1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive-A Drive By

Discussion in 'Malware and Virus Removal Archive' started by edjer, 2011/12/13.

Thread Status:
Not open for further replies.
  1. 2011/12/13
    edjer

    edjer Inactive Thread Starter

    Joined:
    2002/05/10
    Messages:
    147
    Likes Received:
    0
    [Inactive-A] Drive By

    I got hit by a drive by and it uninstalled Security Center, Firewall and Defender.
    I think I'm clean but it was suggested I post these logs. Please let me know if you see anything.
    I had to delete the MBAM log (all 0s), Drive info, all the installed programs and Firefox and disabled device info because the post was way too long.
    Ed
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-13 14:46:14
    Windows 6.1.7601 Service Pack 1
    Running: 57ix49tc.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002761eda6d
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002761eda6d@64995d62bebd 0x67 0x7D 0xC7 0xDF ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002761eda6d (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002761eda6d@64995d62bebd 0x67 0x7D 0xC7 0xDF ...
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\Downloads\AVS4YOUSoftwarein1InstallationPackage1.3.1.62\All AVS4YOU\xae Software in 1 Installation Package 1.3.1.62\AVSInstallPack.exe 1

    ---- EOF - GMER 1.0.15 ----

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-13 14:50:40
    -----------------------------
    14:50:40.501 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:50:40.501 Number of processors: 6 586 0xA00
    14:50:40.501 ComputerName: ED-PC UserName: Ed
    14:50:41.591 Initialize success
    14:50:59.335 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-4
    14:50:59.337 Disk 0 Vendor: ST31000520AS CC32 Size: 953869MB BusType: 3
    14:50:59.340 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:50:59.340 Disk 1 Vendor: SAMSUNG_HD501LJ CR100-11 Size: 476938MB BusType: 3
    14:50:59.342 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T1L0-5
    14:50:59.345 Disk 2 Vendor: SAMSUNG_HD501LJ CR100-11 Size: 476938MB BusType: 3
    14:51:01.348 Disk 1 MBR read successfully
    14:51:01.350 Disk 1 MBR scan
    14:51:01.353 Disk 1 Windows XP default MBR code
    14:51:01.355 Service scanning
    14:51:01.888 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    14:51:01.943 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    14:51:02.493 Modules scanning
    14:51:02.495 Disk 1 trace - called modules:
    14:51:02.553 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800cd0b2c0]<<
    14:51:02.558 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800dd26060]
    14:51:02.563 3 CLASSPNP.SYS[fffff8800187843f] -> nt!IofCallDriver -> [0xfffffa800daeb580]
    14:51:02.568 5 ACPI.sys[fffff880010437a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800daef060]
    14:51:02.570 \Driver\atapi[0xfffffa800dad4cc0] -> IRP_MJ_CREATE -> 0xfffffa800cd0b2c0
    14:51:02.578 Scan finished successfully
    14:51:32.973 Disk 1 MBR has been saved successfully to "E:\Downloads\MBR.dat "
    14:51:32.978 The log file has been saved successfully to "E:\Downloads\aswMBR.txt "

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Ed at 14:52:47 on 2011-12-13
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16383.12825 [GMT -5:00]
    .
    AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files\Atomic Alarm Clock\timeserv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\srvany.exe
    C:\Windows\System32\msdtc.exe
    C:\Windows\KMService.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\nlssrv32.exe
    C:\Program Files (x86)\Common Files\NMSAccessU.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\PrintCtrl.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\pyTivo\pyTivoService.exe
    C:\Python26\python.exe
    C:\Users\Ed\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    C:\Windows\System32\PrintDisp.exe
    C:\Windows\System32\tcpsvcs.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
    C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
    C:\Program Files (x86)\eBook Technologies\eBook USB Driver\TrayEBU.exe
    C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe
    C:\Program Files\TaskmgrPro\TaskmgrProAdmin.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\eM Client\MailClient.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Weather1\Weather1.exe
    C:\Program Files (x86)\Trillian\trillian.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Program Files\zabkat\xplorer2\xplorer2_64.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://search.searchcompletion.com/?si=10179&home=1
    uStart Page = hxxp://www22.verizon.com/foryourhome/MyAccount/Protected/Overview/MyOverView.aspx
    uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10179&home=1
    uSearch Bar = hxxp://search.searchcompletion.com/?si=10179&home=1
    uInternet Settings,ProxyServer = 200.172.103.46:80
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Show Naturalreader Bar: {127ad70f-b2b7-4f6a-acd9-c7b1fe48c8c0} - C:\Windows\syswow64\MsiExec.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IE 4.x-6.x BHO for Internet Download Accelerator: {2a646672-9c3a-4c28-9a7a-1fb0f63f28b6} - C:\PROGRA~2\Internet Download Accelerator\idaiehlp.dll
    BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: QuickTime: {d26ae2ea-3f14-42df-ac75-14380c4acfd0} - C:\Users\Ed\AppData\LocalLow\QuickTime\IE\QuickTime.dll
    BHO: CutePDF Form Filler Helper: {d41289f2-69c6-417b-897e-c653d677cbaf} - C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll
    BHO: ReasonableToolbar.ToolbarBHO: {d8961a1e-25db-33c9-a7c9-3d3e3266b5b8} - mscoree.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    TB: Naturalsoft IE Bar V9: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: ReasonableToolbar: {c9a6357b-25cc-4bcf-96c1-78736985d413} - mscoree.dll
    uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer
    uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
    uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
    uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
    uRun: [TaskmgrPro] C:\Program Files\TaskmgrPro\TaskmpStart.exe
    uRun: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
    uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [<NO NAME>]
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe "
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [NextSTART]
    mRun: [Workshelf]
    mRun: [EmMail] C:\Program Files (x86)\eM Client\MailClient.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [Weather1] C:\Program Files (x86)\Weather1\Weather1.exe
    dRunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
    StartupFolder: C:\Users\Ed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EBOOKU~1.LNK - C:\Program Files (x86)\eBook Technologies\eBook USB Driver\TrayEBU.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AutorunsDisabled\GammaTray.exe.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe
    uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoStrCmpLogical = 1 (0x1)
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: DisplayLastLogonInfo = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
    IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Capture video with Stream-Cloner - C:\Program Files (x86)\Stream-Cloner\SC_IEOBJ.htm
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download ALL with IDA - C:\Program Files (x86)\Internet Download Accelerator\idaieall.htm
    IE: Download remotely with IDA - C:\Program Files (x86)\Internet Download Accelerator\remdown.htm
    IE: Download video with Stream-Cloner - C:\Program Files (x86)\Stream-Cloner\SC_IEOBJ2.htm
    IE: Download with IDA - C:\Program Files (x86)\Internet Download Accelerator\idaie.htm
    IE: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta
    IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files (x86)\Internet Download Accelerator\ida.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {E6EF5071-7647-4E85-9785-87B6CF5CB561} - {C92041C1-6D22-4069-BA0E-66246AA752B0} - C:\Windows\SysWOW64\shdocvw.dll
    Trusted Zone: rfcu.com\www
    Trusted Zone: tvguide.com\www
    DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{A1218078-8A76-4A4D-B43B-19A8F74E0921} : NameServer = 4.2.2.1,4.2.2.2
    TCP: Interfaces\{F3534397-FA73-4D1F-B200-492DA2364F0B} : NameServer = 151.203.0.84,141.154.0.68,151.203.0.85
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    SEH: Directory Opus Shell Execute Hook: {ee761688-c137-4b04-8fab-3c9cdf0886f0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll
    mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
    BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO-X64: Show Naturalreader Bar: {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} - C:\Windows\syswow64\MsiExec.exe
    BHO-X64: {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: IE 4.x-6.x BHO for Internet Download Accelerator: {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~2\Internet Download Accelerator\idaiehlp.dll
    BHO-X64: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
    BHO-X64: flashget urlcatch - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    BHO-X64: Virtual Storage Mount Notification - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: QuickTime: {D26AE2EA-3F14-42DF-AC75-14380C4ACFD0} - C:\Users\Ed\AppData\LocalLow\QuickTime\IE\QuickTime.dll
    BHO-X64: QuickTime - No File
    BHO-X64: CutePDF Form Filler Helper: {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll
    BHO-X64: CutePDF Form Filler - No File
    BHO-X64: ReasonableToolbar.ToolbarBHO: {d8961a1e-25db-33c9-a7c9-3d3e3266b5b8} - mscoree.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    TB-X64: Naturalsoft IE Bar V9: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: ReasonableToolbar: {c9a6357b-25cc-4bcf-96c1-78736985d413} - mscoree.dll
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [(Default)]
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe "
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [NextSTART]
    mRun-x64: [Workshelf]
    mRun-x64: [EmMail] C:\Program Files (x86)\eM Client\MailClient.exe
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun-x64: [Weather1] C:\Program Files (x86)\Weather1\Weather1.exe
    IE-X64: {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files (x86)\Internet Download Accelerator\ida.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    SEH-X64: Directory Opus Shell Execute Hook: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll
    .

