Inactive Major Spyware problem

jansch · 2010/02/12

[Inactive] Major Spyware problem

I'm using Windows Vista, and have major spyware problems. Computers slowed down drastically, Internet Explorer takes ages to open, and so do all the other windows (Control Panel, Documents etc.). I'm using McAfee and Spybot but I doubt it's cleaning up much. P2P software keeps freezing all the time, and I'm having major difficulty in using Add/ Remove Programs for uninstallations. Most of the time, my computer hangs when I try to use it. It's also slowing down my net it seems. I have a lot of unwanted programs, in the add/ remove list. I've been facing this problem for about 3 months now, and should've acted on it earlier, as now it's getting worse by the day. More and more programs have stopped responding. I know my post is a little vague, but I have absolutely no idea what details to post, or what to do apart from running those scans, which apparently aren't helping much. Any help with this problem will be highly appreciated.

wildfire · 2010/02/12

As indicated at the start of this forum, please *** READ THIS BEFORE POSTING IN THIS FORUM *** then post the requested logs in this thread.

NOTES:

No shortcuts
Click to expand...

When posting the logs ensure word wrap is switched off (in notepad Uncheck Format->Word Wrap) as this makes them difficult to read.

Be aware that only Malware analysts will advise and they are often busy. Your post will be taken on a first come first served basis but it may take a while before you receive a reply.

jansch · 2010/02/12

Sorry about that. Posting my logs.

jansch · 2010/02/12

Here are my DDS logs-

DDS (Ver_09-12-01.01) - NTFSx86
Run by Desolation Alley at 23:44:48.03 on 12-02-2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.91.1033.18.3034.1683 [GMT 5.5:30]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Users\Desolation Alley\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe
C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Tikona WI-BRO dialer\nsc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.EXE
C:\Users\Desolation Alley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Desolation Alley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Desolation Alley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Desolation Alley\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.in/
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
mWinlogon: Userinit=userinit.exe,
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-1795114060-4931885651-117364527-8010\nissan.exe
uWindows: Load=c:\windows\inf\Other.exe
uWindows: run=c:\windows\system32\config\Win.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Explorer SERVICE] c:\system\g-923-321232-3232-32211-23\driver.exe
uRun: [dc2k5] c:\windows\SVIQ.EXE
uRun: [Fun] c:\windows\system\Fun.exe
uRun: [dc] c:\windows\dc.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\desolation alley\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe "
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DellComms] "c:\program files\dell\dellcomms\bin\sprtcmd.exe" /P DellComms
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
StartupFolder: c:\users\desola~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-7 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-6-3 214664]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-6-4 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2009-6-3 359952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-4 1153368]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\dell\dellcomms\bin\sprtsvc.exe [2009-3-25 206064]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-6-3 29736]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-6-3 144128]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-3 606736]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-3 40552]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-6-4 144672]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-6-4 269216]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-3 144704]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-3 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-3 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-3 34248]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-5 22904]

=============== Created Last 30 ================

2010-02-12 17:31:49 0 d-----w- c:\program files\Ask.com
2010-02-12 17:31:04 0 d-----w- c:\program files\uTorrent
2010-02-11 23:11:43 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-11 23:11:43 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-11 23:11:43 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-11 23:11:43 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-11 23:11:43 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-11 23:11:43 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-11 23:11:42 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-11 23:11:42 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-11 23:11:42 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-11 22:34:34 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-11 22:34:33 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-11 22:34:17 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-11 22:34:17 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-11 22:23:21 65536 --sha-w- c:\users\desolation alley\ntuser.dat{714088a8-173b-11df-b06b-00242bfdf71d}.TM.blf
2010-02-11 22:23:21 524288 --sha-w- c:\users\desolation alley\ntuser.dat{714088a8-173b-11df-b06b-00242bfdf71d}.TMContainer00000000000000000002.regtrans-ms
2010-02-11 22:23:21 524288 --sha-w- c:\users\desolation alley\ntuser.dat{714088a8-173b-11df-b06b-00242bfdf71d}.TMContainer00000000000000000001.regtrans-ms
2010-02-11 12:46:14 0 d-----w- c:\programdata\AVS4YOU
2010-02-11 12:46:11 0 d-----w- c:\users\desola~1\appdata\roaming\AVS4YOU
2010-02-11 12:44:29 0 d-----w- c:\program files\common files\AVSMedia
2010-02-11 12:44:23 0 d-----w- c:\program files\AVS4YOU
2010-02-10 20:26:24 0 d-----w- c:\programdata\TVU Networks
2010-02-10 20:25:27 0 d-----w- c:\program files\TVUPlayer
2010-02-10 02:07:15 0 d--h--w- C:\VJVod_Cache
2010-02-09 20:34:47 0 d-----w- c:\windows\system32\nagasoft
2010-02-07 20:29:10 0 d-----w- c:\users\desola~1\appdata\roaming\StreamTorrent
2010-02-07 18:27:14 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-07 18:23:56 0 d--h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-07 18:23:35 0 d-----w- c:\programdata\Lavasoft
2010-02-07 18:23:35 0 d-----w- c:\program files\Lavasoft
2010-02-06 16:23:39 0 d-----w- c:\program files\Tikona WI-BRO dialer
2010-02-04 17:03:46 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-04 17:03:46 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-30 17:41:45 0 d-----w- c:\users\desolation alley\Office Genuine Advantage
2010-01-29 07:20:50 0 d-----w- c:\programdata\Office Genuine Advantage
2010-01-20 19:59:26 600 ----a-w- c:\users\desolation alley\PUTTY.RND
2010-01-13 21:49:01 0 d-----r- c:\users\desolation alley\Videos 2

