Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Internet Explorer pages opening on their own


  • This topic is locked This topic is locked
3 replies to this topic

#1 djpleasure

djpleasure

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 25 February 2010 - 09:52 AM

I have tried my best to sort this but to no avail. I have run superantispyware, malwarebytes etc, no joy. Randomly internet explorer will open pages, normally to advertising or search sites

DDs Log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by admin at 13:58:38.52 on 25/02/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows 7 6.1.7600.0.1252.44.1033.18.3326.1717 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Trillian\trillian.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\admin\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEHlprObj Class: {5848efda-d702-44e9-be78-a0d5f714f2a8} - c:\program files\flash decompiler gold\fsbho.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Windows Mobile Device Center] "%windir%\WindowsMobile\wmdc.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [RtHDVCpl] "c:\program files\realtek\audio\hda\RtHDVCpl.exe" -s
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rocket~1.lnk - c:\program files\rocketdock\RocketDock.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\47a1v3lr.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2009-10-18 15172]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-10-18 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-10-18 29520]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2010-2-24 101128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-2-24 1205760]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-7-14 19720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-8 189440]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-10-18 27320]
S1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2009-11-27 27704]
S2 .1255897272SsTR;1255897272SsTR;c:\programdata\webroot\admin322813.exe --> c:\programdata\webroot\admin322813.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-02-25 13:24:37 0 d-sh--w- C:\$RECYCLE.BIN
2010-02-25 06:03:41 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-25 06:03:24 0 d-----w- c:\users\admin\appdata\roaming\SUPERAntiSpyware.com
2010-02-25 06:03:24 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-25 06:03:07 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-25 05:42:46 0 d-----w- C:\Device
2010-02-25 05:14:05 98816 ----a-w- c:\windows\sed.exe
2010-02-25 05:14:05 77312 ----a-w- c:\windows\MBR.exe
2010-02-25 05:14:05 261632 ----a-w- c:\windows\PEV.exe
2010-02-25 05:14:05 161792 ----a-w- c:\windows\SWREG.exe
2010-02-25 03:07:55 0 d-----w- c:\program files\Panda Security
2010-02-25 03:00:19 0 d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2010-02-25 03:00:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-25 03:00:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-25 03:00:14 0 d-----w- c:\programdata\Malwarebytes
2010-02-25 03:00:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 13:45:48 0 d-----w- c:\program files\MSSOAP
2010-02-24 13:45:48 0 d-----w- c:\program files\common files\MSSoap
2010-02-24 13:45:41 101128 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2010-02-24 13:45:38 1563008 ----a-w- c:\windows\WRSetup.dll
2010-02-24 13:45:38 0 d-----w- c:\users\admin\appdata\roaming\Webroot
2010-02-24 13:45:38 0 d-----w- c:\programdata\Webroot
2010-02-24 13:45:38 0 d-----w- c:\program files\Webroot
2010-02-24 12:36:48 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 12:36:48 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 12:36:48 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 12:36:48 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-02-24 12:36:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 19:34:35 5546 ----a-w- c:\windows\system32\dc_logs.dll