    ============= SERVICES / DRIVERS ===============
    .
    R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
    R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 cbfs3;cbfs3;\??\C:\Windows\system32\drivers\cbfs3.sys --> C:\Windows\system32\drivers\cbfs3.sys [?]
    R1 cdrblock;cdrblock;C:\Windows\system32\DRIVERS\cdrblock.sys --> C:\Windows\system32\DRIVERS\cdrblock.sys [?]
    R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;C:\Windows\system32\Drivers\CSN5PDTS82x64.sys --> C:\Windows\system32\Drivers\CSN5PDTS82x64.sys [?]
    R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [2011-8-9 28032]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/06 15:51:19];C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\000.fcl [2010-12-29 146928]
    R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/24 12:37:00];C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\NavFilter\000.fcl [2011-5-24 148976]
    R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
    R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
    R2 ASTRA64;ASTRA64 Kernel Driver 1.0.0.1;C:\Program Files (x86)\ASTRA32\astra64.sys [2007-2-22 21200]
    R2 AtomicAlarmClock;Atomic Alarm Clock Time;C:\Program Files\Atomic Alarm Clock\timeserv.exe [2011-10-27 2062336]
    R2 KMService;KMService;C:\Windows\System32\srvany.exe [2010-10-30 8192]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-14 366152]
    R2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;C:\Windows\SysWOW64\nlssrv32.exe [2011-9-22 66560]
    R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-5-24 75248]
    R2 Printer Control;Printer Control;C:\Windows\system32\PrintCtrl.exe --> C:\Windows\system32\PrintCtrl.exe [?]
    R2 pyTivo;pyTivo;C:\Program Files (x86)\pyTivo\pyTivoService.exe [2008-5-2 77824]
    R2 QuickTimeUpdater;QuickTime Updater;C:\Users\Ed\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe [2011-7-12 18432]
    R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2010-12-26 386344]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-30 2358656]
    R2 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]
    R3 dvdfab;dvdfab;C:\Windows\system32\drivers\dvdfab.sys --> C:\Windows\system32\drivers\dvdfab.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 azvusb;Virtual USB Hub;C:\Windows\system32\DRIVERS\azvusb.sys --> C:\Windows\system32\DRIVERS\azvusb.sys [?]
    S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;C:\Windows\system32\Drivers\BUSB2902.sys --> C:\Windows\system32\Drivers\BUSB2902.sys [?]
    S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;C:\Windows\system32\drivers\busbwdm.sys --> C:\Windows\system32\drivers\busbwdm.sys [?]
    S3 CV2K1;CommView Network Monitor;C:\Windows\system32\DRIVERS\cv2k1.sys --> C:\Windows\system32\DRIVERS\cv2k1.sys [?]
    S3 CVShell Service;CVShell Service;C:\Program Files (x86)\ACD Systems\Canvas 12\CVShellSrv.exe [2010-12-23 257400]
    S3 eBook;eBook;C:\Windows\system32\Drivers\eBook.sys --> C:\Windows\system32\Drivers\eBook.sys [?]
    S3 GPAdjustTimeService;1st Clock Adjust Time Service;C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe [2010-10-30 448512]
    S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2011-10-8 452096]
    S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);C:\Windows\system32\drivers\lmvac.sys --> C:\Windows\system32\drivers\lmvac.sys [?]
    S3 Media Center 16 Service;Media Center 16 Service;C:\Program Files (x86)\J River\Media Center 16\JRService.exe [2011-7-1 380040]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
    S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RRNetCap;RRNetCap Service;C:\Windows\system32\DRIVERS\rrnetcap.sys --> C:\Windows\system32\DRIVERS\rrnetcap.sys [?]
    S3 RRNetCapMP;RRNetCapMP;C:\Windows\system32\DRIVERS\rrnetcap.sys --> C:\Windows\system32\DRIVERS\rrnetcap.sys [?]