==================== Find3M ====================

2010-02-12 10:32:04 3204 ----a-w- c:\windows\bthservsdp.dat
2010-01-12 10:31:44 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-12 10:31:28 88 --sh--r- c:\programdata\31FBC286CA.sys
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 21:49:48 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 21:49:48 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-17 21:49:48 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-17 21:49:48 143360 ----a-w- c:\windows\inf\infstor.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-03 07:42:39 75 --sh--r- c:\windows\CT4CET.bin
2009-10-23 03:22:36 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-26 09:15:35 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-26 09:15:35 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-09-26 09:15:35 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-06-03 20:03:13 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:46:11.68 ===============

jansch · 2010/02/12

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vistaâ„¢ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 03-06-2009 18:02:30
System Uptime: 02-12-2010 16:02:37 (-7025 hours ago)

Motherboard: Dell Inc. | | 0J037P
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 218 GiB total, 46.639 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 3.012 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP179: 28-01-2010 21:01:00 - Windows Update
RP180: 04-02-2010 22:27:54 - Removed SUPERAntiSpyware Free Edition
RP181: 04-02-2010 22:30:04 - Removed SUPERAntiSpyware Free Edition
RP182: 10-02-2010 03:00:23 - Windows Update
RP183: 10-02-2010 03:49:47 - Removed Ask Toolbar.
RP184: 10-02-2010 04:18:51 - Removed Ask Toolbar.
RP185: 12-02-2010 03:29:49 - Removed iTunes
RP186: 12-02-2010 03:41:34 - Restore Operation
RP187: 12-02-2010 03:59:59 - Windows Update
RP188: 12-02-2010 04:27:08 - Removed Ask Toolbar.
RP189: 12-02-2010 04:55:54 - Windows Update
RP190: 12-02-2010 23:02:35 - Removed Ask Toolbar.

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Ad-Aware
Adobe AIR
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe PDF Library Files
Adobe Reader 9.1
Adobe Type Support
Advanced Audio FX Engine
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Bonjour
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW(R) Graphics Suite X4
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
Dell Communications (Support Software)
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
getPlus(R) Download Manager for Corel
Google Chrome
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.00.02.0825)
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 11
Junk Mail filter update
Live! Cam Avatar Creator
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSVCRT
OGA Notifier 2.0.0048.0
PDF Settings
PowerDVD DX
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Spybot - Search & Destroy
Tikona WI-BRO dialer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb977839)
VideoLAN VLC media player 0.8.6c
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
WIDCOMM Bluetooth Software 6.2.0.6600
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver

==== Event Viewer Messages From Past Week ========

12-02-2010 23:44:42, Error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12-02-2010 23:04:19, Error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12-02-2010 16:03:49, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.
12-02-2010 16:03:49, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12-02-2010 16:03:49, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12-02-2010 16:03:49, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12-02-2010 16:03:49, Error: Service Control Manager [7000] - The Bluetooth Device (Personal Area Network) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12-02-2010 05:16:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments " " in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
12-02-2010 05:13:15, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12-02-2010 05:13:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12-02-2010 05:13:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk MPFP NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12-02-2010 05:13:07, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12-02-2010 05:12:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12-02-2010 05:12:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12-02-2010 05:12:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12-02-2010 05:12:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12-02-2010 05:12:01, Error: EventLog [6008] - The previous system shutdown at 05:10:04 on 12-02-2010 was unexpected.
12-02-2010 04:17:01, Error: bowser [8003] - The master browser has received a server announcement from the computer ABHIMANYU-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C7150241-C673-48DC-832D-C7A28. The master browser is stopping or an election is being forced.
12-02-2010 04:04:11, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB977165).
12-02-2010 04:02:53, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB977165 (Security Update) into Resolving(Resolving) state
12-02-2010 04:02:53, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB977165 (Security Update) into Absent(Absent) state
12-02-2010 04:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 977165-5_neutral_GDR from package KB977165(Security Update) into Resolving(Resolving) state
12-02-2010 04:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 977165-4_neutral_LDR from package KB977165(Security Update) into Resolving(Resolving) state
12-02-2010 04:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 977165-23_neutral_GDR from package KB977165(Security Update) into Resolving(Resolving) state
12-02-2010 04:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 977165-22_neutral_LDR from package KB977165(Security Update) into Resolving(Resolving) state
12-02-2010 04:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 977165-14_neutral_GDR from package KB977165(Security Update) into Resolving(Resolving) state
12-02-2010 04:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 977165-13_neutral_LDR from package KB977165(Security Update) into Resolving(Resolving) state
12-02-2010 04:02:26, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows Mail Junk E-mail Filter [February 2010] (KB905866).
12-02-2010 04:02:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 905866-8_neutral_GDR from package KB905866(Update) into Resolving(Resolving) state
12-02-2010 04:02:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 905866-7_neutral_LDR from package KB905866(Update) into Resolving(Resolving) state
12-02-2010 04:02:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 905866-2_neutral_GDR from package KB905866(Update) into Resolving(Resolving) state
12-02-2010 04:02:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 905866-14_neutral_GDR from package KB905866(Update) into Resolving(Resolving) state
12-02-2010 04:02:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 905866-13_neutral_LDR from package KB905866(Update) into Resolving(Resolving) state
12-02-2010 04:02:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 905866-1_neutral_LDR from package KB905866(Update) into Resolving(Resolving) state
12-02-2010 04:02:21, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Resolving(Resolving) state
12-02-2010 04:02:21, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Installed(Installed) state
12-02-2010 04:02:21, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Absent(Absent) state
12-02-2010 04:01:27, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB974145).
12-02-2010 04:01:22, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974145 (Security Update) into Resolving(Resolving) state
12-02-2010 04:01:22, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974145 (Security Update) into Absent(Absent) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-8_neutral_GDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-7_neutral_LDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-6_neutral_LDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-5_neutral_LDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-42_neutral_GDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-41_neutral_LDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-4_neutral_LDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-22_neutral_GDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-21_neutral_LDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-20_neutral_LDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-19_neutral_GDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-18_neutral_LDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 974145-17_neutral_LDR from package KB974145(Security Update) into Resolving(Resolving) state
12-02-2010 04:01:02, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB978251).
12-02-2010 04:00:56, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978251 (Security Update) into Resolving(Resolving) state
12-02-2010 04:00:56, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978251 (Security Update) into Absent(Absent) state
12-02-2010 04:00:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 978251-9_neutral_GDR from package KB978251(Security Update) into Resolving(Resolving) state
12-02-2010 04:00:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 978251-8_neutral_LDR from package KB978251(Security Update) into Resolving(Resolving) state
12-02-2010 04:00:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 978251-7_neutral_GDR from package KB978251(Security Update) into Resolving(Resolving) state
12-02-2010 04:00:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 978251-6_neutral_LDR from package KB978251(Security Update) into Resolving(Resolving) state
12-02-2010 04:00:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 978251-39_neutral_GDR from package KB978251(Security Update) into Resolving(Resolving) state
12-02-2010 04:00:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 978251-38_neutral_LDR from package KB978251(Security Update) into Resolving(Resolving) state
12-02-2010 04:00:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 978251-37_neutral_GDR from package KB978251(Security Update) into Resolving(Resolving) state
12-02-2010 04:00:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 978251-36_neutral_LDR from package KB978251(Security Update) into Resolving(Resolving) state
12-02-2010 04:00:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 978251-24_neutral_GDR from package KB978251(Security Update) into Resolving(Resolving) state
12-02-2010 04:00:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 978251-23_neutral_LDR from package KB978251(Security Update) into Resolving(Resolving) state
12-02-2010 04:00:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 978251-22_neutral_GDR from package KB978251(Security Update) into Resolving(Resolving) state
12-02-2010 04:00:54, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 978251-21_neutral_LDR from package KB978251(Security Update) into Resolving(Resolving) state
11-02-2010 14:52:45, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
11-02-2010 13:34:23, Error: EventLog [6008] - The previous system shutdown at 13:23:10 on 11-02-2010 was unexpected.
11-02-2010 02:59:49, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user DesolationAl-PC\Desolation Alley SID (S-1-5-21-1583930776-63634570-3676665844-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10-02-2010 03:51:34, Error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 4 time(s).
10-02-2010 03:02:11, Error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
08-02-2010 23:03:52, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 113.193.34.215 for the Network Card with network address 0023AE32B4C2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
08-02-2010 22:48:42, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0023AE32B4C2. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
08-02-2010 16:05:36, Error: bowser [8003] - The master browser has received a server announcement from the computer KINSHUK-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C7150241-C673-48DC-832D-C7A28B0. The master browser is stopping or an election is being forced.
07-02-2010 23:54:13, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
07-02-2010 13:23:15, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{69FCE878-B151-420D-A292-0444E44B836B} because another computer on the network has the same name. The server could not start.
07-02-2010 13:23:08, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 116.72.55.253 for the Network Card with network address 0023AE32B4C2 has been denied by the DHCP server 113.193.0.149 (The DHCP Server sent a DHCPNACK message).
07-02-2010 13:11:39, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 113.193.43.51 for the Network Card with network address 0023AE32B4C2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
06-02-2010 22:21:54, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 113.193.43.135 for the Network Card with network address 0023AE32B4C2 has been denied by the DHCP server 202.88.130.40 (The DHCP Server sent a DHCPNACK message).
06-02-2010 21:56:37, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 116.72.55.253 for the Network Card with network address 0023AE32B4C2 has been denied by the DHCP server 113.193.1.15 (The DHCP Server sent a DHCPNACK message).
06-02-2010 07:01:01, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 116.72.55.253 for the Network Card with network address 0023AE32B4C2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
05-02-2010 23:17:20, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.100.11 for the Network Card with network address 0023AE32B4C2 has been denied by the DHCP server 202.88.130.40 (The DHCP Server sent a DHCPNACK message).
05-02-2010 22:10:25, Error: EventLog [6008] - The previous system shutdown at 22:09:03 on 05-02-2010 was unexpected.

