Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

J

jcooney32

10 Posts

4369

September 27th, 2010 06:00

Windows Update Error Code 80072EFE and IE Redirect

Hi,

Everytime I try a Windows Update I get the error code 80072EFE.  Also I have problems when searching on yahoo and sometimes google and I get redirected to websites with ads.  Also the host processes on my computer stop working a lot.  My hijack log is this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:09:53 PM, on 9/26/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: COMServer - Unknown owner - C:\Windows\system32\msapps\comsrvr.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7554 bytes

kevinf80_1d0ac6

1.1K Posts

September 27th, 2010 16:00

Hi jcooney32,

I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.

If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE

** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE

Please proceed as follows :-

Step1

You have Viewpoint installed. Viewpoint developed a behavioral targeting product in 2006. Viewpoint is associated with a program called viewmgr.exe and the ViewPoint Media Player.
Viewpoint is bundled with AOL, AOL Instant Messenger, Adobe Atmosphere, Netscape 7, etc and sometimes not mentioned in the license agreement. Hardware manufacturers pre-install some of these applications.
ViewPoint Toolbar will redirect your search queries and also transmits non personally identifiable information back to their servers. The Viewpoint Toolbar is listed is also classified as a threat in the CounterSpy Threat Library because it hijacks your search queries and also transmits non personally identifiable information back to their servers.
Viewpoint Manager is a media player often bundled with AIM software. Viewpoint Manager is a useless add on.
More info here:
http://ask-leo.com/viewmgrexe.html
http://www.kephyr.com/spywarescanner/library/viewpointmediaplayer/index.phtml
Because Viewpoint's software will track your web surfing and tailor advertisements based on the web pages you are visiting, I suggest you remove the program.
** Note: Removing Viewpoint Media Player may cause the program that bundled it to not function as intended. For AOL and AIM it is needed to use their 3D icons known as Super Buddies and for customized themes, etc.
If you wish to remove Viewpoint, end process on ViewManager in Task Manager.
Go to Start > Control Panel > Uninstall a Program and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar
  • Viewpoint Experience Technology


Step 2

user posted image Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.


Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3

We need to see some additional information about what is happening in your machine. 
Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.   
  • When done, DDS will open two (2) logs         1. DDS.txt
             2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.user posted image 
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.

Please note:  You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control HERE

Step 4

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

What i`d likein your reply :-

  • Log from Malwabytes
  • Both logs from DDS
  • Log from Security Checks


Kevin

jcooney32

10 Posts

September 27th, 2010 23:00

I removed Viewpoint.

Here is the MAMB log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4700

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/27/2010 8:03:38 PM
mbam-log-2010-09-27 (20-03-38).txt

Scan type: Quick scan
Objects scanned: 140264
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Here is dds.txt

DDS (Ver_09-09-29.01) - NTFSx86 
Run by Jamer at 19:56:12.74 on Mon 09/27/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2036.740 [GMT -4:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jamer\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
Trusted Zone: myspace.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-25 64288]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-17 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-31 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-20 24652]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-26 38224]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]
S2 COMServer;COMServer;"c:\windows\system32\msapps\comsrvr.exe" s --> c:\windows\system32\msapps\comsrvr.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-30 21504]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

=============== Created Last 30 ================

2010-09-26 22:08 

 --d----- c:\program files\Trend Micro
2010-09-26 21:37   --d----- c:\users\jamer\appdata\roaming\Malwarebytes
2010-09-26 21:37 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-26 21:37   --d----- c:\programdata\Malwarebytes
2010-09-26 21:37   --d----- c:\progra~2\Malwarebytes
2010-09-26 21:37 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-09-26 21:37   --d----- c:\program files\Malwarebytes' Anti-Malware
2010-09-26 21:24   --d----- C:\_OTM
2010-09-26 21:23   --d----- c:\windows\system32\catroot2
2010-09-26 21:22 286,818,330 a------- C:\regback.reg
2010-09-26 20:58   --d----- c:\windows\pss
2010-09-23 07:52   --d----- c:\program files\iPod
2010-09-23 07:52   --d----- c:\program files\iTunes
2010-09-23 07:49   --d----- c:\program files\Bonjour
2010-09-23 00:05   --d----- c:\program files\common files\PC Tools
2010-09-22 23:50   --d----- c:\programdata\PLAV
2010-09-22 23:50   --d----- c:\progra~2\PLAV
2010-09-22 23:34   --d----- c:\program files\iTunes(108)
2010-09-22 23:34   --d----- c:\programdata\ParetoLogic
2010-09-22 23:34   --d----- c:\program files\common files\ParetoLogic
2010-09-22 23:34   --d----- c:\progra~2\ParetoLogic
2010-09-22 23:33   --d----- c:\programdata\ParetoLogic Anti-Virus PLUS
2010-09-22 23:33   --d----- c:\program files\common files\PLAV
2010-09-22 23:33   --d----- c:\progra~2\ParetoLogic Anti-Virus PLUS
2010-09-22 23:32   --d----- c:\program files\ParetoLogic
2010-09-08 08:17   --d----- c:\program files\iTunes(106)

==================== Find3M  ====================

2010-09-26 15:39 14,378 a------- c:\users\jamer\appdata\roaming\wklnhst.dat
2010-09-23 07:50 143,360 a------- c:\windows\inf\infstrng.dat
2010-09-23 07:50 143,360 a------- c:\windows\inf\infstor.dat
2010-09-23 07:50 51,200 a------- c:\windows\inf\infpub.dat
2010-08-12 08:15 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2010-08-12 08:15 15,880 a------- c:\windows\system32\lsdelete.exe
2010-08-05 21:16 243,024 a------- c:\windows\system32\drivers\avgtdix.sys
2010-07-27 18:44 107,808 a------- c:\windows\system32\dns-sd.exe
2010-07-27 18:44 91,424 a------- c:\windows\system32\dnssd.dll
2010-04-12 22:25 70,296 a------- c:\users\jamer\appdata\roaming\GDIPFONTCACHEV1.DAT
2009-10-28 10:25 665,600 a------- c:\windows\inf\drvindex.dat
2008-10-20 00:00 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2001-07-31 14:34 2,097,152 a------- c:\program files\pcrystalusa.gbc
2009-08-21 15:14 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-08-21 15:14 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-08-21 15:14 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-08-21 15:14 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-05-24 18:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2010-05-13 10:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050320100510\index.dat
2010-05-24 17:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051020100517\index.dat
2010-05-24 18:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052420100525\index.dat
2010-06-15 22:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010060720100614\index.dat
2010-06-15 22:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010061520100616\index.dat
2010-06-12 17:09 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2010-06-12 17:09 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2010-05-24 18:50 49,152 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\privacie\index.dat
2010-05-24 18:48 16,384 a--sh--- c:\windows\system32\config\systemprofile\desktop\%appdata%\microsoft\windows\ietldcache\index.dat
2008-05-06 12:28 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:01:37.48 ===============

The attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/6/2008 4:40:29 AM
System Uptime: 9/27/2010 7:59:31 AM (13 hours ago)

Motherboard: Dell Inc. |  | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU     E4600  @ 2.40GHz | Socket 775 | 2400/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 456 GiB total, 328.141 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.857 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom 802.11g Network Adapter
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_100F1043&REV_02\4&22B40817&0&00F0
Manufacturer: Broadcom
Name: Broadcom 802.11g Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_100F1043&REV_02\4&22B40817&0&00F0
Service: BCM43XX

==== System Restore Points ===================

RP813: 8/27/2010 2:04:54 PM - Installed WinZip 14.5
RP815: 8/27/2010 2:25:20 PM - Installed DirectX
RP816: 8/28/2010 11:19:47 AM - Scheduled Checkpoint
RP817: 8/29/2010 12:00:08 AM - Scheduled Checkpoint
RP818: 8/30/2010 12:00:06 AM - Scheduled Checkpoint
RP819: 8/31/2010 7:08:21 AM - Scheduled Checkpoint
RP820: 9/1/2010 12:14:29 AM - Scheduled Checkpoint
RP821: 9/1/2010 1:05:46 PM - Scheduled Checkpoint
RP822: 9/2/2010 9:19:44 AM - Scheduled Checkpoint
RP823: 9/3/2010 12:00:05 AM - Scheduled Checkpoint
RP824: 9/6/2010 7:07:45 PM - Scheduled Checkpoint
RP825: 9/7/2010 9:03:13 AM - Scheduled Checkpoint
RP826: 9/8/2010 12:01:19 AM - Scheduled Checkpoint
RP827: 9/8/2010 8:10:19 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP828: 9/9/2010 12:36:40 AM - Scheduled Checkpoint
RP829: 9/9/2010 4:54:30 PM - Scheduled Checkpoint
RP830: 9/10/2010 8:54:14 AM - Scheduled Checkpoint
RP831: 9/12/2010 8:12:00 PM - Scheduled Checkpoint
RP832: 9/13/2010 9:09:42 AM - Scheduled Checkpoint
RP833: 9/14/2010 12:00:06 AM - Scheduled Checkpoint
RP834: 9/14/2010 3:25:19 PM - Windows Update
RP835: 9/15/2010 9:09:20 AM - Scheduled Checkpoint
RP836: 9/16/2010 12:01:34 AM - Scheduled Checkpoint
RP837: 9/17/2010 12:00:07 AM - Scheduled Checkpoint
RP838: 9/17/2010 2:23:47 PM - Scheduled Checkpoint
RP839: 9/18/2010 12:16:32 PM - Scheduled Checkpoint
RP840: 9/19/2010 1:44:58 PM - Scheduled Checkpoint
RP851: 9/22/2010 8:25:42 PM - Restore Operation
RP852: 9/22/2010 8:47:44 PM - Restore Operation
RP853: 9/22/2010 9:07:46 PM - Restore Operation