    S3 SageTV;SageTV;C:\Program Files (x86)\SageTV\SageTV\SageTVService.exe [2009-7-27 1089536]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011.SP5\RpcAgentSrv.exe [2011-9-20 93848]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAVCap;AVerMedia USB TV Tuner Device;C:\Windows\system32\drivers\USBAVCap.sys --> C:\Windows\system32\drivers\USBAVCap.sys [?]
    S3 utdrv;utdrv;\??\C:\Windows\system32\drivers\utdrv.sys --> C:\Windows\system32\drivers\utdrv.sys [?]
    S3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\system32\DRIVERS\vcd10bus.sys --> C:\Windows\system32\DRIVERS\vcd10bus.sys [?]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
    S3 w7Svc;webcam 7 Service;C:\Program Files (x86)\webcam 7\wService.exe [2011-7-27 4999680]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-6 660768]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S4 AMPingService;AMPingService; [x]
    S4 GatewayAgentService;O&O Gateway Agent Service;C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [2010-7-5 311296]
    S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-13 136176]
    S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-13 136176]
    S4 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-3-24 118784]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2010-9-30 3140424]
    S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    SUnknown xdmlnvkx;xdmlnvkx; [x]
    .
    =============== File Associations ===============
    .
    .txt=NoteProTXT
    .
    =============== Created Last 30 ================
    .
    2011-12-13 19:48:04 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6EEC541-B32B-4A32-B774-83CEAF291F5F}\offreg.dll
    2011-12-13 19:48:03 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6EEC541-B32B-4A32-B774-83CEAF291F5F}\mpengine.dll
    2011-12-13 15:28:41 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
    2011-12-13 13:34:12 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03624BA2-4A90-4A0B-A92A-0D89802C46A0}\gapaengine.dll
    2011-12-13 13:33:13 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2011-12-13 13:33:09 -------- d-----w- C:\Program Files\Microsoft Security Client
    2011-12-11 05:37:26 -------- d-----w- C:\DeLorme Docs
    2011-12-09 04:19:54 -------- d-----w- C:\Users\Ed\Foxreal
    2011-12-09 02:33:26 -------- d-----w- C:\Users\Ed\AppData\Roaming\Foxreal
    2011-12-09 02:33:13 -------- d-----w- C:\Program Files (x86)\Foxreal
    2011-12-09 01:18:51 -------- d-----w- C:\Users\Ed\AppData\Local\MPlayer
    2011-12-08 16:23:22 -------- d-----w- C:\ProgramData\Zaxwerks
    2011-12-08 03:31:19 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-12-07 23:02:37 -------- d-----w- C:\Program Files (x86)\The Print Shop 23.1
    2011-12-06 05:48:06 -------- d-----w- C:\Program Files (x86)\SnowFox Software
    2011-12-04 16:35:39 9068544 ----a-w- C:\Windows\SysWow64\Winter 3D Screensaver.scr
    2011-12-04 16:35:39 -------- d-----w- C:\Program Files (x86)\Winter 3D Screensaver
    2011-12-03 16:36:54 -------- d-----w- C:\Users\Ed\AppData\Roaming\PlayFavoriteGames
    2011-12-02 20:19:29 -------- d-----w- C:\Program Files (x86)\Photoupz
    2011-12-01 19:53:27 -------- d-----w- C:\Windows\usb-audio.deBehringer2902
    2011-12-01 19:53:14 49728 ----a-w- C:\Windows\System32\drivers\busbwdm.sys
    2011-12-01 17:54:05 -------- d-----w- C:\Users\Ed\AppData\Roaming\ATI Drivers Update Utility
    2011-11-30 18:28:04 -------- d-----w- C:\Program Files\ESET
    2011-11-29 16:12:28 -------- d-----w- C:\ProgramData\CPA_VA
    2011-11-29 15:59:02 -------- d-----w- C:\ProgramData\Comodo Downloader
    2011-11-29 14:03:34 -------- d-----w- C:\Users\Ed\AppData\Local\Xilisoft
    2011-11-29 04:24:23 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
    2011-11-29 04:24:23 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2011-11-29 04:24:23 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2011-11-29 04:24:23 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2011-11-29 04:24:23 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
    2011-11-29 04:10:10 -------- d-----w- C:\Users\Ed\AppData\Roaming\Nik Software
    2011-11-29 03:55:37 -------- d-----w- C:\Windows\MSSecurityNS