==== End Of File ===========================

wildfire · 2010/02/12

Thanks Parth,

A malware analyst will be with you shortly, you may wish to reconsider using P2P software though as it's quite likely that's how you were infected in the first place. See here for more information.

jansch · 2010/02/12

"wildfire said: ↑

Thanks Parth,

A malware analyst will be with you shortly, you may wish to reconsider using P2P software though as it's quite likely that's how you were infected in the first place. See here for more information.
Click to expand...

Thanks

I've already uninstalled the P2P software, and shall not continue with it, if that's how my system's getting infected.

broni · 2010/02/12

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 3. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jansch · 2010/02/12

Thanks Broni.

Here's my MBAM log, posting the other two soon.

Malwarebytes' Anti-Malware 1.44
Database version: 3731
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

13-02-2010 03:45:32
mbam-log-2010-02-13 (03-45-32).txt

Scan type: Quick Scan
Objects scanned: 107816
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dc (IM.Worm) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dc2k5 (IM.Worm) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fun (IM.Worm) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-1795114060-4931885651-117364527-8010\nissan.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\SYSTEM\G-923-321232-3232-32211-23 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
C:\SYSTEM\G-923-321232-3232-32211-23\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

jansch · 2010/02/12

Gmer is not working. It started the first time I tried, and then crashed, and windows crashed after that, a blue screen popped up and my computer restarted. After restarting, I got this message:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.2
Locale ID: 16393

Additional information about the problem:
BCCode: f4
BCP1: 00000003
BCP2: 90BFCD90
BCP3: 90BFCEDC
BCP4: 82660650
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini021310-01.dmp
C:\Users\Desolation Alley\AppData\Local\Temp\WER-83429-0.sysdata.xml
C:\Users\Desolation Alley\AppData\Local\Temp\WER382F.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

Second time I tried, gmer crashed again, and all the other applications started crashing after it one by one. What should I do?

