in White 1.00 - c:\program files\Games\Nora Roberts Vision in White\Uninstall.exe
AddRemove-Once Upon a Farm 1.00 - c:\program files\Games\Once Upon a Farm\Uninstall.exe
AddRemove-Our Worst Fears Stained Skin 1.00 - c:\program files\Games\Our Worst Fears Stained Skin\Uninstall.exe
AddRemove-PuppetShow Lost Town CE 1.00 - c:\program files\Games\PuppetShow Lost Town CE\Uninstall.exe
AddRemove-Rare Treasures Dinnerware Trading Company BFG 1.00 - c:\program files\Games\Rare Treasures Dinnerware Trading Company BFG\Uninstall.exe
AddRemove-Reading the Dead 1.00 - c:\program files\Games\Reading the Dead\Uninstall.exe
AddRemove-Relics of Fate A Penny Macey Mystery 1.00 - c:\program files\Games\Relics of Fate A Penny Macey Mystery\Uninstall.exe
AddRemove-Robins Island Adventure 1.00 - c:\program files\Games\Robins Island Adventure\Uninstall.exe
AddRemove-Royal Challenge Solitaire 1.00 - c:\program files\Games\Royal Challenge Solitaire\Uninstall.exe
AddRemove-Secret Missions Mata Hari and the Kaisers Submarines 1.00 - c:\program files\Games\Secret Missions Mata Hari and the Kaisers Submarines\Uninstall.exe
AddRemove-Serpent of Isis Your Journey Continues 1.00 - c:\program files\Games\Serpent of Isis Your Journey Continues\Uninstall.exe
AddRemove-Shades of Death Royal Blood 1.00 - c:\program files\Games\Shades of Death Royal Blood\Uninstall.exe
AddRemove-Shiver Vanishing Hitchhiker Collectors Edition 1.00 - c:\program files\Games\Shiver Vanishing Hitchhiker Collectors Edition\Uninstall.exe
AddRemove-Silent Scream The Dancer 1.00 - c:\program files\Games\Silent Scream The Dancer\Uninstall.exe
AddRemove-Soul Journey 1.00 - c:\program files\Games\Soul Journey\Uninstall.exe
AddRemove-Strange Cases The Lighthouse Mystery Collectors Edition 1.00 - c:\program files\Games\Strange Cases The Lighthouse Mystery Collectors Edition\Uninstall.exe
AddRemove-Stray Souls Dollhouse Story Collectors Edition 1.00 - c:\program files\Games\Stray Souls Dollhouse Story Collectors Edition\Uninstall.exe
AddRemove-Tamara the 13th 1.00 - c:\program files\Games\Tamara the 13th\Uninstall.exe
AddRemove-The Agency of Anomalies Mystic Hospital Collectors Edition 1.00 - c:\program files\Games\The Agency of Anomalies Mystic Hospital Collectors Edition\Uninstall.exe
AddRemove-The Curse of the Ring 1.00 - c:\program files\Games\The Curse of the Ring\Uninstall.exe
AddRemove-The Dragon Dance 1.00 - c:\program files\Games\The Dragon Dance\Uninstall.exe
AddRemove-The Joy of Farming 1.00 - c:\program files\Games\The Joy of Farming\Uninstall.exe
AddRemove-The Revenge 1.00 - c:\program files\Games\The Revenge\Uninstall.exe
AddRemove-The Secret Legacy A Kate Brooks Adventure 1.00 - c:\program files\Games\The Secret Legacy A Kate Brooks Adventure\Uninstall.exe
AddRemove-The Tale of The Lost Bride and A Hidden Treasure 1.00 - c:\program files\Games\The Tale of The Lost Bride and A Hidden Treasure\Uninstall.exe
AddRemove-Time to Hurry Nicoles Story 1.00 - c:\program files\Games\Time to Hurry Nicoles Story\Uninstall.exe
AddRemove-Treasure Hunters 1.00 - c:\program files\Games\Treasure Hunters\Uninstall.exe
AddRemove-Virtual Villagers The Lost Children 1.00 - c:\program files\Games\Virtual Villagers The Lost Children\Uninstall.exe
AddRemove-Wild West Story The Beginning 1.00 - c:\program files\Games\Wild West Story The Beginning\Uninstall.exe
AddRemove-Youda Survivor 2 1.00 - c:\program files\Games\Youda Survivor 2\Uninstall.exe
AddRemove-Yucatan 1.00 - c:\program files\Games\Yucatan\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-09 20:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1968005606-1059869509-243170324-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(680)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.exe'(5820)
c:\program files\ThreatFire\TfWah.dll
c:\windows\system32\msi.dll
c:\windows\system32\EhStorShell.dll
c:\windows\system32\ACTXPRXY.DLL
c:\windows\system32\msiltcfg.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\BatMeter.dll
c:\windows\system32\FunDisc.dll
c:\windows\System32\msxml3.dll
c:\windows\system32\wscntfy.dll
.
Completion time: 2011-05-09 20:15:12
ComboFix-quarantined-files.txt 2011-05-09 19:15
ComboFix2.txt 2011-05-04 19:38
ComboFix3.txt 2011-05-02 19:38
ComboFix4.txt 2010-10-24 02:18
.
Pre-Run: 57,165,828,096 bytes free
Post-Run: 57,128,050,688 bytes free
.
Current=6 Default=6 Failed=1 LastKnownGood=5 Sets=1,3,5,6
- - End Of File - - F2F444CA6CBAD88ABE40A1D95CD8E2A7