    2011-11-29 03:54:06 -------- d-----w- C:\Windows\MSSecurityNi
    2011-11-29 03:53:00 -------- d-----w- C:\Users\Ed\AppData\Local\Nik Software
    2011-11-29 03:52:54 -------- d-----w- C:\ProgramData\Nik Software
    2011-11-29 03:52:52 -------- d-----w- C:\Program Files\Nik Software
    2011-11-28 03:47:15 -------- d-----w- C:\Program Files (x86)\Top Password
    2011-11-28 03:31:02 806154 ----a-w- C:\Windows\SysWow64\unins000.exe
    2011-11-28 03:31:02 1364992 ----a-w- C:\Windows\SysWow64\3D Canyon Flight Screensaver.scr
    2011-11-27 15:52:36 -------- d-----w- C:\Program Files (x86)\AMD APP
    2011-11-27 13:48:29 -------- d-----w- C:\Users\Ed\AppData\Local\Kolor
    2011-11-27 13:46:55 -------- d-----w- C:\Program Files (x86)\Kolor
    2011-11-26 17:00:53 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-11-24 03:08:43 -------- d-----w- C:\Program Files (x86)\AV Splitter
    2011-11-22 17:27:48 -------- d-----w- C:\Users\Ed\AppData\Roaming\Process Hacker 2
    2011-11-22 17:23:14 -------- d-----w- C:\Program Files\Process Hacker 2
    2011-11-22 05:59:59 603984 ----a-w- C:\Windows\System32\KAAPORT64.dll
    2011-11-21 23:21:49 -------- d-----w- C:\Program Files\DriverTuner
    2011-11-21 13:28:13 -------- d-----w- C:\Program Files (x86)\System Restore Explorer
    2011-11-20 20:28:11 -------- d-----w- C:\Users\Ed\AppData\Roaming\TERMINAL Studio
    2011-11-20 20:28:03 19316736 ----a-w- C:\Windows\SysWow64\Thanksgiving 3D Screensaver.scr
    2011-11-20 06:33:19 -------- d-----w- C:\Program Files (x86)\Software
    2011-11-19 17:28:42 -------- d-----w- C:\Program Files (x86)\Hangman Pro v1.1.1 Portable
    2011-11-18 19:22:01 -------- dc-h--w- C:\ProgramData\{E495C549-FA37-49F8-9EF7-A92CE55058C9}
    2011-11-18 19:21:53 -------- dc-h--w- C:\ProgramData\{BB82CA89-D29D-45D2-8C0C-C824A39D588E}
    2011-11-18 19:21:42 -------- dc-h--w- C:\ProgramData\{896AFBDD-72FF-40B8-B6B8-33C6022AD113}
    2011-11-18 19:21:31 -------- dc-h--w- C:\ProgramData\{9C90450F-E325-424C-B16B-8809320C3F92}
    2011-11-18 19:21:13 -------- dc-h--w- C:\ProgramData\{E314972B-E8D6-465D-AE74-6CC08535701F}
    2011-11-18 19:21:06 -------- dc-h--w- C:\ProgramData\{EC2F7042-ADE8-4F04-9A7E-2316AD6311E2}
    2011-11-18 19:20:58 -------- dc-h--w- C:\ProgramData\{5BCAA0F1-4CEB-4ED4-9E18-B9D4FB521338}
    2011-11-18 19:20:53 -------- dc-h--w- C:\ProgramData\{89E2929F-C967-49CB-9FE3-FD86B97312FE}
    2011-11-18 19:20:49 -------- dc-h--w- C:\ProgramData\{CB2950A3-A919-41C2-8920-64738E7DDEE8}
    2011-11-18 19:20:43 -------- dc-h--w- C:\ProgramData\{B21E6C95-1429-4BC6-AA4D-4219C78235A1}
    2011-11-18 19:20:40 -------- dc-h--w- C:\ProgramData\{0DEDF45C-1DEC-4670-AACA-9EC906125BFB}
    2011-11-18 19:20:33 -------- dc-h--w- C:\ProgramData\{34007C15-AD5B-4CB2-A047-04AB415A841A}
    2011-11-18 19:20:30 -------- dc-h--w- C:\ProgramData\{3D9F190A-0F10-4AD6-809B-E15B73D0B8BE}
    2011-11-18 19:20:24 -------- dc-h--w- C:\ProgramData\{54AE07EB-BBE5-4429-9DF3-C156DB112B54}
    2011-11-18 19:20:20 -------- dc-h--w- C:\ProgramData\{F7D319B6-E312-49A7-AA67-4737E676DD03}
    2011-11-18 19:20:11 -------- dc-h--w- C:\ProgramData\{35056848-1DF5-4D37-85C5-0134DA6F6DFD}
    2011-11-18 19:20:03 -------- dc-h--w- C:\ProgramData\{3FC6E797-6A27-41D8-BCD6-DFD8BCD6103E}
    2011-11-18 19:19:58 -------- dc-h--w- C:\ProgramData\{33BC0E96-6441-46C9-9F09-529996C10736}
    2011-11-18 19:19:49 -------- dc-h--w- C:\ProgramData\{ABC7326D-27C4-4601-8B2C-50AABC4C287C}
    2011-11-18 19:19:43 -------- dc-h--w- C:\ProgramData\{AE93E0EC-AB92-4D27-9DA8-1BCEE7181244}
    2011-11-18 19:19:42 -------- dc-h--w- C:\ProgramData\{A86A537E-18B3-414C-8CA0-92F4066C1B5C}
    2011-11-18 19:19:41 -------- d-----w- C:\Program Files\Common Files\Topaz Labs
    2011-11-18 19:19:35 -------- dc-h--w- C:\ProgramData\{6172A493-DBB5-49D2-B3DC-94690BB85ACF}
    2011-11-18 19:19:33 -------- d-----w- C:\Program Files (x86)\Topaz Labs
    2011-11-18 19:19:33 -------- d-----w- C:\Program Files (x86)\Common Files\Topaz Labs
    2011-11-17 18:08:39 66560 ----a-w- C:\Windows\System32\nlssrv32.exe
    2011-11-17 14:41:40 -------- d-----w- C:\Program Files (x86)\MediaCoder 2011 R10 build 5200
    2011-11-16 14:15:00 -------- d-----w- C:\Program Files (x86)\Real Network Monitor