I'll install hijack this, and post that log at least.

broni · 2010/02/12

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt " along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jansch · 2010/02/12

Big mess it seems. Even Hijack This is not working. Each time I open it, the process starts running but nothing appears on the screen. Click on it again and it'll say hijack this is already running. :-(

broni · 2010/02/12

Did you attempt to run Combofix?

jansch · 2010/02/12

Even combofix won't function properly it seems. Although it starts alright, it doesn't go beyond Attemting to create a system restore point. Although it doesn't crash or freeze, it was stuck at attempting to create system restore point for 20 minutes.

Are there any other alternatives? or will I have to format my hard drive?

broni · 2010/02/12

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run Combofix.

jansch · 2010/02/12

Hey, that was great. ComboFix log-

ComboFix 10-02-12.01 - Desolation Alley 13-02-2010 5:13.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.91.1033.18.3034.1964 [GMT 5.5:30]
Running from: c:\users\Desolation Alley\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1583930776-63634570-3676665844-500
c:\$recycle.bin\S-1-5-21-2347180839-3205931739-3509662-500
C:\install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\recycler\S-1-5-21-1795114060-4931885651-117364527-8010
c:\recycler\S-1-5-21-2423438514-9639885331-347374628-0401
c:\recycler\S-1-5-21-2751535934-0148513653-480347463-2444
c:\recycler\S-1-5-21-6205575455-3062259732-897842157-5119
c:\recycler\S-1-5-21-6756542400-2531044938-896350415-7280
C:\System
c:\windows\system32\oem8.inf
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 23:50 . 2010-02-12 23:50 -------- d-----w- c:\users\Desolation Alley\AppData\Local\temp
2010-02-12 23:50 . 2010-02-12 23:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-12 22:47 . 2010-02-12 22:47 -------- d-----w- c:\program files\Trend Micro
2010-02-12 22:05 . 2010-01-07 10:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 22:05 . 2010-02-12 22:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-12 22:05 . 2010-01-07 10:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-12 21:39 . 2010-02-12 21:39 -------- d-----w- c:\windows\CheckSur
2010-02-12 17:31 . 2010-02-12 17:31 -------- d-----w- c:\program files\Ask.com
2010-02-12 17:31 . 2010-02-12 17:31 -------- d-----w- c:\program files\uTorrent
2010-02-11 23:53 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-11 23:53 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-11 23:11 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-11 23:11 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-11 23:11 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-11 23:11 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-11 23:11 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-11 23:11 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-11 23:11 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-11 23:11 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-11 23:11 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-11 23:11 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-11 23:11 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-11 22:34 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-11 22:34 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-11 22:34 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-11 22:34 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-11 12:46 . 2010-02-11 12:46 -------- d-----w- c:\programdata\AVS4YOU
2010-02-11 12:46 . 2010-02-11 12:46 -------- d-----w- c:\users\Desolation Alley\AppData\Roaming\AVS4YOU
2010-02-11 12:44 . 2010-02-11 21:59 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-11 12:44 . 2010-02-11 21:59 -------- d-----w- c:\program files\AVS4YOU
2010-02-10 20:26 . 2010-02-10 20:26 -------- d-----w- c:\users\Desolation Alley\AppData\Local\TVU Networks
2010-02-10 20:26 . 2010-02-10 20:26 -------- d-----w- c:\programdata\TVU Networks
2010-02-10 20:25 . 2010-02-11 21:58 -------- d-----w- c:\program files\TVUPlayer
2010-02-10 02:07 . 2010-02-10 02:07 -------- d-----w- C:\VJVod_Cache
2010-02-09 20:34 . 2010-02-09 20:34 -------- d-----w- c:\windows\system32\nagasoft
2010-02-07 20:29 . 2010-02-07 20:29 -------- d-----w- c:\users\Desolation Alley\AppData\Roaming\StreamTorrent
2010-02-07 18:27 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-07 18:27 . 2010-02-07 18:27 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-07 18:27 . 2010-02-07 18:27 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-07 18:27 . 2010-02-07 18:27 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-07 18:27 . 2010-02-07 18:27 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-07 18:26 . 2010-02-07 18:27 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-07 18:26 . 2010-02-07 18:26 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-07 18:26 . 2010-02-07 18:26 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-07 18:25 . 2010-02-07 18:25 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-07 18:25 . 2010-02-07 18:25 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-07 18:25 . 2010-02-07 18:25 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-07 18:25 . 2010-02-07 18:25 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-07 18:25 . 2010-02-07 18:25 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-07 18:25 . 2010-02-07 18:25 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-07 18:24 . 2010-02-07 18:24 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-07 18:24 . 2010-02-07 18:24 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-07 18:24 . 2010-02-07 18:24 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-07 18:24 . 2010-02-07 18:24 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-07 18:23 . 2010-02-11 22:21 -------- d--h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-07 18:23 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-02-07 18:23 . 2010-02-11 22:21 -------- d-----w- c:\programdata\Lavasoft