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 AM

Posted 09 May 2011 - 02:55 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 derann

derann
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:50 AM

Posted 09 May 2011 - 03:21 PM

TDSS Killer report as requested Gringo


2011/05/09 21:18:54.0719 5060 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/09 21:18:55.0025 5060 ================================================================================
2011/05/09 21:18:55.0025 5060 SystemInfo:
2011/05/09 21:18:55.0025 5060
2011/05/09 21:18:55.0025 5060 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/09 21:18:55.0025 5060 Product type: Workstation
2011/05/09 21:18:55.0025 5060 ComputerName: JACK
2011/05/09 21:18:55.0025 5060 UserName: Derek
2011/05/09 21:18:55.0025 5060 Windows directory: C:\Windows
2011/05/09 21:18:55.0025 5060 System windows directory: C:\Windows
2011/05/09 21:18:55.0025 5060 Processor architecture: Intel x86
2011/05/09 21:18:55.0025 5060 Number of processors: 2
2011/05/09 21:18:55.0025 5060 Page size: 0x1000
2011/05/09 21:18:55.0025 5060 Boot type: Normal boot
2011/05/09 21:18:55.0025 5060 ================================================================================
2011/05/09 21:18:55.0661 5060 Initialize success
2011/05/09 21:19:18.0133 4684 ================================================================================
2011/05/09 21:19:18.0133 4684 Scan started
2011/05/09 21:19:18.0133 4684 Mode: Manual;
2011/05/09 21:19:18.0133 4684 ================================================================================
2011/05/09 21:19:18.0761 4684 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/09 21:19:18.0839 4684 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/09 21:19:18.0880 4684 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/09 21:19:18.0902 4684 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/09 21:19:18.0931 4684 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/09 21:19:19.0002 4684 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/09 21:19:19.0159 4684 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/09 21:19:19.0198 4684 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/09 21:19:19.0225 4684 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/09 21:19:19.0253 4684 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/09 21:19:19.0269 4684 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/09 21:19:19.0286 4684 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/09 21:19:19.0321 4684 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/09 21:19:19.0350 4684 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\APLMp50.sys
2011/05/09 21:19:19.0404 4684 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/09 21:19:19.0467 4684 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/09 21:19:19.0560 4684 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/09 21:19:19.0621 4684 aswMonFlt (a80fb17ce4ed7af4a5f24aaa753e4168) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/09 21:19:19.0656 4684 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\Windows\system32\drivers\aswRdr.sys
2011/05/09 21:19:19.0736 4684 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\Windows\system32\drivers\aswSnx.sys
2011/05/09 21:19:19.0790 4684 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\Windows\system32\drivers\aswSP.sys
2011/05/09 21:19:19.0815 4684 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\Windows\system32\drivers\aswTdi.sys
2011/05/09 21:19:19.0864 4684 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/09 21:19:19.0949 4684 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/09 21:19:20.0041 4684 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/09 21:19:20.0245 4684 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/09 21:19:20.0307 4684 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/09 21:19:20.0325 4684 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/09 21:19:20.0346 4684 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/09 21:19:20.0361 4684 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/09 21:19:20.0375 4684 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/09 21:19:20.0391 4684 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/09 21:19:20.0412 4684 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/09 21:19:20.0629 4684 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/09 21:19:20.0708 4684 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/09 21:19:20.0768 4684 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/09 21:19:20.0864 4684 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/09 21:19:20.0926 4684 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/09 21:19:20.0939 4684 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/09 21:19:21.0003 4684 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/09 21:19:21.0084 4684 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/09 21:19:21.0215 4684 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/09 21:19:21.0267 4684 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/09 21:19:21.0332 4684 DKRtWrt (39e45e2653620041edae249079767525) C:\Windows\system32\DRIVERS\DKRtWrt.sys