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.4
Adobe Shockwave Player 11.5
Age of Empires III
Age of Empires III - The WarChiefs
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG Free 9.0
Bonjour
Browser Defender 2.0.6.15
CA Yahoo! Anti-Spy (remove only)
Compatibility Pack for the 2007 Office system
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center
DivX Codec
DivX Converter
DivX Version Checker
Download Updater (AOL LLC)
Google Desktop
GoToAssist 8.0.0.514
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PRO Network Connections 12.1.11.0
iTunes
Java(TM) SE Runtime Environment 6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
Network Play System (Patching)
OGA Notifier 2.0.0048.0
Product Documentation Launcher
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Return to Castle Wolfenstein - Platinum Edition
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SimCity 4 Deluxe
Spelling Dictionaries Support For Adobe Reader 8
Star Wars Galactic Battlegrounds
Star Wars Galactic Battlegrounds: Clone Campaigns
Stronghold
The Battle for Middle-earth (tm)
Tropico
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WinZip 14.0
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/27/2010 8:00:16 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AvgLdx86
9/27/2010 6:41:37 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
9/26/2010 9:27:52 PM, Error: Service Control Manager [7023]  - The fioo32 service terminated with the following error:  The specified module could not be found.
9/26/2010 9:24:28 PM, Error: Service Control Manager [7031]  - The Lavasoft Ad-Aware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/26/2010 9:02:11 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
9/26/2010 9:02:07 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/26/2010 9:02:07 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/26/2010 9:01:33 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/26/2010 9:01:33 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/26/2010 9:01:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/26/2010 9:01:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/26/2010 9:00:43 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:  A device attached to the system is not functioning.
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
9/26/2010 9:00:43 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
9/26/2010 4:30:12 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error:  An instance of the service is already running.
9/26/2010 11:13:17 PM, Error: EventLog [6008]  - The previous system shutdown at 11:12:10 PM on 9/26/2010 was unexpected.
9/25/2010 12:16:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.2.3 for the Network Card with network address 001D0992D73B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/24/2010 6:28:05 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.2.5 for the Network Card with network address 001D0992D73B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/24/2010 3:40:23 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.101 for the Network Card with network address 001FC65C1006 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/24/2010 3:26:49 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.2.2 for the Network Card with network address 001FC65C1006 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/24/2010 3:17:40 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.2.6 for the Network Card with network address 001FC65C1006 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/23/2010 8:44:18 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AvgLdx86 mfetdik
9/23/2010 8:44:09 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.105 for the Network Card with network address 001FC65C1006 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/23/2010 8:44:03 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.2.2 for the Network Card with network address 001D0992D73B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/23/2010 8:43:52 AM, Error: EventLog [6008]  - The previous system shutdown at 8:42:04 AM on 9/23/2010 was unexpected.
9/23/2010 7:50:10 AM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/23/2010 7:49:22 AM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/23/2010 12:56:13 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
9/23/2010 12:43:54 AM, Error: EventLog [6008]  - The previous system shutdown at 12:42:23 AM on 9/23/2010 was unexpected.
9/23/2010 12:34:33 AM, Error: EventLog [6008]  - The previous system shutdown at 12:32:41 AM on 9/23/2010 was unexpected.
9/23/2010 1:46:03 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
9/23/2010 1:30:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/23/2010 1:16:25 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC kl1 KLIF KLIM6 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
9/23/2010 1:16:17 AM, Error: EventLog [6008]  - The previous system shutdown at 1:14:22 AM on 9/23/2010 was unexpected.
9/23/2010 1:03:05 AM, Error: EventLog [6008]  - The previous system shutdown at 1:01:11 AM on 9/23/2010 was unexpected.
9/22/2010 8:54:15 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.2.9 for the Network Card with network address 001D0992D73B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The Secondary Logon service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The Remote Access Connection Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/21/2010 9:00:25 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/21/2010 8:53:20 AM, Error: Service Control Manager [7001]  - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:  The service has not been started.
9/21/2010 7:38:39 PM, Error: Service Control Manager [7000]  - The McAfee Inc. service failed to start due to the following error:  The process cannot access the file because it is being used by another process.
9/21/2010 7:37:36 PM, Error: EventLog [6008]  - The previous system shutdown at 7:36:35 PM on 9/21/2010 was unexpected.
9/20/2010 9:54:33 AM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/20/2010 9:54:33 AM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
9/20/2010 9:54:33 AM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
9/20/2010 9:54:33 AM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/20/2010 9:54:33 AM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

==== End Of File ===========================

And finally the security screen:

Results of screen317's Security Check version 0.99.5 
 Windows Vista Service Pack 2 (UAC is disabled!)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 AVG Free 9.0   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Ad-Aware
 Malwarebytes' Anti-Malware   
 Java(TM) SE Runtime Environment 6
 Adobe Flash Player 10.0.12.36 
Adobe Reader 8.2.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Ad-Aware AAWService.exe
 Ad-Aware AAWTray.exe
 Malwarebytes' Anti-Malware mbam.exe 
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgnsx.exe
````````````````````````````````
DNS Vulnerability Check:
 Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

kevinf80_1d0ac6

1.1K Posts

September 28th, 2010 00:00

Hi jcooney32,

There is still evidence of viewpoint on your system, i`ll remove that later if you want. You have several Antivirus programs on board AVG, Paretologic and Ad-aware (this now has an AV component) If you have more than one AV running with realtime protection they will clash and may even negate function.
Paretologic is not a program i`d personally recommend, it was originally on the Rogue program list as not to be trusted. I also see evidence of tools that are used by Malware removal forum helpers, have you had assistance before?
Personally i`d uninstall Paretologic, regarding Ad-aware, there is a procedure to turn off the AV component as follows if you want to keep the Antispyware engine running after you are clean:

Open Ad-Aware

  • Click on switch to advanced mode
  • Click on Settings
  • Click on the Ad-watch live! tab and under Detection layers ensure Antivirus engine is unchecked
  • Click OK and close Ad-Aware

Next,

Proceed as follows :-

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

Combofix

Don`t forget Combofix must be saved to your desktop. <--Very important

Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

Please include the C:\ComboFix.txt in your next reply for further review.

Examples of how to disable realtime protection available at the following link :-

Disable realtime protection


Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)


Post the Combofix log in you reply please,

Kevin

jcooney32

10 Posts

September 28th, 2010 13:00

When I try to go to add/remove programs Paretologic isn't there...I installed it because someone said it could help I don't know why it isn't there I don't remember unistalling it.

combofix log:

ComboFix 10-09-27.05 - Jamer 09/28/2010  14:29:22.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2036.937 [GMT -4:00]
Running from: c:\users\Jamer\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\feed.txt
c:\program files\webserver
c:\users\Jamer\AppData\Local\Windows Server
c:\users\Jamer\AppData\Local\Windows Server\uses32.dat

.
(((((((((((((((((((((((((   Files Created from 2010-08-28 to 2010-09-28  )))))))))))))))))))))))))))))))
.

2010-09-28 18:39 . 2010-09-28 18:46 -------- d-----w- c:\users\Jamer\AppData\Local\temp
2010-09-28 18:39 . 2010-09-28 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-27 02:08 . 2010-09-27 02:08 388096 ----a-r- c:\users\Jamer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-27 02:08 . 2010-09-27 02:08 -------- d-----w- c:\program files\Trend Micro
2010-09-27 01:37 . 2010-09-27 01:37 -------- d-----w- c:\users\Jamer\AppData\Roaming\Malwarebytes
2010-09-27 01:37 . 2010-09-27 01:37 -------- d-----w- c:\programdata\Malwarebytes
2010-09-27 01:37 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 01:37 . 2010-09-27 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 01:37 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 01:24 . 2010-09-27 01:24 -------- d-----w- C:\_OTM
2010-09-27 01:23 . 2010-09-27 01:26 -------- d-----w- c:\windows\system32\catroot2
2010-09-27 01:22 . 2010-09-27 01:23 286818330 ----a-w- C:\regback.reg
2010-09-23 11:52 . 2010-09-23 11:52 -------- d-----w- c:\program files\iPod
2010-09-23 11:52 . 2010-09-23 11:52 -------- d-----w- c:\program files\iTunes
2010-09-23 11:50 . 2010-09-23 11:50 -------- d-----w- c:\program files\Apple Software Update
2010-09-23 11:49 . 2010-09-23 11:49 -------- d-----w- c:\program files\Bonjour
2010-09-23 05:27 . 2010-09-23 05:27 680 ----a-w- c:\users\Jamer\AppData\Local\d3d9caps.dat
2010-09-23 04:05 . 2010-09-23 05:41 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-23 03:50 . 2010-09-23 03:50 -------- d-----w- c:\programdata\PLAV
2010-09-23 03:34 . 2010-09-23 04:07 -------- d-----w- c:\program files\iTunes(108)
2010-09-23 03:34 . 2010-09-23 03:34 -------- d-----w- c:\programdata\ParetoLogic
2010-09-23 03:34 . 2010-09-23 03:34 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-09-23 03:33 . 2010-09-23 03:33 -------- d-----w- c:\program files\Common Files\PLAV
2010-09-23 03:33 . 2010-09-23 03:33 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2010-09-23 03:32 . 2010-09-23 03:32 -------- d-----w- c:\program files\ParetoLogic
2010-09-08 12:17 . 2010-09-08 12:18 -------- d-----w- c:\program files\iTunes(106)
2010-09-01 13:12 . 2010-09-01 13:12 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-31 02:38 . 2010-09-09 16:09 -------- d-----w- c:\users\Jamer\AppData\Local\remrjlamf

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-27 23:53 . 2008-05-20 16:28 -------- d-----w- c:\program files\Viewpoint
2010-09-27 23:52 . 2008-05-20 16:43 -------- d-----w- c:\program files\LimeWire
2010-09-26 19:39 . 2008-05-20 22:11 14378 ----a-w- c:\users\Jamer\AppData\Roaming\wklnhst.dat
2010-09-24 07:09 . 2008-05-06 08:51 -------- d-----w- c:\program files\Dell
2010-09-23 11:52 . 2009-01-10 16:43 -------- d-----w- c:\program files\Common Files\Apple
2010-09-23 11:51 . 2010-02-21 20:41 -------- d-----w- c:\program files\QuickTime
2010-09-23 05:40 . 2009-11-17 05:22 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2010-09-23 04:53 . 2010-03-22 20:19 -------- d-----w- c:\program files\Spyware Doctor
2010-08-27 22:19 . 2008-05-11 19:49 -------- d-----w- c:\program files\Maxis
2010-08-27 18:05 . 2009-02-13 07:13 -------- d-----w- c:\programdata\WinZip
2010-08-27 18:05 . 2010-08-27 18:05 -------- d-----w- c:\program files\WinZip(189)
2010-08-27 15:46 . 2010-08-27 15:46 -------- d-----w- c:\program files\Microsoft.NET
2010-08-26 02:18 . 2010-05-02 23:09 -------- d-----w- c:\program files\AIM7
2010-08-26 02:17 . 2010-08-26 02:17 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-08-26 02:17 . 2008-05-20 16:28 -------- d-----w- c:\program files\Common Files\AOL
2010-08-25 23:57 . 2010-08-25 23:57 -------- dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-25 23:57 . 2009-02-10 00:02 -------- d-----w- c:\program files\Lavasoft
2010-08-25 23:57 . 2008-12-10 19:31 -------- d-----w- c:\programdata\Lavasoft
2010-08-25 23:43 . 2008-05-06 08:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-12 12:16 . 2010-08-25 23:57 2979848 -c--a-w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-12 12:15 . 2010-08-26 00:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2010-08-26 00:24 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-11 04:34 . 2008-05-06 08:59 -------- d-----w- c:\program files\Microsoft Works
2010-08-11 04:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-06 01:16 . 2009-11-17 20:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-27 22:44 . 2010-07-27 22:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2001-07-31 18:34 . 2001-07-31 18:34 2097152 ----a-w- c:\program files\pcrystalusa.gbc
2008-05-06 16:28 . 2008-05-06 16:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-25 129560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-06 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-21 2065248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-06 09:02 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-12 916760]
R2 COMServer;COMServer;c:\windows\system32\msapps\comsrvr.exe s
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-08-06 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-23 1355928]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = yahoo.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: myspace.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-28 14:46
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85F03C76]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x87fa7d24
\Driver\ACPI -> acpi.sys @ 0x8069ad68
\Driver\atapi -> ataport.SYS @ 0x807b0a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-09-28  14:55:49
ComboFix-quarantined-files.txt  2010-09-28 18:55

Pre-Run: 352,062,263,296 bytes free
Post-Run: 352,000,307,200 bytes free

- - End Of File - - 29BA82CD782411032C91D8CC9103E0E6

kevinf80_1d0ac6

1.1K Posts

September 28th, 2010 14:00

You`ll have to be honest with me, who ran Combofix and OTM , I`ve already asked if you`ve had help previously, you chose not to answer that question. There are too many security programs running. AVG, Spyware Doctor, Ad-aware, Paretologic, Windows defender.

You also have Limewire installed, did you not see the warning in my initial reply about P2P applications and Forum Policy.

Run the following two scans, I need to see if there are any vulnerabilities and look at your security set up:

Download CKScanner from here

Important : Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



Next,

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Answer my questions and post the logs...

 

Kevin

 

 

jcooney32

10 Posts

September 28th, 2010 16:00

Sorry, I must have missed that question about help.  I don't have help.  I though I knew enough about computers for what you are tellin me.  I unistallled Limewire.  When I ran combofix the first time it took me to a login screen for my computer that didn't have my login information.  I shut the computer off and I was able to login to my name and I ran combofix again.  I forgot to turn off AVG and I have no idea what windows defender is.  I have previously before that scan unistalled Paretologic and Spyware Doctor. 

Here is the CK Scanner:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\firefly studios\stronghold\gm\cracks.gm1
scanner sequence 3.NA.11
 ----- EOF -----

Security Check:

Results of screen317's Security Check version 0.99.5 
 Windows Vista Service Pack 2 (UAC is disabled!)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 AVG Free 9.0   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Ad-Aware
 Malwarebytes' Anti-Malware   
 Java(TM) SE Runtime Environment 6
 Adobe Flash Player 10.0.12.36 
Adobe Reader 8.2.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Ad-Aware AAWService.exe
 Ad-Aware AAWTray.exe
 AVG avgwdsvc.exe
 AVG avgnsx.exe
````````````````````````````````
DNS Vulnerability Check:
 Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

 

Sorry for any misscommunication

kevinf80_1d0ac6

1.1K Posts

September 29th, 2010 03:00

Hi jcooney32,

Ok proceed as follows please :-

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text between the dotted lines below into it:

-----------------------------------------------------------------------------------------------------

KillAll::

File::
c:\users\Jamer\AppData\Roaming\wklnhst.dat
c:\windows\system32\msapps\comsrvr.exe
Folder::
c:\programdata\ParetoLogic
c:\program files\Common Files\ParetoLogic
c:\program files\Common Files\PLAV
c:\programdata\ParetoLogic Anti-Virus PLUS
c:\program files\ParetoLogic
c:\users\Jamer\AppData\Local\remrjlamf
c:\program files\Viewpoint
c:\program files\LimeWire
Driver::
Viewpoint Manager Service
COMServer
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

-----------------------------------------------------------------------------------------------------

Save this as CFScript.txt, in the same location as ComboFix.exe
user posted image


user posted image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run an online virus scan with Kaspersky from HERE.Use Internet Explorer to get there. This scan is very thorough and may take several hours to run, please allow it to complete.
1. At the main page. Press on " Accept". After reading the contents.
2. At the next window Select  Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.

The following animation may help.

Kaspersky Gif

What i`d like in your reply :-

  • Log from Combofix
  • Log from Kaspersky
  • System review, improvements? issues?


If you are keeping Ad-aware make sure the AV component is disabled, it will clash with AVG... Also ensure UAC is enabled, not a good idea to keep that switched off..

Kevin















































































jcooney32

10 Posts

September 29th, 2010 17:00

Combofix:

ComboFix 10-09-28.03 - Jamer 09/29/2010  12:58:16.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2036.924 [GMT -4:00]
Running from: c:\users\Jamer\Desktop\ComboFix.exe
Command switches used :: c:\users\Jamer\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Created a new restore point