2010-02-22 09:29:53 0 d-----w- c:\program files\Windows Grep
2010-02-20 22:40:51 0 d-----w- c:\program files\iTunes
2010-02-20 22:40:51 0 d-----w- c:\program files\iPod
2010-02-19 07:55:33 0 d-----w- c:\program files\Hardcoded Software
2010-02-19 07:52:01 0 d-----w- c:\program files\Glary Utilities
2010-02-18 19:50:07 1120 ----a-w- c:\windows\system32\E_ADDNET.DAT
2010-02-18 19:37:49 67072 ----a-w- c:\windows\system32\escwiad.dll
2010-02-18 19:37:49 0 d-----w- c:\program files\epson
2010-02-18 19:07:49 77824 ----a-w- c:\windows\system32\EBAPI.dll
2010-02-18 19:07:49 65536 ----a-w- c:\windows\system32\EEBUtil.dll
2010-02-18 19:07:49 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll
2010-02-18 19:07:49 135168 ----a-w- c:\windows\system32\EEBAPI.dll
2010-02-18 19:07:49 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll
2010-02-18 19:07:48 474892 ----a-w- c:\windows\system32\ensppmon.dll
2010-02-18 19:07:48 474892 ----a-w- c:\windows\system32\enppmon.dll
2010-02-18 19:07:48 457099 ----a-w- c:\windows\system32\ensppui.dll
2010-02-18 19:07:48 457099 ----a-w- c:\windows\system32\enppui.dll
2010-02-18 19:07:48 249344 ----a-w- c:\windows\system32\enspres.dll
2010-02-18 19:07:48 249344 ----a-w- c:\windows\system32\enpres.dll
2010-02-18 18:54:27 0 d-----w- c:\program files\EpsonNet
2010-02-18 14:54:31 0 d-----w- C:\EPSON
2010-02-18 13:55:19 0 d-----w- c:\program files\common files\EPSON
2010-02-18 11:48:42 25 ----a-w- c:\windows\CDE80211_10100.ini
2010-02-13 11:56:22 0 d-----w- c:\users\admin\appdata\roaming\FTPRush
2010-02-13 11:53:11 0 d-----w- c:\users\admin\appdata\roaming\CoreFTP
2010-02-13 11:49:07 0 d-----w- c:\program files\FTPRush
2010-02-11 10:19:58 0 d-----w- c:\program files\TagRename
2010-02-09 08:48:29 72704 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-02-09 08:48:29 146432 ----a-w- c:\windows\system32\APOMngr.DLL
2010-02-09 08:47:45 87 ---ha-r- c:\windows\ctfile.rfc
2010-02-09 08:47:11 0 d-----w- c:\windows\system32\RTCOM
2010-02-08 13:51:30 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-02-08 13:51:30 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-02-08 13:51:30 189440 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-02-08 13:44:28 81408 ----a-w- c:\windows\system32\devcon_x64.exe
2010-02-08 13:44:27 55808 ----a-w- c:\windows\system32\devcon.exe
2010-02-08 13:44:21 0 d-----w- c:\program files\Driver Checker
2010-02-08 10:26:28 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2010-02-07 19:36:40 0 d-----w- c:\users\admin\appdata\roaming\Auslogics
2010-02-07 19:36:25 0 d-----w- c:\program files\Auslogics
2010-02-07 19:10:10 0 d-----w- c:\users\admin\Tracing
2010-02-07 13:52:05 988872 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-07 10:58:09 0 d-----w- c:\program files\Sonne Flash Decompiler
2010-02-07 10:52:55 0 d-----w- c:\program files\SWF Decompiler Premium
2010-02-06 15:57:44 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-02-06 15:11:56 0 d-----w- c:\program files\common files\Macrovision Shared
2010-02-06 10:09:15 0 d-----w- c:\programdata\NOS
2010-02-05 21:03:24 0 d-----w- c:\programdata\McAfee
2010-02-05 10:41:30 0 d-----w- c:\windows\Downloaded Program Files
2010-02-03 20:20:20 0 d---a-w- c:\programdata\TEMP
2010-02-03 17:49:39 0 d-----w- c:\program files\CCleaner
2010-02-01 14:10:48 0 d-----w- C:\VueScan
2010-01-27 12:06:23 0 d-----w- c:\users\admin\appdata\roaming\Virgin Broadband
2010-01-27 08:44:25 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 08:44:25 2614272 ----a-w- c:\windows\explorer.exe