2011/05/09 21:19:21.0405 4684 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/09 21:19:21.0533 4684 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/09 21:19:21.0613 4684 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/09 21:19:21.0723 4684 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/09 21:19:21.0858 4684 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/09 21:19:21.0912 4684 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/09 21:19:21.0996 4684 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/09 21:19:22.0032 4684 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/09 21:19:22.0088 4684 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/09 21:19:22.0258 4684 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/09 21:19:22.0302 4684 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/09 21:19:22.0344 4684 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/09 21:19:22.0460 4684 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/09 21:19:22.0599 4684 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/09 21:19:22.0684 4684 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/09 21:19:22.0731 4684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/09 21:19:22.0827 4684 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/09 21:19:23.0015 4684 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/09 21:19:23.0122 4684 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/09 21:19:23.0152 4684 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/09 21:19:23.0216 4684 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/09 21:19:23.0300 4684 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/09 21:19:23.0355 4684 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/09 21:19:23.0442 4684 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/09 21:19:23.0523 4684 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/09 21:19:23.0576 4684 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/09 21:19:23.0673 4684 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/09 21:19:23.0738 4684 imvad_multi (e3057f56d471658edaad9d4ca5d89ba0) C:\Windows\system32\drivers\imvad.sys
2011/05/09 21:19:23.0791 4684 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/09 21:19:23.0857 4684 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/09 21:19:23.0899 4684 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/09 21:19:23.0978 4684 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/09 21:19:24.0027 4684 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/09 21:19:24.0144 4684 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/05/09 21:19:24.0191 4684 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/09 21:19:24.0305 4684 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
2011/05/09 21:19:24.0359 4684 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/09 21:19:24.0415 4684 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/09 21:19:24.0484 4684 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/09 21:19:24.0549 4684 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/09 21:19:24.0639 4684 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/09 21:19:24.0693 4684 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/05/09 21:19:24.0806 4684 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/09 21:19:24.0936 4684 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/05/09 21:19:25.0028 4684 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/09 21:19:25.0084 4684 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/09 21:19:25.0119 4684 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/09 21:19:25.0208 4684 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/09 21:19:25.0307 4684 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/09 21:19:25.0387 4684 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/05/09 21:19:25.0463 4684 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/09 21:19:25.0593 4684 MobileAdapter (62dafa4351872db7e2b74801bb9f9ebd) C:\Windows\system32\DRIVERS\qscnusb.sys
2011/05/09 21:19:25.0688 4684 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/09 21:19:25.0737 4684 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/09 21:19:25.0812 4684 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/09 21:19:25.0848 4684 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/09 21:19:25.0957 4684 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/09 21:19:26.0053 4684 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/09 21:19:26.0095 4684 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/09 21:19:26.0121 4684 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/09 21:19:26.0185 4684 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/09 21:19:26.0312 4684 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/09 21:19:26.0399 4684 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/09 21:19:26.0473 4684 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/09 21:19:26.0534 4684 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/09 21:19:26.0548 4684 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/09 21:19:26.0603 4684 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/09 21:19:26.0710 4684 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/09 21:19:26.0776 4684 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/09 21:19:26.0857 4684 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/09 21:19:26.0874 4684 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/09 