FILE ::
"c:\users\Jamer\AppData\Roaming\wklnhst.dat"
"c:\windows\system32\msapps\comsrvr.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\ParetoLogic
c:\program files\Common Files\ParetoLogic\UUS3\Images\close.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\close_md.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\close_mo.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\close_pu.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\close_pu_md.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\close_pu_mo.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\Logo.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\min.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\min_md.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\min_mo.png
c:\program files\Common Files\ParetoLogic\UUS3\Images\topbar_gradient.png
c:\program files\Common Files\ParetoLogic\UUS3\ParetoLogicUpdate.chm
c:\program files\Common Files\PLAV
c:\program files\Common Files\PLAV\02AFC464.key
c:\program files\Common Files\PLAV\0A127BB1.key
c:\program files\Common Files\PLAV\appinfo.kli
c:\program files\Common Files\PLAV\AVExtensions.pxt
c:\program files\Common Files\PLAV\CommonLoggingExtension.pxt
c:\program files\Common Files\PLAV\Drivers\ReleaseNotes.txt
c:\program files\Common Files\PLAV\Drivers\udinstaller.log
c:\program files\Common Files\PLAV\Engine\advdis.ppl
c:\program files\Common Files\PLAV\Engine\appinfo.kli
c:\program files\Common Files\PLAV\Engine\Arj.ppl
c:\program files\Common Files\PLAV\Engine\ArjPack.ppl
c:\program files\Common Files\PLAV\Engine\avlib.ppl
c:\program files\Common Files\PLAV\Engine\Avp1.ppl
c:\program files\Common Files\PLAV\Engine\AVP3Info.ppl
c:\program files\Common Files\PLAV\Engine\avpgs.ppl
c:\program files\Common Files\PLAV\Engine\AvpMgr.ppl
c:\program files\Common Files\PLAV\Engine\avs.ppl
c:\program files\Common Files\PLAV\Engine\avspm.ppl
c:\program files\Common Files\PLAV\Engine\Base64.ppl
c:\program files\Common Files\PLAV\Engine\Base64P.ppl
c:\program files\Common Files\PLAV\Engine\btdisk.ppl
c:\program files\Common Files\PLAV\Engine\btimages.ppl
c:\program files\Common Files\PLAV\Engine\buffer.ppl
c:\program files\Common Files\PLAV\Engine\CAB.ppl
c:\program files\Common Files\PLAV\Engine\crpthlpr.ppl
c:\program files\Common Files\PLAV\Engine\deflate.ppl
c:\program files\Common Files\PLAV\Engine\dmap.ppl
c:\program files\Common Files\PLAV\Engine\dtreg.ppl
c:\program files\Common Files\PLAV\Engine\Explode.ppl
c:\program files\Common Files\PLAV\Engine\EXTLprtc.ppl
c:\program files\Common Files\PLAV\Engine\filemap.ppl
c:\program files\Common Files\PLAV\Engine\FsDrvPlg.ppl
c:\program files\Common Files\PLAV\Engine\HashCont.ppl
c:\program files\Common Files\PLAV\Engine\HashMD5.PPL
c:\program files\Common Files\PLAV\Engine\HCCMP.ppl
c:\program files\Common Files\PLAV\Engine\httpanlz.ppl
c:\program files\Common Files\PLAV\Engine\httpscan.ppl
c:\program files\Common Files\PLAV\Engine\icheck3.ppl
c:\program files\Common Files\PLAV\Engine\IMAPprtc.ppl
c:\program files\Common Files\PLAV\Engine\Inflate.ppl
c:\program files\Common Files\PLAV\Engine\IniFile.ppl
c:\program files\Common Files\PLAV\Engine\IWGen.ppl
c:\program files\Common Files\PLAV\Engine\klsrl.xml
c:\program files\Common Files\PLAV\Engine\klsrlsvc.ppl
c:\program files\Common Files\PLAV\Engine\L_llio.ppl
c:\program files\Common Files\PLAV\Engine\lha.ppl
c:\program files\Common Files\PLAV\Engine\MailDisp.ppl
c:\program files\Common Files\PLAV\Engine\MailMsg.ppl
c:\program files\Common Files\PLAV\Engine\mc.ppl
c:\program files\Common Files\PLAV\Engine\mdb.ppl
c:\program files\Common Files\PLAV\Engine\MDMAP.ppl
c:\program files\Common Files\PLAV\Engine\MemModSc.ppl
c:\program files\Common Files\PLAV\Engine\MemScan.ppl
c:\program files\Common Files\PLAV\Engine\minizip.ppl
c:\program files\Common Files\PLAV\Engine\mkavio.ppl
c:\program files\Common Files\PLAV\Engine\msoe.ppl
c:\program files\Common Files\PLAV\Engine\ndetect.ppl
c:\program files\Common Files\PLAV\Engine\nfio.ppl
c:\program files\Common Files\PLAV\Engine\NNTPprtc.ppl
c:\program files\Common Files\PLAV\Engine\NTFSstrm.ppl
c:\program files\Common Files\PLAV\Engine\oas.ppl
c:\program files\Common Files\PLAV\Engine\ods.ppl
c:\program files\Common Files\PLAV\Engine\params.ppl
c:\program files\Common Files\PLAV\Engine\passdmap.ppl
c:\program files\Common Files\PLAV\Engine\pdm2rt.ppl
c:\program files\Common Files\PLAV\Engine\POP3prtc.ppl
c:\program files\Common Files\PLAV\Engine\procmon.ppl
c:\program files\Common Files\PLAV\Engine\propmap.ppl
c:\program files\Common Files\PLAV\Engine\prseqio.ppl
c:\program files\Common Files\PLAV\Engine\PrUtil.ppl
c:\program files\Common Files\PLAV\Engine\qb.ppl
c:\program files\Common Files\PLAV\Engine\Quantum.ppl
c:\program files\Common Files\PLAV\Engine\rar.ppl
c:\program files\Common Files\PLAV\Engine\regmap.ppl
c:\program files\Common Files\PLAV\Engine\Report.ppl
c:\program files\Common Files\PLAV\Engine\ReportDB.ppl
c:\program files\Common Files\PLAV\Engine\schedule.ppl
c:\program files\Common Files\PLAV\Engine\sfdb.PPL
c:\program files\Common Files\PLAV\Engine\SMTPprtc.ppl
c:\program files\Common Files\PLAV\Engine\stat.ppl
c:\program files\Common Files\PLAV\Engine\StdComp.ppl
c:\program files\Common Files\PLAV\Engine\StEnum2.ppl
c:\program files\Common Files\PLAV\Engine\stored.ppl
c:\program files\Common Files\PLAV\Engine\SubstIO.ppl
c:\program files\Common Files\PLAV\Engine\superio.ppl
c:\program files\Common Files\PLAV\Engine\thpimpl.ppl
c:\program files\Common Files\PLAV\Engine\Timer.ppl
c:\program files\Common Files\PLAV\Engine\tm.ppl
c:\program files\Common Files\PLAV\Engine\TrafMon2.ppl
c:\program files\Common Files\PLAV\Engine\UnArj.ppl
c:\program files\Common Files\PLAV\Engine\UniArc.ppl
c:\program files\Common Files\PLAV\Engine\UnLZX.ppl
c:\program files\Common Files\PLAV\Engine\Unreduce.ppl
c:\program files\Common Files\PLAV\Engine\UNSHRINK.ppl
c:\program files\Common Files\PLAV\Engine\UnStored.ppl
c:\program files\Common Files\PLAV\Engine\urlflt.ppl
c:\program files\Common Files\PLAV\Engine\volenum.ppl
c:\program files\Common Files\PLAV\Engine\WDiskIO.ppl
c:\program files\Common Files\PLAV\Engine\webnetstat.ppl
c:\program files\Common Files\PLAV\Engine\WinReg.ppl
c:\program files\Common Files\PLAV\Engine\wmihlpr.ppl
c:\program files\Common Files\PLAV\Engine\xorio.ppl
c:\program files\Common Files\PLAV\templates\templ.html
c:\program files\Common Files\PLAV\Utility.pxt
c:\program files\LimeWire
c:\program files\LimeWire\lib(18)\LimeWire.jar
c:\program files\LimeWire\root(23)\magnet10\badge.img
c:\program files\LimeWire\root(23)\magnet10\canHandle.img
c:\program files\LimeWire\root(23)\magnet10\limewire.gif
c:\program files\LimeWire\toolbarResult
c:\program files\ParetoLogic
c:\program files\ParetoLogic\PLAV\HTML\0_days.html
c:\program files\ParetoLogic\PLAV\HTML\1_days.html
c:\program files\ParetoLogic\PLAV\HTML\15_days.html
c:\program files\ParetoLogic\PLAV\HTML\2_days.html
c:\program files\ParetoLogic\PLAV\HTML\30_days.html
c:\program files\ParetoLogic\PLAV\HTML\5_days.html
c:\program files\ParetoLogic\PLAV\HTML\images\info_bubble.jpg
c:\program files\ParetoLogic\PLAV\HTML\images\page_titlerepeat.jpg
c:\program files\ParetoLogic\PLAV\HTML\images\tile_footerbarbase.jpg
c:\program files\ParetoLogic\PLAV\HTML\images\tile_subheadbarbase.jpg
c:\program files\ParetoLogic\PLAV\HTML\images\tile_titlebarbase.jpg
c:\program files\ParetoLogic\PLAV\HTML\images\tile_titlebarend.jpg
c:\program files\ParetoLogic\PLAV\HTML\images\tile_titlebarfloat.jpg
c:\program files\ParetoLogic\PLAV\HTML\main.css
c:\program files\ParetoLogic\PLAV\Images\About.png
c:\program files\ParetoLogic\PLAV\Images\alert_icon.png
c:\program files\ParetoLogic\PLAV\Images\alert_large.png
c:\program files\ParetoLogic\PLAV\Images\alertbox_header.png
c:\program files\ParetoLogic\PLAV\Images\alertbox_title.png
c:\program files\ParetoLogic\PLAV\Images\App_Splash.png
c:\program files\ParetoLogic\PLAV\Images\ApplicationLogo.png
c:\program files\ParetoLogic\PLAV\Images\AVEngineFileSystem(16).png
c:\program files\ParetoLogic\PLAV\Images\AVEngineFileSystem(32).png
c:\program files\ParetoLogic\PLAV\Images\banner_bg.png