    2011-11-15 15:57:08 -------- d-----w- C:\Users\Ed\AppData\Roaming\eM Client
    2011-11-15 15:56:49 -------- d-----w- C:\Program Files (x86)\eM Client
    2011-11-15 06:48:59 -------- d-----w- C:\Users\Ed\AppData\Roaming\Stream-Cloner
    2011-11-15 06:47:03 -------- d-----w- C:\Program Files (x86)\Stream-Cloner
    2011-11-15 06:39:19 -------- d-----w- C:\Users\Ed\AppData\Local\JPSoft
    2011-11-13 23:07:24 -------- d-----w- C:\Users\Ed\AppData\Roaming\BlamGames
    .
    ==================== Find3M ====================
    .
    2011-12-09 16:34:21 3922 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2011-12-05 15:39:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-20 02:41:10 749088 ----a-w- C:\Windows\SysWow64\3Planesoft_Screensaver_Manager.scr
    2011-11-13 16:24:54 160018 ----a-w- C:\Windows\FontDoctor For Windows Uninstaller.exe
    2011-11-10 15:05:33 14 ----a-w- C:\Windows\SysWow64\sysvm501pro.dll
    2011-11-02 21:24:29 2675216 ----a-w- C:\Windows\SysWow64\Dolphins_3D_Screensaver.scr
    2011-11-02 21:15:18 2703384 ----a-w- C:\Windows\SysWow64\Fog_Horses_3D_Screensaver.scr
    2011-10-31 12:27:44 421888 ----a-w- C:\Windows\SysWow64\RealMediaSplitter.ax
    2011-10-27 13:50:02 48042 ----a-w- C:\Users\Ed\AppData\Roaming\updater.exe
    2011-10-26 03:05:10 10496512 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-10-26 02:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2011-10-26 02:21:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2011-10-26 02:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll
    2011-10-26 02:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll
    2011-10-26 02:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-10-26 02:20:42 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-10-26 02:16:06 24866816 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-10-26 02:06:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-10-26 02:05:58 748544 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-10-26 02:04:28 892416 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-10-26 02:01:46 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-10-26 02:01:36 517120 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-10-26 02:00:58 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-10-26 01:59:48 18757120 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-10-26 01:59:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-10-26 01:59:22 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-10-26 01:59:16 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-10-26 01:59:04 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-10-26 01:58:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-10-26 01:58:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-10-26 01:58:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-10-26 01:55:48 4292096 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-10-26 01:46:12 5041664 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-10-26 01:43:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-10-26 01:43:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-10-26 01:43:12 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-10-26 01:38:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-10-26 01:38:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-10-26 01:38:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-10-26 01:38:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-10-26 01:38:08 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-10-26 01:35:38 4353536 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-10-26 01:34:56 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-10-26 01:32:30 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-10-26 01:29:32 5510144 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-10-26 01:29:24 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-10-26 01:22:38 486912 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-10-26 01:22:30 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-10-26 01:22:20 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-10-26 01:22:16 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-10-26 01:22:16 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-10-26 01:22:12 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-10-26 