2010-02-07 18:23 . 2010-02-11 22:21 -------- d-----w- c:\program files\Lavasoft
2010-02-06 16:23 . 2010-02-07 18:44 -------- d-----w- c:\program files\Tikona WI-BRO dialer
2010-02-04 17:03 . 2010-02-11 22:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-04 17:03 . 2010-02-04 17:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-30 17:41 . 2010-01-30 17:41 -------- d-----w- c:\users\Desolation Alley\Office Genuine Advantage
2010-01-29 07:20 . 2010-01-29 07:20 -------- d-----w- c:\programdata\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 22:39 . 2009-06-03 07:24 3204 ----a-w- c:\windows\bthservsdp.dat
2010-02-12 21:39 . 2009-06-03 07:38 -------- d-----w- c:\programdata\Microsoft Help
2010-02-12 17:31 . 2009-08-11 13:32 -------- d-----w- c:\users\Desolation Alley\AppData\Roaming\uTorrent
2010-02-11 23:48 . 2009-07-09 18:43 103040 ----a-w- c:\users\Desolation Alley\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-11 23:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 22:54 . 2009-08-16 09:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-11 22:21 . 2009-06-03 07:25 -------- d-----w- c:\program files\Microsoft Works
2010-02-04 17:00 . 2009-08-19 18:05 -------- d-----w- c:\users\Desolation Alley\AppData\Roaming\SUPERAntiSpyware.com
2010-02-04 17:00 . 2009-08-19 18:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-26 02:33 . 2009-06-03 07:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-12 10:31 . 2010-01-10 15:05 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-12 10:31 . 2010-01-10 15:05 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-12 10:31 . 2010-01-10 15:05 88 --sh--r- c:\programdata\31FBC286CA.sys
2010-01-12 10:31 . 2010-01-10 15:05 88 --sh--r- c:\programdata\31FBC286CA.sys
2010-01-10 15:05 . 2010-01-10 15:05 -------- d-----w- c:\users\Desolation Alley\AppData\Roaming\Corel
2010-01-10 09:12 . 2010-01-10 09:12 -------- d-----w- c:\programdata\Corel
2010-01-10 09:12 . 2010-01-10 09:12 -------- d-----w- c:\program files\Common Files\Protexis
2010-01-10 09:08 . 2010-01-10 09:08 -------- d-----w- c:\program files\Common Files\Corel
2010-01-10 09:07 . 2010-01-10 09:07 -------- d-----w- c:\program files\Corel
2010-01-10 09:02 . 2010-01-10 05:08 -------- d-----w- c:\programdata\NOS
2010-01-10 08:48 . 2010-01-10 05:08 392732960 ----a-w- c:\programdata\NOS\CorelDRAWGraphicsSuiteX4Installer_AU.exe
2010-01-10 05:08 . 2010-01-10 05:08 -------- d-----w- c:\program files\NOS
2010-01-08 08:23 . 2009-09-25 16:07 -------- d-----w- c:\programdata\FLEXnet
2010-01-07 04:32 . 2010-01-07 04:32 -------- d-----w- c:\program files\Adobe Media Player
2010-01-03 22:32 . 2010-01-03 22:07 -------- d-----w- c:\programdata\WindSolutions
2010-01-03 22:14 . 2010-01-03 22:07 -------- d-----w- c:\users\Desolation Alley\AppData\Roaming\WindSolutions
2010-01-03 22:13 . 2010-01-03 22:13 -------- d-----w- c:\users\Desolation Alley\AppData\Roaming\iCloner
2010-01-02 06:38 . 2010-01-22 06:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 06:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 06:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 06:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 21:49 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-03 07:42 . 2009-06-03 07:42 75 --sh--r- c:\windows\CT4CET.bin
2009-06-03 20:03 . 2009-06-03 20:00 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 09:26 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Google Update "= "c:\users\Desolation Alley\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-27 135664]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-04-01 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-04-01 173592]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-04-01 150552]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"Dell Webcam Central "= "c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"DellComms "= "c:\program files\Dell\DellComms\bin\sprtcmd.exe" [2009-03-25 206064]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\users\Desolation Alley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-03 07:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-02 17:11 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):b4,fe,e9,6e,3b,58,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [07-02-2010 23:57 64288]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe [04-06-2009 01:48 81920]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [18-12-2008 13:05 155648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [04-02-2010 22:33 1153368]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\Dell\DellComms\bin\sprtsvc.exe [25-03-2009 10:44 206064]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [03-06-2009 12:53 29736]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\System32\drivers\CtClsFlt.sys [03-06-2009 13:11 144128]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\System32\drivers\OA009Ufd.sys [04-06-2009 01:48 144672]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\System32\drivers\OA009Vid.sys [04-06-2009 01:48 269216]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02-12-2009 18:49 1181328]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [05-11-2008 04:46 22904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583930776-63634570-3676665844-1000Core.job
- c:\users\Desolation Alley\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-27 18:09]