c:\program files\ParetoLogic\PLAV\Images\bg.png
c:\program files\ParetoLogic\PLAV\Images\BHO.png
c:\program files\ParetoLogic\PLAV\Images\Browser Modification(16).png
c:\program files\ParetoLogic\PLAV\Images\Browser Modification(32).png
c:\program files\ParetoLogic\PLAV\Images\BrowserHelperObject(16).png
c:\program files\ParetoLogic\PLAV\Images\BrowserHelperObject(32).png
c:\program files\ParetoLogic\PLAV\Images\BrowserHijack(16).png
c:\program files\ParetoLogic\PLAV\Images\BrowserHijack(32).png
c:\program files\ParetoLogic\PLAV\Images\CancelButton.png
c:\program files\ParetoLogic\PLAV\Images\CancelButtondown.png
c:\program files\ParetoLogic\PLAV\Images\CancelButtonmouseover.png
c:\program files\ParetoLogic\PLAV\Images\CleanButton.png
c:\program files\ParetoLogic\PLAV\Images\CleanButtondown.png
c:\program files\ParetoLogic\PLAV\Images\CleanButtonmouseover.png
c:\program files\ParetoLogic\PLAV\Images\close-b.png
c:\program files\ParetoLogic\PLAV\Images\close.png
c:\program files\ParetoLogic\PLAV\Images\close_popup.png
c:\program files\ParetoLogic\PLAV\Images\Cyclic.png
c:\program files\ParetoLogic\PLAV\Images\Database_small.png
c:\program files\ParetoLogic\PLAV\Images\detected.png
c:\program files\ParetoLogic\PLAV\Images\Documents.png
c:\program files\ParetoLogic\PLAV\Images\DocumentsInfo.png
c:\program files\ParetoLogic\PLAV\Images\File System(16).png
c:\program files\ParetoLogic\PLAV\Images\File System(32).png
c:\program files\ParetoLogic\PLAV\Images\green_option_button.png
c:\program files\ParetoLogic\PLAV\Images\IconCheck.png
c:\program files\ParetoLogic\PLAV\Images\IconError.png
c:\program files\ParetoLogic\PLAV\Images\IconExclamation.png
c:\program files\ParetoLogic\PLAV\Images\Internet(16).png
c:\program files\ParetoLogic\PLAV\Images\Internet(32).png
c:\program files\ParetoLogic\PLAV\Images\Internet(64).png
c:\program files\ParetoLogic\PLAV\Images\logo_bg.png
c:\program files\ParetoLogic\PLAV\Images\max-b.png
c:\program files\ParetoLogic\PLAV\Images\max-g.png
c:\program files\ParetoLogic\PLAV\Images\min-b.png
c:\program files\ParetoLogic\PLAV\Images\min-g.png
c:\program files\ParetoLogic\PLAV\Images\nav-about-lg.png
c:\program files\ParetoLogic\PLAV\Images\Nav_About.png
c:\program files\ParetoLogic\PLAV\Images\Nav_ActiveProtection.png
c:\program files\ParetoLogic\PLAV\Images\Nav_ActiveProtection_BlockedEvents.png
c:\program files\ParetoLogic\PLAV\Images\Nav_ActiveProtection_Internet.png
c:\program files\ParetoLogic\PLAV\Images\Nav_ActiveProtection_LoggedEvents.png
c:\program files\ParetoLogic\PLAV\Images\Nav_ActiveProtection_Overview.png
c:\program files\ParetoLogic\PLAV\Images\Nav_ActiveProtection_System.png
c:\program files\ParetoLogic\PLAV\Images\Nav_Backup.png
c:\program files\ParetoLogic\PLAV\Images\Nav_Ignore.png
c:\program files\ParetoLogic\PLAV\Images\Nav_Scan.png
c:\program files\ParetoLogic\PLAV\Images\Nav_Schedule.png
c:\program files\ParetoLogic\PLAV\Images\navbutton.png
c:\program files\ParetoLogic\PLAV\Images\navbutton_highlighted.png
c:\program files\ParetoLogic\PLAV\Images\navbutton_rollover.png
c:\program files\ParetoLogic\PLAV\Images\Network(16).png
c:\program files\ParetoLogic\PLAV\Images\Network(32).png
c:\program files\ParetoLogic\PLAV\Images\okay_icon.png
c:\program files\ParetoLogic\PLAV\Images\Option_small.png
c:\program files\ParetoLogic\PLAV\Images\Overview.png
c:\program files\ParetoLogic\PLAV\Images\progress_glow.png
c:\program files\ParetoLogic\PLAV\Images\Registration_small.png
c:\program files\ParetoLogic\PLAV\Images\results.png
c:\program files\ParetoLogic\PLAV\Images\RTB.png
c:\program files\ParetoLogic\PLAV\Images\RTB_Message.png
c:\program files\ParetoLogic\PLAV\Images\RTBBlocked(Small).png
c:\program files\ParetoLogic\PLAV\Images\RTBBlocked.png
c:\program files\ParetoLogic\PLAV\Images\RTBLogged(Small).png
c:\program files\ParetoLogic\PLAV\Images\RTBLogged.png
c:\program files\ParetoLogic\PLAV\Images\RTBOverview(Small).png
c:\program files\ParetoLogic\PLAV\Images\RTBOverview.png
c:\program files\ParetoLogic\PLAV\Images\RTBOverviewAlertLevel.png
c:\program files\ParetoLogic\PLAV\Images\RTBOverviewSummary.png
c:\program files\ParetoLogic\PLAV\Images\RTM.png
c:\program files\ParetoLogic\PLAV\Images\Scan.png
c:\program files\ParetoLogic\PLAV\Images\scanning.png
c:\program files\ParetoLogic\PLAV\Images\ScanSummaryLogo.png
c:\program files\ParetoLogic\PLAV\Images\Scheduling.png
c:\program files\ParetoLogic\PLAV\Images\search0001.png
c:\program files\ParetoLogic\PLAV\Images\search0002.png
c:\program files\ParetoLogic\PLAV\Images\search0003.png
c:\program files\ParetoLogic\PLAV\Images\search0004.png
c:\program files\ParetoLogic\PLAV\Images\search0005.png
c:\program files\ParetoLogic\PLAV\Images\search0006.png
c:\program files\ParetoLogic\PLAV\Images\search0007.png
c:\program files\ParetoLogic\PLAV\Images\search0008.png
c:\program files\ParetoLogic\PLAV\Images\search0009.png
c:\program files\ParetoLogic\PLAV\Images\search0010.png
c:\program files\ParetoLogic\PLAV\Images\search0011.png
c:\program files\ParetoLogic\PLAV\Images\search0012.png
c:\program files\ParetoLogic\PLAV\Images\search0013.png
c:\program files\ParetoLogic\PLAV\Images\search0014.png
c:\program files\ParetoLogic\PLAV\Images\search0015.png
c:\program files\ParetoLogic\PLAV\Images\search0016.png
c:\program files\ParetoLogic\PLAV\Images\search0017.png
c:\program files\ParetoLogic\PLAV\Images\search0018.png
c:\program files\ParetoLogic\PLAV\Images\search0019.png
c:\program files\ParetoLogic\PLAV\Images\search0020.png
c:\program files\ParetoLogic\PLAV\Images\search0021.png
c:\program files\ParetoLogic\PLAV\Images\search0022.png
c:\program files\ParetoLogic\PLAV\Images\search0023.png
c:\program files\ParetoLogic\PLAV\Images\search0024.png
c:\program files\ParetoLogic\PLAV\Images\search0025.png
c:\program files\ParetoLogic\PLAV\Images\search0026.png
c:\program files\ParetoLogic\PLAV\Images\search0027.png
c:\program files\ParetoLogic\PLAV\Images\search0028.png
c:\program files\ParetoLogic\PLAV\Images\search0029.png
c:\program files\ParetoLogic\PLAV\Images\search0030.png
c:\program files\ParetoLogic\PLAV\Images\search0031.png
c:\program files\ParetoLogic\PLAV\Images\search0032.png
c:\program files\ParetoLogic\PLAV\Images\Shell(16).png
c:\program files\ParetoLogic\PLAV\Images\Shell(32).png
c:\program files\ParetoLogic\PLAV\Images\StartScanButton.png
c:\program files\ParetoLogic\PLAV\Images\StartScanButtonDown.png
c:\program files\ParetoLogic\PLAV\Images\StartScanButtonMouseOver.png
c:\program files\ParetoLogic\PLAV\Images\Startup.png
c:\program files\ParetoLogic\PLAV\Images\sub_button_default.png
c:\program files\ParetoLogic\PLAV\Images\sub_button_highlite.png
c:\program files\ParetoLogic\PLAV\Images\sub_button_rollover.png
c:\program files\ParetoLogic\PLAV\Images\System(16).png
c:\program files\ParetoLogic\PLAV\Images\System(32).png
c:\program files\ParetoLogic\PLAV\Images\System(64).png
c:\program files\ParetoLogic\PLAV\Images\SystemStartup(16).png
c:\program files\ParetoLogic\PLAV\Images\SystemStartup(32).png
c:\program files\ParetoLogic\PLAV\Images\TechnologyCheck.png
c:\program files\ParetoLogic\PLAV\Images\TechnologyInfo.png
c:\program files\ParetoLogic\PLAV\Images\TechnologySecurity.png
c:\program files\ParetoLogic\PLAV\Images\TimeTable_small.png
c:\program files\ParetoLogic\PLAV\Images\Title.png
c:\program files\ParetoLogic\PLAV\Images\Toolbox.png
c:\program files\ParetoLogic\PLAV\settings.xml
c:\program files\ParetoLogic\PLAV\UNS.xml
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\programdata\ParetoLogic Anti-Virus PLUS
c:\programdata\ParetoLogic Anti-Virus PLUS\7\HandledThreats.db
c:\programdata\ParetoLogic Anti-Virus PLUS\7\Ignore.db
c:\programdata\ParetoLogic Anti-Virus PLUS\7\quarantine.db
c:\programdata\ParetoLogic Anti-Virus PLUS\7\Stats.db
c:\programdata\ParetoLogic Anti-Virus PLUS\7\Trust.db
c:\programdata\ParetoLogic
c:\programdata\ParetoLogic\UUS3\Master.xml
c:\programdata\ParetoLogic\UUS3\Patch.xml
c:\programdata\ParetoLogic\UUS3\PLAV\Master.xml
c:\programdata\ParetoLogic\UUS3\PLAV\Patch.xml
c:\programdata\ParetoLogic\UUS3\PLAV\Update.xml
c:\programdata\ParetoLogic\UUS3\Update.xml
c:\users\Jamer\AppData\Local\remrjlamf
c:\users\Jamer\AppData\Roaming\wklnhst.dat