==================== Find3M ====================

2010-02-25 13:57:22 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-02-25 05:04:05 21584 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-23 15:57:04 5694 --sha-w- c:\programdata\KGyGaAvL.sys
2010-02-09 08:57:28 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-09 08:57:27 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-31 11:38:21 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-11 22:18:00 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-11 22:18:00 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 22:18:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-11 22:18:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-08 03:18:02 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-07 13:43:17 40620 ----a-w- c:\windows\fonts\Incised901_NdIt_BT_Italic_(wwww.font-cat.com)[1].ttf
2010-01-06 10:56:48 195956 ----a-w- c:\windows\fonts\Tahoma Bold.ttf
2010-01-06 10:56:39 198864 ----a-w- c:\windows\fonts\Tahoma_0.ttf
2010-01-06 10:54:59 50144 ----a-w- c:\windows\fonts\a_rubricacn_bolditalic.ttf
2009-12-19 09:02:55 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-08 11:40:12 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40:12 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32:02 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-10-19 22:41:30 88 --sh--r- c:\windows\system32\68BD50F5D3.sys
2009-10-19 22:41:30 2984 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:00:30.41 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows 7 2009
Boot Device: \Device\HarddiskVolume1
Install Date: 18/10/2009 21:21:12
System Uptime: 25/02/2010 13:17:13 (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA790XT-UD4P
Processor: AMD Phenom™ II X4 955 Processor | Socket M2 | 3200/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 266.203 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 78.059 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
G: is CDROM ()
H: is FIXED (NTFS) - 146 GiB total, 105.022 GiB free.
I: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is FIXED (NTFS) - 133 GiB total, 116.489 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&1#
Manufacturer: Generic-
Name: J:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&1#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626420&3#
Manufacturer: Generic-
Name: L:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626420&3#
Service: WUDFRd

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626420&0#
Manufacturer: Generic-
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626420&0#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD Picture
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD_PICTURE&REV_1.02#058F63626420&2#
Manufacturer: Generic-
Name: K:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD_PICTURE&REV_1.02#058F63626420&2#
Service: WUDFRd

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 4.65
abgx360 v1.0.2
Acoustica CD/DVD Label Maker
Acrobat.com
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
AI RoboForm (All Users)
Aleo Flash MP3 Player Builder 3.1.23 Build 3
Amara - Flash Menu Builder
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
µTorrent
AudioBurst FX Engine
Auslogics BoostSpeed
Auslogics Disk Defrag
AviSynth 2.5
BayGenie eBay Auction Sniper Pro Edition 3.3.1.8
Belarc Advisor 8.1
Bonjour
CCleaner
Cinema Craft Encoder SP2
COMODO Internet Security
Connect
Corel WinDVD 2010
Cucusoft Ultimate DVD + Video Converter Suite 7.19.7.12
dBpoweramp DSP Effects
dBpoweramp Music Converter
Directory Lister v0.7.2
DolbyFiles
Driver Checker v2.7.4
dupeGuru Music Edition
DVD Rebuilder
DVDFab 6.2.0.5 (11/11/2009)
Encrypt Web Pro
Epson Print CD
EPSON Printer Software
EPSON Scan
EpsonNet Config V3
EpsonNet Print
eXtreme Movie Manager 7.0.6.5 - Update Only!
FILE and MP3 Renamer 2006
Flash Decompiler Gold 2.3.1.1061
Flash Decompiler Trillix
Flash Intro and Banner Maker 2.0.85
FTPRush v1 Unicode
GEAR 32bit Driver Installer
Gigabyte Raid Configurer
Glary Utilities Pro 2.20.0.831
Google Chrome
ImagXpress
ImgBurn
IrfanView (remove only)
iTunes
iZotope Ozone 4
Java™ 6 Update 17
K-Lite Mega Codec Pack 4.1.4
kuler
Logitech GamePanel Software 3.03.133
LogoMaker 3.0
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MixMeister Fusion + Video 7.4.2
Mozilla Firefox (3.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Nero 9
Nero Burning ROM Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Installer
NeroBurningROM
NewsLeecher v3.9 Final
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
ONES (E)
PDF Settings CS4
Photodex Presenter
Photoshop Camera Raw
Pixel Bender Toolkit
PoiZone
ProShow Producer
PVSonyDll
QuickPar 0.9
QuickSFV (Remove only)
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Sawer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Sonitus:fx Plugin Suite
Sonne Flash Decompiler 5.2.1.2188
Sony ACID Music Studio 7.0
Sony Noise Reduction Plug-In 2.0h
Sound Forge Pro 10.0
Spy Sweeper Core
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
SWF Decompiler Premium 2.2.1.1289
Tag&Rename 3.5.5
Toxic Biohazard
Trillian
UltraISO Premium V9.35
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb977719)
Videora iPod touch Converter 5.03
VueScan
Webroot Internet Security Essentials
WhereIsIt? 3.53
WIDCOMM Bluetooth Software 6.0.1.6300
Winamp
Winamp Essentials Pack
Windows Grep 2.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver

==== Event Viewer Messages From Past Week ========

25/02/2010 13:31:38, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
25/02/2010 13:20:14, Error: Microsoft-Windows-WMPNSS-Service [14319] - Service 'WMPNetworkSvc' did not start because Group Policy is preventing Windows Media Player from sharing media with other devices.
25/02/2010 13:18:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrblock
25/02/2010 13:17:48, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
25/02/2010 13:17:48, Error: Service Control Manager [7000] - The 1255897272SsTR service failed to start due to the following error: The system cannot find the file specified.
25/02/2010 05:54:07, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
25/02/2010 05:54:02, Error: Service Control Manager [7034] - The EPSON V3 Service4(01) service terminated unexpectedly. It has done this 1 time(s).
25/02/2010 05:53:50, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
25/02/2010 05:53:32, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/02/2010 05:42:20, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
25/02/2010 05:15:20, Error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s).
25/02/2010 05:13:37, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AxPsHook11 cdrblock
25/02/2010 05:07:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
25/02/2010 04:55:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
25/02/2010 04:55:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
25/02/2010 04:55:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
25/02/2010 04:55:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
25/02/2010 04:55:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25/02/2010 04:55:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AxPsHook11 cdrblock cmdGuard cmdHlp CSC DfsC discache inspect NetBIOS NetBT nsiproxy pavboot Psched pwipf6 rdbss spldr tdx Wanarpv6 WfpLwf
25/02/2010 04:55:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
25/02/2010 04:55:10, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/02/2010 04:55:10, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/02/2010 04:55:10, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
25/02/2010 04:55:10, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/02/2010 04:55:10, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/02/2010 04:55:10, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
25/02/2010 04:55:10, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/02/2010 04:55:10, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/02/2010 04:55:10, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/02/2010 04:39:03, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/02/2010 04:37:46, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/02/2010 04:37:44, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
25/02/2010 04:37:44, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
25/02/2010 04:37:05, Error: Service Control Manager [7031] - The Windows Mobile-based device connectivity service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/02/2010 04:37:05, Error: Service Control Manager [7031] - The Windows Mobile-2003-based device connectivity service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/02/2010 04:36:56, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Event Log service, but this action failed with the following error: An instance of the service is already running.
25/02/2010 04:36:15, Error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
25/02/2010 04:35:56, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/02/2010 04:35:56, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/02/2010 04:35:56, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
25/02/2010 04:35:56, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25/02/2010 04:35:56, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/02/2010 04:35:56, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25/02/2010 02:45:12, Error: ssidrv [31] - Invalid input parameter found.
25/02/2010 02:45:12, Error: ssidrv [26] - Failed to set monitor event rule.
25/02/2010 02:29:49, Error: Service Control Manager [7031] - The Windows Connect Now - Config Registrar service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25/02/2010 02:29:49, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
25/02/2010 02:29:49, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
25/02/2010 02:29:49, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25/02/2010 02:26:45, Error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
25/02/2010 02:25:57, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
25/02/2010 02:25:57, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
25/02/2010 02:25:57, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
25/02/2010 02:25:57, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/02/2010 02:25:57, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/02/2010 02:25:57, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
25/02/2010 02:25:57, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25/02/2010 02:25:57, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
25/02/2010 02:25:57, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
25/02/2010 02:25:57, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
25/02/2010 02:25:57, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25/02/2010 02:25:57, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25/02/2010 02:25:57, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/02/2010 22:45:26, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/02/2010 13:56:10, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
24/02/2010 13:55:32, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 1255897272SsTR service to connect.
24/02/2010 13:55:32, Error: Service Control Manager [7000] - The 1255897272SsTR service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/02/2010 13:12:00, Error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
24/02/2010 11:44:28, Error: Service Control Manager [7023] - The System Event Notification Service service terminated with the following error: Overlapped I/O operation is in progress.
23/02/2010 19:39:47, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