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583930776-63634570-3676665844-1000UA.job
- c:\users\Desolation Alley\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-27 18:09]

2010-02-12 c:\windows\Tasks\User_Feed_Synchronization-{567B5468-3E5A-4408-A59B-8A4CDFEB8F11}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Explorer SERVICE - c:\system\G-923-321232-3232-32211-23\driver.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 05:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath "= "\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2010-02-13 05:23:54
ComboFix-quarantined-files.txt 2010-02-12 23:53

Pre-Run: 50,624,495,616 bytes free
Post-Run: 54,389,678,080 bytes free

- - End Of File - - AB533D4179E2A44501518C094E0E3EBD

jansch · 2010/02/12

My computer seems to have become considerably faster after using ComboFix.

broni · 2010/02/12

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

================================================================

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2.
Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jansch · 2010/02/12

Hey Broni,

Here's the MBAM log that you requested. No malware detected, I'll now do the hijackthis log and post soon.

Malwarebytes' Anti-Malware 1.44
Database version: 3731
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

13-02-2010 06:00:41
mbam-log-2010-02-13 (06-00-41).txt

Scan type: Quick Scan
Objects scanned: 108856
Time elapsed: 10 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

jansch · 2010/02/12

Hijack This still isn't running. Can't install properly in the first place, but even then the Hijack This application appears on my desktop. When I run it, nothing happens, but the Hijack This process is running, even though nothing comes up on my screen. If I try running it again, it says Hijack This is already running.

Log in or Sign up

Inactive Major Spyware problem

jansch Inactive Thread Starter

wildfire Getting Old

jansch Inactive Thread Starter

jansch Inactive Thread Starter

jansch Inactive Thread Starter

wildfire Getting Old

jansch Inactive Thread Starter

broni Moderator Malware Analyst

jansch Inactive Thread Starter

jansch Inactive Thread Starter

broni Moderator Malware Analyst

jansch Inactive Thread Starter

broni Moderator Malware Analyst

jansch Inactive Thread Starter

broni Moderator Malware Analyst

jansch Inactive Thread Starter

jansch Inactive Thread Starter

broni Moderator Malware Analyst

jansch Inactive Thread Starter

jansch Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Major Spyware problem

jansch Inactive Thread Starter

wildfire Getting Old

jansch Inactive Thread Starter

jansch Inactive Thread Starter

jansch Inactive Thread Starter

wildfire Getting Old

jansch Inactive Thread Starter

broni Moderator Malware Analyst

jansch Inactive Thread Starter

jansch Inactive Thread Starter

broni Moderator Malware Analyst

jansch Inactive Thread Starter

broni Moderator Malware Analyst

jansch Inactive Thread Starter

broni Moderator Malware Analyst

jansch Inactive Thread Starter

jansch Inactive Thread Starter

broni Moderator Malware Analyst

jansch Inactive Thread Starter

jansch Inactive Thread Starter

Share This Page

Useful Searches