21:19:26.0939 4684 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/09 21:19:27.0006 4684 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/09 21:19:27.0084 4684 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/09 21:19:27.0161 4684 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/09 21:19:27.0274 4684 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/09 21:19:27.0378 4684 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/09 21:19:27.0475 4684 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/09 21:19:27.0526 4684 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/09 21:19:27.0656 4684 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/09 21:19:27.0759 4684 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/09 21:19:27.0832 4684 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/09 21:19:27.0895 4684 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/09 21:19:28.0074 4684 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/09 21:19:28.0191 4684 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2011/05/09 21:19:28.0310 4684 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/09 21:19:28.0360 4684 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/09 21:19:28.0427 4684 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/09 21:19:28.0546 4684 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/09 21:19:28.0654 4684 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/05/09 21:19:28.0709 4684 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/09 21:19:29.0196 4684 nvlddmkm (6ef47521dce982602a25afb41dd13d4f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/09 21:19:29.0531 4684 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/09 21:19:29.0579 4684 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/09 21:19:29.0654 4684 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/09 21:19:29.0749 4684 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/09 21:19:29.0848 4684 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/05/09 21:19:29.0987 4684 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/09 21:19:30.0060 4684 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/09 21:19:30.0145 4684 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
2011/05/09 21:19:30.0204 4684 Pcatip (f447e6d6b32bf98666790c45f665abb9) C:\Windows\system32\DRIVERS\Pcatip.sys
2011/05/09 21:19:30.0264 4684 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/09 21:19:30.0393 4684 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/05/09 21:19:30.0451 4684 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/09 21:19:30.0505 4684 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/05/09 21:19:30.0555 4684 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/09 21:19:30.0686 4684 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/09 21:19:30.0779 4684 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/09 21:19:30.0825 4684 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/09 21:19:30.0933 4684 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/05/09 21:19:30.0988 4684 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/09 21:19:31.0046 4684 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/09 21:19:31.0182 4684 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/09 21:19:31.0234 4684 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/09 21:19:31.0281 4684 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/09 21:19:31.0356 4684 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/09 21:19:31.0406 4684 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/09 21:19:31.0506 4684 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/09 21:19:31.0615 4684 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/09 21:19:31.0708 4684 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/09 21:19:31.0756 4684 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/09 21:19:31.0825 4684 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/09 21:19:32.0019 4684 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/09 21:19:32.0109 4684 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/09 21:19:32.0249 4684 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/09 21:19:32.0284 4684 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/09 21:19:32.0400 4684 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/09 21:19:32.0488 4684 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/09 21:19:32.0601 4684 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/09 21:19:32.0653 4684 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/09 21:19:32.0801 4684 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/09 21:19:32.0915 4684 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/09 21:19:32.0968 4684 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/09 21:19:33.0043 4684 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/09 21:19:33.0151 4684 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/09 21:19:33.0207 4684 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/09 21:19:33.0258 4684 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/09 21:19:33.0383 4684 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/09 21:19:33.0446 4684 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/09 21:19:33.0580 4684 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/09 