==== End Of File ===========================


GMER LOG:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-25 14:21:52
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\admin\AppData\Local\Temp\kwlyaaow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8D56EF8E]
SSDT 87880B70 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8D56FF5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8D56F174]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8D56E3FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8D56EBF4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8D56E2DC]
SSDT 8787F500 ZwCreateProcess
SSDT 87880020 ZwCreateProcessEx
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8D56EA82]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8D56FC16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8D56DEA2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8D56F280]
SSDT 87880A08 ZwCreateUserProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x8D56DCD4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8D56F898]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8D56E67E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8D56EDD0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x8D56DA04]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8D56E90E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x8D56DB7C]
SSDT 87880BE8 ZwQueueApcThread
SSDT 87880A80 ZwReadVirtualMemory
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8D5703C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8D56F634]
SSDT 87880CD8 ZwSetContextThread
SSDT 87DDC328 ZwSetDefaultHardErrorPort
SSDT 87880F30 ZwSetInformationProcess
SSDT 87880D50 ZwSetInformationThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8D56FA46]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8D56E618]
SSDT 87880EB8 ZwSuspendProcess
SSDT 87880C60 ZwSuspendThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8D56E802]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8D56E1A6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8D56E074]
SSDT 87880AF8 ZwWriteVirtualMemory

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E33AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E33104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E333F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E1C2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E1B898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E331DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E33958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E336F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E33F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E341A8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86B461F8

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Driver\volmgr \Device\VolMgrControl 86B411F8
Device \Driver\usbohci \Device\USBPDO-0 87E1F500
Device \Driver\usbohci \Device\USBPDO-1 87E1F500
Device \Driver\usbehci \Device\USBPDO-2 87E33500
Device \Driver\usbohci \Device\USBPDO-3 87E1F500
Device \Driver\usbohci \Device\USBPDO-4 87E1F500

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{33B98D2C-3385-482E-8BBC-84CC6AF36C6F} 87D331F8
Device \Driver\usbehci \Device\USBPDO-5 87E33500
Device \Driver\usbohci \Device\USBPDO-6 87E1F500
Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume1 86B411F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 86B411F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 87C3B1F8
Device \Driver\volmgr \Device\HarddiskVolume3 86B411F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 87C3B1F8
Device \Driver\atapi \Device\Ide\IdePort0 86B431F8
Device \Driver\atapi \Device\Ide\IdePort1 86B431F8
Device \Driver\atapi \Device\Ide\IdePort2 86B431F8
Device \Driver\atapi \Device\Ide\IdePort3 86B431F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 86B431F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2 86B431F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 86B431F8
Device \Driver\volmgr \Device\HarddiskVolume4 86B411F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume5 86B411F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume6 86B411F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000082 883C5500
Device \Driver\volmgr \Device\HarddiskVolume7 86B411F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000083 883C5500
Device \Driver\NetBT \Device\NetBt_Wins_Export 87D331F8
Device \Driver\volmgr \Device\HarddiskVolume8 86B411F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000084 883C5500
Device \Driver\USBSTOR \Device\00000078 883C5500
Device \Driver\volmgr \Device\HarddiskVolume9 86B411F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000079 883C5500
Device \Driver\USBSTOR \Device\00000086 883C5500

AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)