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_COMServer
-------\Service_Viewpoint Manager Service


(((((((((((((((((((((((((   Files Created from 2010-08-28 to 2010-09-29  )))))))))))))))))))))))))))))))
.

2010-09-29 17:08 . 2010-09-29 19:19 -------- d-----w- c:\users\Jamer\AppData\Local\temp
2010-09-29 17:08 . 2010-09-29 17:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-29 17:08 . 2010-09-29 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-29 06:23 . 2010-09-29 06:23 -------- d-----w- c:\program files\iPod
2010-09-29 06:23 . 2010-09-29 06:24 -------- d-----w- c:\program files\iTunes
2010-09-27 02:08 . 2010-09-27 02:08 -------- d-----w- c:\program files\Trend Micro
2010-09-27 01:37 . 2010-09-27 01:37 -------- d-----w- c:\users\Jamer\AppData\Roaming\Malwarebytes
2010-09-27 01:37 . 2010-09-27 01:37 -------- d-----w- c:\programdata\Malwarebytes
2010-09-27 01:37 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 01:37 . 2010-09-27 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 01:37 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 01:24 . 2010-09-27 01:24 -------- d-----w- C:\_OTM
2010-09-27 01:23 . 2010-09-27 01:26 -------- d-----w- c:\windows\system32\catroot2
2010-09-27 01:22 . 2010-09-27 01:23 286818330 ----a-w- C:\regback.reg
2010-09-23 11:50 . 2010-09-23 11:50 -------- d-----w- c:\program files\Apple Software Update
2010-09-23 11:49 . 2010-09-23 11:49 -------- d-----w- c:\program files\Bonjour
2010-09-23 05:27 . 2010-09-23 05:27 680 ----a-w- c:\users\Jamer\AppData\Local\d3d9caps.dat
2010-09-23 04:05 . 2010-09-23 05:41 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-23 03:50 . 2010-09-23 03:50 -------- d-----w- c:\programdata\PLAV
2010-09-23 03:34 . 2010-09-23 04:07 -------- d-----w- c:\program files\iTunes(108)
2010-09-08 12:17 . 2010-09-08 12:18 -------- d-----w- c:\program files\iTunes(106)

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 06:23 . 2009-01-10 16:43 -------- d-----w- c:\program files\Common Files\Apple
2010-09-29 06:22 . 2010-02-21 20:41 -------- d-----w- c:\program files\QuickTime
2010-09-29 06:20 . 2010-09-29 06:20 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-27 02:08 . 2010-09-27 02:08 388096 ----a-r- c:\users\Jamer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-24 07:09 . 2008-05-06 08:51 -------- d-----w- c:\program files\Dell
2010-09-23 05:40 . 2009-11-17 05:22 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2010-09-23 04:53 . 2010-03-22 20:19 -------- d-----w- c:\program files\Spyware Doctor
2010-09-21 11:00 . 1966-10-23 21:58 924672 ----a-w- c:\programdata\PLAV\Database\klavemu.kdl
2010-09-21 11:00 . 1966-10-23 21:58 200192 ----a-w- c:\programdata\PLAV\Database\kjim.kdl
2010-09-14 11:01 . 1966-10-23 21:58 81408 ----a-w- c:\programdata\PLAV\Database\mark.kdl
2010-09-09 23:46 . 1966-10-23 21:58 85504 ----a-w- c:\programdata\PLAV\Database\webav.kdl
2010-09-09 23:46 . 1966-10-23 21:58 320512 ----a-w- c:\programdata\PLAV\Database\qscan.kdl
2010-09-09 23:46 . 1966-10-23 21:58 101888 ----a-w- c:\programdata\PLAV\Database\kavsys.kdl
2010-09-09 23:46 . 1966-10-23 21:58 275792 ----a-w- c:\programdata\PLAV\Database\kavbase.kdl
2010-09-09 23:46 . 1966-10-23 21:58 104448 ----a-w- c:\programdata\PLAV\Database\avpcure.kdl
2010-08-27 22:19 . 2008-05-11 19:49 -------- d-----w- c:\program files\Maxis
2010-08-27 18:05 . 2009-02-13 07:13 -------- d-----w- c:\programdata\WinZip
2010-08-27 18:05 . 2010-08-27 18:05 -------- d-----w- c:\program files\WinZip(189)
2010-08-27 15:46 . 2010-08-27 15:46 -------- d-----w- c:\program files\Microsoft.NET
2010-08-26 02:18 . 2010-05-02 23:09 -------- d-----w- c:\program files\AIM7
2010-08-26 02:17 . 2010-08-26 02:17 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-08-26 02:17 . 2008-05-20 16:28 -------- d-----w- c:\program files\Common Files\AOL
2010-08-25 23:57 . 2010-08-25 23:57 -------- dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-25 23:57 . 2009-02-10 00:02 -------- d-----w- c:\program files\Lavasoft
2010-08-25 23:57 . 2008-12-10 19:31 -------- d-----w- c:\programdata\Lavasoft
2010-08-25 23:43 . 2008-05-06 08:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-12 12:16 . 2010-08-25 23:57 2979848 -c--a-w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-12 12:16 . 2010-08-25 23:57 574219 -c--a-w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\mia.lib
2010-08-12 12:15 . 2010-08-26 00:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2010-08-26 00:24 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-11 04:34 . 2008-05-06 08:59 -------- d-----w- c:\program files\Microsoft Works
2010-08-11 04:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-08 23:46 . 2010-08-08 18:03 63408616 ----a-w- c:\programdata\avg9\update\download\u9iavi3059up.bin
2010-08-08 23:46 . 2010-08-06 05:00 979 ----a-w- c:\programdata\avg9\update\download\x8xplsc_301d300zu.bin
2010-08-08 23:46 . 2010-08-06 05:00 570534 ----a-w- c:\programdata\avg9\update\download\x8xplsb_219d218zu.bin
2010-08-06 01:16 . 2009-11-17 20:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-06 01:15 . 2010-07-16 09:06 112356 ----a-w- c:\programdata\avg9\update\download\f9corex832qq.bin
2010-08-02 02:20 . 2010-08-01 18:50 223703 ----a-w- c:\programdata\avg9\update\download\u9iavi3044u3034nf.bin
2010-08-02 02:20 . 2010-08-01 06:24 1530 ----a-w- c:\programdata\avg9\update\download\x8xplsc_295d291i1.bin
2010-08-02 02:20 . 2010-08-01 06:24 9174 ----a-w- c:\programdata\avg9\update\download\x8xplsb_215d212i1.bin
2010-07-29 03:43 . 2010-07-28 17:47 163173 ----a-w- c:\programdata\avg9\update\download\u9iavi3035u3029ol.bin
2010-07-29 03:43 . 2010-07-28 05:00 3561 ----a-w- c:\programdata\avg9\update\download\x8xplsc_291d288gj.bin
2010-07-29 03:43 . 2010-07-28 05:00 4037 ----a-w- c:\programdata\avg9\update\download\x8xplsb2_149gj.bin
2010-07-29 03:43 . 2010-07-28 05:00 14459 ----a-w- c:\programdata\avg9\update\download\x8xplsb_212d210gj.bin
2010-07-27 22:44 . 2010-07-27 22:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 02:00 . 2010-07-26 18:45 570105 ----a-w- c:\programdata\avg9\update\download\u9iavi3030u3010qc.bin
2010-07-27 02:00 . 2010-07-26 05:00 223408 ----a-w- c:\programdata\avg9\update\download\x8xplsc_2888h.bin
2010-07-27 02:00 . 2010-07-23 16:50 418310 ----a-w- c:\programdata\avg9\update\download\x8xplsb_210d207g4.bin
2010-07-27 01:31 . 2010-07-16 09:07 2097565 ----a-w- c:\programdata\avg9\update\download\f9upd839ir.bin
2010-07-27 01:30 . 2010-07-16 09:07 398240 ----a-w- c:\programdata\avg9\update\download\f9upd839b805tm.bin
2010-07-19 03:20 . 2010-06-24 16:52 398223 ----a-w- c:\programdata\avg9\update\download\f9upd839b805jw.bin
2010-07-19 03:18 . 2010-07-18 18:45 215010 ----a-w- c:\programdata\avg9\update\download\u9iavi3014u3004jy.bin
2010-07-19 03:18 . 2010-07-18 04:00 1495 ----a-w- c:\programdata\avg9\update\download\x8xplsc_280d278ak.bin
2010-07-16 01:58 . 2010-07-15 18:44 186153 ----a-w- c:\programdata\avg9\update\download\u9iavi3008u2996gl.bin
2010-07-16 01:58 . 2010-07-15 17:51 134426 ----a-w- c:\programdata\avg9\update\download\x8xplsb_207d205lk.bin
2010-07-16 01:58 . 2010-07-14 16:50 1546 ----a-w- c:\programdata\avg9\update\download\x8xplsc_278d276fu.bin
2010-07-12 02:46 . 2010-07-11 18:43 556286 ----a-w- c:\programdata\avg9\update\download\u9iavi2997u2991wk.bin
2010-07-10 12:10 . 2010-07-10 06:42 20988 ----a-w- c:\programdata\avg9\update\download\u9iavi2993u2992bm.bin
2010-07-10 09:21 . 2010-07-09 18:45 745057 ----a-w- c:\programdata\avg9\update\download\u9iavi2992u2972tq.bin
2010-07-10 09:21 . 2010-07-09 18:16 214342 ----a-w- c:\programdata\avg9\update\download\x8xplsc_276y2.bin
2010-07-10 09:21 . 2010-07-09 06:09 5670 ----a-w- c:\programdata\avg9\update\download\x8xplsb_205d201dv.bin
2001-07-31 18:34 . 2001-07-31 18:34 2097152 ----a-w- c:\program files\pcrystalusa.gbc
2008-05-06 16:28 . 2008-05-06 16:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-25 129560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-06 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-21 2065248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-06 09:02 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-12 916760]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-23 1355928]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-08-06 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = yahoo.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: myspace.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 15:19
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85EF2C76]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82b9dd24
\Driver\ACPI -> acpi.sys @ 0x8069cd68
\Driver\atapi -> ataport.SYS @ 0x807b2a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-29  15:26:17 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-29 19:26
ComboFix2.txt  2010-09-28 18:55

Pre-Run: 351,179,268,096 bytes free
Post-Run: 351,012,577,280 bytes free

- - End Of File - - ECD7224E378A6C92FA5320FCBCFB9331

 

Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Wednesday, September 29, 2010
 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Wednesday, September 29, 2010 16:19:42
 Records in database: 4257635
--------------------------------------------------------------------------------

Scan settings:
 scan using the following database: extended
 Scan archives: yes
 Scan e-mail databases: yes

Scan area - My Computer:
 C:\
 D:\
 E:\

Scan statistics:
 Objects scanned: 159908
 Threats found: 1
 Infected objects found: 1
 Suspicious objects found: 0
 Scan duration: 02:11:46


File name / Threat / Threats count
C:\Users\Jamer\Music\Garth Brooks - Garth Brooks - The dance.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1

Selected area has been scanned.