21:19:33.0659 4684 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/05/09 21:19:33.0747 4684 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/09 21:19:33.0802 4684 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/09 21:19:33.0907 4684 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/09 21:19:33.0973 4684 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2011/05/09 21:19:34.0084 4684 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/05/09 21:19:34.0128 4684 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/09 21:19:34.0194 4684 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/09 21:19:34.0290 4684 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/09 21:19:34.0331 4684 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/09 21:19:34.0489 4684 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/09 21:19:34.0541 4684 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/09 21:19:34.0597 4684 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/09 21:19:34.0689 4684 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/09 21:19:34.0782 4684 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/09 21:19:34.0838 4684 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/09 21:19:34.0944 4684 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/09 21:19:35.0001 4684 TfFsMon (95746e5b1473432f3d9458940dba6e3a) C:\Windows\system32\drivers\TfFsMon.sys
2011/05/09 21:19:35.0049 4684 TfNetMon (02ffdd873e31c5c2d57ca87d11ec36af) C:\Windows\system32\drivers\TfNetMon.sys
2011/05/09 21:19:35.0209 4684 TfSysMon (f8bd92251ab439383c051ce907d78cce) C:\Windows\system32\drivers\TfSysMon.sys
2011/05/09 21:19:35.0355 4684 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/09 21:19:35.0461 4684 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/09 21:19:35.0547 4684 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/09 21:19:35.0655 4684 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/09 21:19:35.0709 4684 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/09 21:19:35.0807 4684 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/09 21:19:35.0857 4684 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/09 21:19:35.0955 4684 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/09 21:19:36.0005 4684 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/09 21:19:36.0062 4684 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/09 21:19:36.0147 4684 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/09 21:19:36.0248 4684 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/09 21:19:36.0332 4684 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/09 21:19:36.0426 4684 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/09 21:19:36.0484 4684 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/09 21:19:36.0531 4684 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/09 21:19:36.0646 4684 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/09 21:19:36.0734 4684 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/09 21:19:36.0831 4684 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/09 21:19:36.0885 4684 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/09 21:19:36.0985 4684 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/09 21:19:37.0140 4684 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/09 21:19:37.0210 4684 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/09 21:19:37.0252 4684 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/09 21:19:37.0291 4684 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/09 21:19:37.0360 4684 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/09 21:19:37.0420 4684 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/09 21:19:37.0562 4684 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/09 21:19:37.0629 4684 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/09 21:19:37.0687 4684 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/09 21:19:37.0767 4684 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/09 21:19:37.0778 4684 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/09 21:19:37.0864 4684 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/09 21:19:37.0986 4684 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/09 21:19:38.0184 4684 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/09 21:19:38.0277 4684 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/09 21:19:38.0332 4684 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/09 21:19:38.0465 4684 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
2011/05/09 21:19:38.0551 4684 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
2011/05/09 21:19:38.0660 4684 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
2011/05/09 21:19:38.0730 4684 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
2011/05/09 21:19:38.0775 4684 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
2011/05/09 21:19:38.0842 4684 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/05/09 21:19:38.0941 4684 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/09 21:19:39.0079 4684 ================================================================================
2011/05/09 21:19:39.0079 4684 Scan finished
2011/05/09 21:19:39.0079 4684 ================================================================================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 AM