Device \Driver\usbohci \Device\USBFDO-0 87E1F500
Device \Driver\usbohci \Device\USBFDO-1 87E1F500
Device \Driver\usbehci \Device\USBFDO-2 87E33500
Device \Driver\usbohci \Device\USBFDO-3 87E1F500
Device \Driver\USBSTOR \Device\0000007d 883C5500
Device \Driver\usbohci \Device\USBFDO-4 87E1F500
Device \Driver\usbehci \Device\USBFDO-5 87E33500
Device \Driver\usbohci \Device\USBFDO-6 87E1F500
Device \Driver\JRAID \Device\Scsi\JRAID1 86B441F8
Device \FileSystem\cdfs \Cdfs 87CCD1F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 878FDA9A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 451FBEB27E0844E0C8880A8D5C580A9C4A4031D094282C10DD613473DFFE0F8330E1E587F37245527D8A5BE18E1141C1A4D5F1920FA0A7974110DEAC132821925E48D4E0394DCCA5B41FB4645E81B58EF3CFCFA8F67EDFAEA71BBBE77992E142A27CB1F4CD3D8E5D7FAA84EFD79932BB2AEDA235909ED96405C52928A4A9AE1892DB014E3459E21236C89834123F2997812AA2AA9DD33F5B140469482A4B8C2A08F7B0C8F22F45EFF349273322C9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6A0AC4980AC7933FEBC9E127BECC74C3CE00E73081E40CBB569E3AC15990396859B50338D9ECA373F277BF48769058A465D70C036DB738DF8B71DD1662F2AC4E722DF9FF764307C209FA404F6131FD10B3797AF39FC5B115139E16D147ADAE15CCA73BA9CAE7B465D4A69A57C156AE1E4FC7687D35718991412E305A8F3C300526EA1676FBB8B939A565FB99614174653D241C6AD94CCDE38F81B5417EC9923597B403D4B9FC455A384DE5626075B7D78EEF39ED1B11E0DD83DC34732861344A672EC09EB4311F0E5AD86C273BC70FB9B9C4B753001384538BCDA8434386CD013678849F460DCC1F23936FBA7D5152728BB4AE31C29C99BB86CA45EB64CE32A1B85B4B1E9091895012793B250450ADB2CB

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\admin322813.exe 343435 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\admin322813.exe.info 140 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\gadget.js.info 222 bytes
File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


BC AdBot (Login to Remove)

 


#2 djpleasure

djpleasure
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 25 February 2010 - 01:20 PM

Here is just some of the redirects:

hxxp://216.133.243.28
hxxp://216.133.243.28/2.php?sid=1566&keyword=sf24t558&goto=5c001a487301dffb65fb4fd730510c6b-wsU4wsfFF4%093k.wU3.wU3.SF%092vvR%3A%2F%2FEWRjEWRj.EtQ%2FNIjaE2.R2R%09R_aNfw%09wSUU%09NOskvSSu%09OqLotitz0atNI%092vvR%3A%2F%2Fnnn.OqLotitz0.EtQ%2FAqoEiqEH.R2R%3FAqo_qo%3Dww3susks%26Wai%3D2vvR%25Fj%25sO%25sOnnn%25sI2IjY0%25sIEtQ%25sOqLEtQqLz%25sOU4%26joY_Nqo%3DsFs4w%26joY_qo%3D4F3u%26v0RI%3DatL%26ovN%3Dsfwf_fs_sS_f3_Ss_w4%26i2L%3Dnj0US%26atL_WLqMWI%3Df%26aIoqaIEv_Wai%3D%26AitEH_joWiv%3Df%26QtoI%3DOqbIo%09f.fw%09sFs4w%09w%09ku4U_w4Uuk%09%09w%09GLqvIo+dqLzotQ%0985%09BIjY0.EtQ%09nj0US-kAuUAuI3wEAwU%09&objTimStr=0.11761500+1267120361


hxxp://842389423478923.com/3/tmp/geticon.pdf

hxxp://commondreams.com/search.php
hxxp://coomath4kids.com/search.php
hxxp://cupacupa.com/search.php
hxxp://dinette.org/search.

#3 djpleasure

djpleasure
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 26 February 2010 - 08:40 PM

close this please as got sorted at techsupportforum.com

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,823 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:15 AM

Posted 27 February 2010 - 08:25 AM

Okay, thanks for letting us know!

This topic is now closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users