01:22:06 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-10-26 01:21:58 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-10-26 01:21:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-10-26 01:21:06 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-10-26 01:21:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-10-26 01:20:52 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-10-26 01:20:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-10-22 14:25:49 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-10-22 14:25:49 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2011-10-12 20:06:04 1218627 ----a-w- C:\Windows\unins000.exe
    2011-10-04 23:21:56 452096 ----a-w- C:\Windows\SysWow64\GSService.exe
    2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
    2011-09-29 03:54:48 947472 ----a-w- C:\Windows\SysWow64\msjava.dll
    2011-09-23 01:07:34 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
    2011-09-23 01:06:04 3171176 ----a-w- C:\Windows\System32\sqlncli10.dll
    2011-09-23 01:06:04 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2011-09-23 01:01:54 312168 ----a-w- C:\Windows\System32\drivers\RsFx0104.sys
    2011-09-23 01:01:54 311144 ----a-w- C:\Windows\System32\drivers\RsFx0105.sys
    2011-09-23 00:09:36 42344 ----a-w- C:\Windows\System32\DTSPipelinePerf100.dll
    2011-09-22 23:17:10 354816 ----a-w- C:\Windows\System32\SilverEfexPro2FC64.dll
    2011-09-22 23:17:10 326144 ----a-w- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
    2011-09-22 23:17:02 66560 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
    2011-09-22 21:18:58 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2011-09-22 21:18:58 2570088 ----a-w- C:\Windows\SysWow64\sqlncli10.dll
    2011-09-22 16:31:04 354816 ----a-w- C:\Windows\System32\ColorEfexPro4FC64.dll
    2011-09-22 16:31:04 326144 ----a-w- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
    2011-09-15 18:41:52 341904 ----a-w- C:\Windows\System32\drivers\cbfs3.sys
    2011-09-15 18:41:52 223760 ----a-w- C:\Windows\SysWow64\CbFsNetRdr3.dll
    2011-09-15 18:41:52 191504 ----a-w- C:\Windows\System32\CbFsMntNtf3.dll
    2011-09-15 18:41:52 158224 ----a-w- C:\Windows\SysWow64\CbFsMntNtf3.dll
    2011-09-15 18:41:52 142352 ----a-w- C:\Windows\System32\CbFsNetRdr3.dll
    2007-01-25 08:52:26 65536 ----a-w- C:\Program Files (x86)\Common Files\NMSAccessU.exe
    2003-07-25 15:38:08 132096 ----a-w- C:\Program Files (x86)\Common Files\PCSBoff.exe
    2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
    2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
    2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
    2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
    .
    ============= FINISH: 14:53:47.33 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/30/2010 9:12:00 AM
    System Uptime: 12/13/2011 9:23:45 AM (5 hours ago)
    .
    Motherboard: MSI | | 890FXA-GD70 (MS-7640)
    Processor: AMD Phenom(tm) II X6 1090T Processor | CPU1 | 3200/200mhz
    .

    ==== System Restore Points ===================
    .
    No restore point in system.
    .

    ==== Event Viewer Messages From Past Week ========
    .
    12/13/2011 9:30:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    12/13/2011 9:27:19 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/13/2011 9:27:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS CSN5PDTS82
    12/13/2011 9:26:55 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    12/13/2011 9:26:36 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    12/13/2011 9:25:31 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    12/13/2011 9:24:28 AM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it.
    12/13/2011 8:34:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
    12/13/2011 8:34:23 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/13/2011 2:48:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    12/13/2011 2:48:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    12/12/2011 4:52:13 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
    .
    ==== End Of File ===========================
     
    edjer,
    #1
  2. 2011/12/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...