 

My computer seems to be running a lot better and faster.  My host processes are still stopping but not as much as they used too.  I still can't download windows updates.

kevinf80_1d0ac6

1.1K Posts

September 29th, 2010 23:00

HI jcooney32,

Please proceed as follows :-

Step 1

Please download OTM

Alternative Mirror

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all from between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -----------------------------------------------------------------------------------------------

    :Processes

    :Files
    ipconfig /flushdns /c
    C:\Users\Jamer\Music\Garth Brooks - Garth Brooks - The dance.mp3
    c:\programdata\PLAV

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]

    ------------------------------------------------------------------------------------------------
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step2

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    user posted image

  • If an infected file is detected, the default action will be Cure, click on Continue.

    user posted image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    user posted image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    user posted image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Post the logs from OTM and TDSSKiller in your reply please.

Kevin

jcooney32

10 Posts

September 30th, 2010 12:00

After I did these steps I was able to update windows finally.

OTM:

All processes killed
========== PROCESSES ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jamer\Desktop\cmd.bat deleted successfully.
C:\Users\Jamer\Desktop\cmd.txt deleted successfully.
C:\Users\Jamer\Music\Garth Brooks - Garth Brooks - The dance.mp3 moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\index folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\bases\wmuf folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\bases\ids\i386 folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\bases\ids folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\bases\av\wa\i386 folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\bases\av\wa folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\bases\av\kdb\i386 folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\bases\av\kdb folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\bases\av\emu\i386 folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\bases\av\emu folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\bases\av folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\bases\apu folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback\bases folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update\rollback folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\update folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\index\ForDiff folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\index folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\wmuf folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\ids\i386 folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\ids folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\av\wa\i386 folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\av\wa folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\av\kdb\i386\ForDiff folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\av\kdb\i386 folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\av\kdb folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\av\emu\i386 folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\av\emu\ForDiff folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\av\emu folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\av folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\apu\ForDiff folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases\apu folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder\bases folder moved successfully.
c:\programdata\PLAV\DatabaseBackup\temporaryFolder folder moved successfully.
c:\programdata\PLAV\DatabaseBackup folder moved successfully.
c:\programdata\PLAV\Database\Stat folder moved successfully.
c:\programdata\PLAV\Database folder moved successfully.
c:\programdata\PLAV folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jamer
->Temp folder emptied: 109409543 bytes
->Temporary Internet Files folder emptied: 50991513 bytes
->Java cache emptied: 3144759 bytes
->Flash cache emptied: 23805 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 18327426 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 173.00 mb
 
Error creating restore point.
 
OTM by OldTimer - Version 3.1.16.1 log created on 09302010_105714

Files moved on Reboot...
File C:\Users\Jamer\AppData\Local\Temp\~DF12B0.tmp not found!
File C:\Users\Jamer\AppData\Local\Temp\~DF12CD.tmp not found!
File C:\Users\Jamer\AppData\Local\Temp\~DF1324.tmp not found!
File C:\Users\Jamer\AppData\Local\Temp\~DF133A.tmp not found!
File C:\Users\Jamer\AppData\Local\Temp\~DF1366.tmp not found!
File C:\Users\Jamer\AppData\Local\Temp\~DF1372.tmp not found!
File C:\Users\Jamer\AppData\Local\Temp\~DFB43A.tmp not found!
C:\Users\Jamer\AppData\Local\Temp\~DFD0A8.tmp moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGPV22BH\01[1].htm moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGPV22BH\aceUAC[1].htm moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGPV22BH\B4634285[1].htm moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WOIOA4Q2\80003_eBay_Q3_2010_Liquid_Default_728x90[1].html moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTR5P1VI\01[1].htm moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTR5P1VI\clk[1].htm moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTR5P1VI\iframe3[1].htm moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTR5P1VI\welcome[1].txt moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3HJAJ2O\DlCkRd[1].aspx moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3HJAJ2O\RSltPrc[1].aspx moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1QDIG0Q\DtCol[1].aspx moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PRAD8M1\bkdp[1].aspx moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PRAD8M1\getInPage[1].aspx moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PRAD8M1\md[1].php moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40DJ7RZ2\getInPage[1].aspx moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40DJ7RZ2\RSltPrc[1].aspx moved successfully.
C:\Users\Jamer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40DJ7RZ2\st[2] moved successfully.

Registry entries deleted on Reboot...

TDSS:

2010/09/30 12:01:58.0613 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/30 12:01:58.0613 ================================================================================
2010/09/30 12:01:58.0613 SystemInfo:
2010/09/30 12:01:58.0613 
2010/09/30 12:01:58.0613 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/30 12:01:58.0613 Product type: Workstation
2010/09/30 12:01:58.0613 ComputerName: JAMER-PC
2010/09/30 12:01:58.0613 UserName: Jamer
2010/09/30 12:01:58.0613 Windows directory: C:\Windows
2010/09/30 12:01:58.0613 System windows directory: C:\Windows
2010/09/30 12:01:58.0613 Processor architecture: Intel x86
2010/09/30 12:01:58.0613 Number of processors: 2
2010/09/30 12:01:58.0613 Page size: 0x1000
2010/09/30 12:01:58.0613 Boot type: Normal boot
2010/09/30 12:01:58.0613 ================================================================================
2010/09/30 12:01:59.0440 Initialize success
2010/09/30 12:02:11.0686 ================================================================================
2010/09/30 12:02:11.0686 Scan started
2010/09/30 12:02:11.0686 Mode: Manual;
2010/09/30 12:02:11.0686 ================================================================================
2010/09/30 12:02:12.0356 ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/30 12:02:12.0403 adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/09/30 12:02:12.0450 adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/09/30 12:02:12.0466 adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/09/30 12:02:12.0497 adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/09/30 12:02:12.0559 AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/30 12:02:12.0606 agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/09/30 12:02:12.0637 aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/30 12:02:12.0668 aliide          (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
2010/09/30 12:02:12.0700 amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/09/30 12:02:12.0731 amdide          (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
2010/09/30 12:02:12.0793 AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/09/30 12:02:12.0824 AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/09/30 12:02:12.0887 arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/09/30 12:02:12.0918 arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/09/30 12:02:12.0965 AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/30 12:02:13.0012 atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/09/30 12:02:13.0105 AvgMfx86        (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2010/09/30 12:02:13.0136 AvgTdiX         (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
2010/09/30 12:02:13.0199 BCM43XX         (e3d7bc2dd538c9029e3849b129062aa2) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/09/30 12:02:13.0261 Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/30 12:02:13.0339 bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/30 12:02:13.0370 BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/30 12:02:13.0402 BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/30 12:02:13.0464 Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/30 12:02:13.0495 BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/30 12:02:13.0511 BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/30 12:02:13.0542 BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/30 12:02:13.0573 BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/30 12:02:13.0651 cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/30 12:02:13.0682 cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/30 12:02:13.0729 circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/09/30 12:02:13.0776 CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/30 12:02:13.0838 cmdide          (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
2010/09/30 12:02:13.0854 Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2010/09/30 12:02:13.0885 crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/09/30 12:02:13.0916 Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/09/30 12:02:13.0979 DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/30 12:02:14.0026 disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/30 12:02:14.0072 drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/30 12:02:14.0119 DXGKrnl         (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/30 12:02:14.0166 e1express       (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/09/30 12:02:14.0197 E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/30 12:02:14.0228 Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/30 12:02:14.0275 elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/09/30 12:02:14.0353 exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/30 12:02:14.0384 fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/30 12:02:14.0416 fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/30 12:02:14.0447 FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/30 12:02:14.0494 Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/30 12:02:14.0509 flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/30 12:02:14.0540 FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/30 12:02:14.0587 Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/30 12:02:14.0618 gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/30 12:02:14.0634 GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/30 12:02:14.0696 HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/30 12:02:14.0728 HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/30 12:02:14.0743 HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/09/30 12:02:14.0774 HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/30 12:02:14.0790 HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/09/30 12:02:14.0837 HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/09/30 12:02:14.0868 i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/09/30 12:02:14.0884 i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/30 12:02:14.0930 iaStor          (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2010/09/30 12:02:14.0962 iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/09/30 12:02:15.0055 igfx            (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/30 12:02:15.0102 iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/30 12:02:15.0180 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys
2010/09/30 12:02:15.0227 intelide        (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/30 12:02:15.0242 intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/30 12:02:15.0305 IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/30 12:02:15.0336 IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/30 12:02:15.0367 IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/30 12:02:15.0414 IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/30 12:02:15.0430 isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/09/30 12:02:15.0461 iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/30 12:02:15.0476 iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/30 12:02:15.0523 iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/30 12:02:15.0554 kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/30 12:02:15.0586 kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/30 12:02:15.0617 KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/30 12:02:15.0726 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/09/30 12:02:15.0757 Lbd             (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2010/09/30 12:02:15.0804 lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/30 12:02:15.0835 LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/30 12:02:15.0851 LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/30 12:02:15.0882 LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/30 12:02:15.0929 luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/09/30 12:02:15.0960 megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/09/30 12:02:16.0022 Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/09/30 12:02:16.0054 monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/30 12:02:16.0069 mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/30 12:02:16.0100 mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/30 12:02:16.0116 MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/09/30 12:02:16.0147 mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/09/30 12:02:16.0163 mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/30 12:02:16.0194 Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/30 12:02:16.0241 MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/30 12:02:16.0256 mrxsmb          (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/30 12:02:16.0288 mrxsmb10        (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/30 12:02:16.0334 mrxsmb20        (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/30 12:02:16.0350 msahci          (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2010/09/30 12:02:16.0366 msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/09/30 12:02:16.0412 Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/09/30 12:02:16.0428 msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/09/30 12:02:16.0490 MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/30 12:02:16.0553 MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/30 12:02:16.0584 MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/09/30 12:02:16.0631 MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/09/30 12:02:16.0678 mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/30 12:02:16.0693 MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/09/30 12:02:16.0709 Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/09/30 12:02:16.0771 NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/30 12:02:16.0818 NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/09/30 12:02:16.0865 NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/30 12:02:16.0912 Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/30 12:02:16.0943 NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/30 12:02:16.0990 NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/09/30 12:02:17.0021 NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/30 12:02:17.0052 netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/30 12:02:17.0099 nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/30 12:02:17.0146 Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/09/30 12:02:17.0177 nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/30 12:02:17.0239 Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/09/30 12:02:17.0302 ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/30 12:02:17.0317 Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/09/30 12:02:17.0348 nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/09/30 12:02:17.0380 nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/09/30 12:02:17.0411 nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/09/30 12:02:17.0473 ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/09/30 12:02:17.0520 Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/09/30 12:02:17.0551 partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/09/30 12:02:17.0582 Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/09/30 12:02:17.0598 pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/09/30 12:02:17.0645 pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/09/30 12:02:17.0676 pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/09/30 12:02:17.0723 PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/30 12:02:17.0832 PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/30 12:02:17.0848 Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/09/30 12:02:17.0910 PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/30 12:02:17.0926 PxHelp20        (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2010/09/30 12:02:17.0972 ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/09/30 12:02:18.0004 ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/30 12:02:18.0050 QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/30 12:02:18.0144 R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/30 12:02:18.0206 RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/30 12:02:18.0238 Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/30 12:02:18.0300 RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/30 12:02:18.0347 RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/30 12:02:18.0378 rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/30 12:02:18.0409 RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/30 12:02:18.0440 rdpdr           (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/09/30 12:02:18.0456 RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/30 12:02:18.0487 RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/09/30 12:02:18.0550 rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/30 12:02:18.0596 sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/30 12:02:18.0659 secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/30 12:02:18.0706 Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/09/30 12:02:18.0721 Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/09/30 12:02:18.0752 sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/09/30 12:02:18.0784 sffdisk         (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2010/09/30 12:02:18.0815 sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/30 12:02:18.0830 sffp_sd         (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2010/09/30 12:02:18.0846 sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/09/30 12:02:18.0893 sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/09/30 12:02:18.0908 SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/09/30 12:02:18.0924 SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/09/30 12:02:18.0971 Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/09/30 12:02:19.0018 spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/09/30 12:02:19.0064 srv             (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/09/30 12:02:19.0080 srv2            (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/30 12:02:19.0127 srvnet          (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/30 12:02:19.0174 swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/30 12:02:19.0205 Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/30 12:02:19.0220 Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/30 12:02:19.0236 Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/30 12:02:19.0330 Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/09/30 12:02:19.0376 Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/30 12:02:19.0408 tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/30 12:02:19.0454 TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/09/30 12:02:19.0470 TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/09/30 12:02:19.0501 tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/30 12:02:19.0532 TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/30 12:02:19.0595 tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/30 12:02:19.0642 tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/30 12:02:19.0673 tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/30 12:02:19.0704 uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/09/30 12:02:19.0751 udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/30 12:02:19.0782 uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/30 12:02:19.0813 uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/09/30 12:02:19.0829 UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/30 12:02:19.0860 ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/30 12:02:19.0891 umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/30 12:02:19.0922 USBAAPL         (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2010/09/30 12:02:19.0954 usbccgp         (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/30 12:02:19.0985 usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/30 12:02:20.0000 usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/30 12:02:20.0032 usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/30 12:02:20.0047 usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/09/30 12:02:20.0063 usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/09/30 12:02:20.0094 USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/30 12:02:20.0110 usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/30 12:02:20.0141 vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/30 12:02:20.0172 VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/09/30 12:02:20.0188 viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/09/30 12:02:20.0219 ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/09/30 12:02:20.0234 viaide          (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
2010/09/30 12:02:20.0250 volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/09/30 12:02:20.0281 volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/09/30 12:02:20.0312 volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/09/30 12:02:20.0344 vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/09/30 12:02:20.0390 WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/30 12:02:20.0406 Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/30 12:02:20.0422 Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/30 12:02:20.0453 Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/09/30 12:02:20.0484 Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/30 12:02:20.0578 WmiAcpi         (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2010/09/30 12:02:20.0640 WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/30 12:02:20.0671 ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/30 12:02:20.0734 WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/30 12:02:20.0765 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/09/30 12:02:20.0780 ================================================================================
2010/09/30 12:02:20.0780 Scan finished
2010/09/30 12:02:20.0780 ================================================================================
2010/09/30 12:02:20.0780 Detected object count: 1
2010/09/30 12:02:38.0377 \HardDisk0\MBR - will be cured after reboot
2010/09/30 12:02:38.0377 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/09/30 12:03:14.0222 Deinitialize success

kevinf80_1d0ac6

1.1K Posts

September 30th, 2010 15:00

Hiya jcooney32,

Yep, TDSSKiller caught that TDL4 rootkit by the tail, please complete the following scans:

Step 1

Download and scan with CCleaner

1. Starting with v 1.27.26 (This version no. will differ), CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK " Only delete files in Windows Temp folder older than 24 hours"
3. Then select the items you wish to clean up.

In the Windows Tab:

  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.



In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.


4. Click the " Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click " OK" and it will scan and clean your system.
7. Click " exit" when done.

Step 2

  • Re-open Malwarebytes and check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.


Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan
  • Click the user posted image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on user posted image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the user posted image icon on your desktop.

  • Check user posted image
  • Click the user posted image button.
  • Accept any security warnings from your browser.
  • Check user posted image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push user posted image
  • Push user posted image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the user posted image button.
  • Push user posted image

You can refer to this animation by neomage if needed.
Frequently asked questions available Here

What i`d like in your reply :-

  • Log from Malwarebytes
  • Log from ESET
  • System revue, improvemnts? issues?


Kevin

kevinf80_1d0ac6

1.1K Posts

October 1st, 2010 14:00

Hi jcooney32,

Those logs are good, nothing there to worry about, i`d say your system is clean. Slight worry about the pop ups, check settings for me before we clean up.

Is this using IE as your browser, can you open IE select > tools > Pop up Blocker > is it turned on. In Pop up blocker settings the default level should be medium.

Kevin

jcooney32

10 Posts

October 1st, 2010 14:00

My system is running better than it has in a long time.  Sometimes I still get some random pop-ups and I don't think they are coming from the website but maybe they could be.

Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4728

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

10/1/2010 2:47:18 PM
mbam-log-2010-10-01 (14-47-18).txt

Scan type: Quick scan
Objects scanned: 143095
Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET:

C:\_OTM\MovedFiles\09302010_105714\C_Users\Jamer\Music\Garth Brooks - Garth Brooks - The dance.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

jcooney32

10 Posts

October 1st, 2010 18:00

My pop-up blocker wasn't on, I thought I had it on. 

Thank you so much for all your help.

Thanks again,

James

kevinf80_1d0ac6

1.1K Posts

October 2nd, 2010 02:00

Hi James,

Ok lets clean up our tools and get you back to normal, as follows please :-

Step 1

Remove Combofix now that we're done with it
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")user posted image

  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.


Step 2

  • Download OTC by OldTimer and save it to your desktop. Alternative mirror
  • Double click user posted image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big user posted image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Any tools left on the Desktop can be safely removed by deleting.

Step 3

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.

Please go to the link below to update.

Adobe Reader Untick the Free McAfee® Security Scan Plus (optional) unless you want it.

Step 4

Download and scan with CCleaner

1. Starting with v 1.27.26 (This version no. will differ), CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK " Only delete files in Windows Temp folder older than 24 hours"
3. Then select the items you wish to clean up.

In the Windows Tab:

  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.



In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.


4. Click the " Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click " OK" and it will scan and clean your system.
7. Click " exit" when done.

Let me know if all of the above completed, especially the Combofix /Uninstall command. Let me know if you have any issues remaining or if all is OK.

Kevin















































View More

View All

No Events found!

Top