Posted 09 May 2011 - 03:24 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 derann

derann
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:50 AM

Posted 09 May 2011 - 03:30 PM

Windows IP Configuration

Host Name . . . . . . . . . . . . : Jack
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-22-68-5A-61-B7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 09 May 2011 20:40:07
Lease Expires . . . . . . . . . . : 10 May 2011 20:40:07
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: www.routerlogin.com
Address: 192.168.0.1

Name: google.com
Addresses: 209.85.146.99
209.85.146.106
209.85.146.104
209.85.146.105
209.85.146.147
209.85.146.103

Server: www.routerlogin.com
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65



Pinging google.com [209.85.146.106] with 32 bytes of data:

Reply from 209.85.146.106: bytes=32 time=49ms TTL=50

Reply from 209.85.146.106: bytes=32 time=49ms TTL=50



Ping statistics for 209.85.146.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 49ms, Maximum = 49ms, Average = 49ms



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:

Reply from 72.30.2.43: bytes=32 time=219ms TTL=47

Reply from 72.30.2.43: bytes=32 time=219ms TTL=46



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 219ms, Maximum = 219ms, Average = 219ms

===========================================================================
Interface List
9 ...00 22 68 5a 61 b7 ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 AM

Posted 09 May 2011 - 05:39 PM

Resetting Router

Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 derann

derann
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:50 AM

Posted 09 May 2011 - 07:24 PM

Hi Gringo,
I did as you requested and reset the router and created and ran the batch file.

When the router booted back up again I could not go online,I checked as much of the settings as I could but could not see anything obvious.
I tried a diagnose and repair on the connection but all I got was "There may be a problem with your DNS config".
I rebooted the pc a few times and ipconfigall/flushdns but nothing would work.
Luckily I have a spare router and that is what I am using just now.
I noticed a new Icon on my desktop that is for internet explorer .
When I checked the properties of the icon it is pointing to "C:\Program Files\Internet Explorer\iexplore.exe" and start in %HOMEDRIVE%%HOMEPATH%
Should I delete it or leave it?
Do you want me to create and run the batch file again?
Sorry for the trouble, but using this new router was the only way I could get back online to you.
Regards
Derek

This is the log for the batch file before I realised that I could no longer access the internet (the original router)!

Windows IP Configuration

Host Name . . . . . . . . . . . . : Jack
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-22-68-5A-61-B7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 09 May 2011 20:40:07
Lease Expires . . . . . . . . . . : 10 May 2011 20:40:07
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: www.routerlogin.com
Address: 192.168.0.1

Server: www.routerlogin.com
Address: 192.168.0.1

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.

===========================================================================
Interface List
9 ...00 22 68 5a 61 b7 ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 AM

Posted 09 May 2011 - 07:41 PM

now that we are on the new router do you still have problems with avast?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 derann

derann
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:50 AM

Posted 09 May 2011 - 08:12 PM

No Avast hasnt had any pop ups so far :thumbup2:
Is my pc clean?
Thanks for your help Gringo, it is much appreciated!
Regards
Derek

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:50 AM

Posted 10 May 2011 - 07:57 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.3

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 derann

derann
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:50 AM

Posted 10 May 2011 - 01:18 PM

Hi Gringo,
I have done as you instructed.
The PC seems to be running ok so far :thumbsup:
I noticed that a few logs refer to the folder c:\users\derek\appdata\roaming, This folder contains over 10GB of data, Is this normal?


When I ran TFC I got the following message, The C:\users\Derek\Appdata\local\microsoft\windows\temporary\%23116(1) does not exist this file may have been removed or deleted. Do you want to create it?
I clicked on SKIP, it also pointed to another file google_co_uk(1)htm Firefox document 24.1kb, I clicked on SKIP for this also.
The report for TFC is


User: Ann
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Derek
->Temp folder emptied: 2054323 bytes
->Temporary Internet Files folder emptied: 1640520 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 50778577 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5916 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 932837 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 664 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 53.00 mb


___________________________________________________________

Malewarebytes Log


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6547

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

10/05/2011 18:37:51
mbam-log-2011-05-10 (18-37-51).txt

Scan type: Quick scan
Objects scanned: 180587
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



_________________________________________






And finaly the hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:02:03, on 10/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\recvrsvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ThreatFire] "C:\Program Files\ThreatFire\TFTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NETGEARDigitalEntertainer] C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\receiver.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NETGEAR Receiver Service (recvrsvc.exe) - NETGEAR, Inc. - C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\recvrsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8594 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users