Inactive My Logs as per Admin's suggestion.

Maureen 258 · 2011/02/09

[Inactive] My Logs as per Admin's suggestion.

Hi All.

I placed a thread on the Vista forum and Admin has suggested I place my logs on here too.

Hopefully I have done this correctly.

Kind Regards,

Maureen/Mo.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5714

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

08/02/2011 20:44:33
mbam-log-2011-02-08 (20-44-33).txt

Scan type: Quick scan
Objects scanned: 154906
Time elapsed: 14 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-09 15:03:07
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500JS-60NCB1 rev.10.02E02
Running: szki37p8.exe; Driver: C:\Users\Maureen\AppData\Local\Temp\kgtdifob.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys ZwOpenProcess [0x82B26620]
SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys ZwTerminateProcess [0x82B266D0]
SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys ZwTerminateThread [0x82B26770]
SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys ZwWriteVirtualMemory [0x82B26810]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 83AADB54 4 Bytes [20, 66, B2, 82]
.text ntkrnlpa.exe!KeSetEvent + 621 83AADD84 8 Bytes [D0, 66, B2, 82, 70, 67, B2, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 83AADDE4 4 Bytes [10, 68, B2, 82]
? System32\Drivers\650267c0.sys The system cannot find the path specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe[1880] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7483A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74818395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7486CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7480C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\crypt32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\crypt32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[2340] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Aspire M1100
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 162):
0x83A44000 \SystemRoot\system32\ntkrnlpa.exe
0x83A11000 \SystemRoot\system32\hal.dll
0x80609000 \SystemRoot\system32\kdcom.dll
0x80610000 \SystemRoot\system32\PSHED.dll
0x80621000 \SystemRoot\system32\BOOTVID.dll
0x80629000 \SystemRoot\system32\CLFS.SYS
0x8066A000 \SystemRoot\system32\CI.dll
0x8074A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807C6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x84403000 \SystemRoot\system32\drivers\acpi.sys
0x84449000 \SystemRoot\system32\drivers\WMILIB.SYS
0x84452000 \SystemRoot\system32\drivers\msisadrv.sys
0x8445A000 \SystemRoot\system32\drivers\pci.sys
0x84481000 \SystemRoot\System32\drivers\partmgr.sys
0x84490000 \SystemRoot\system32\drivers\volmgr.sys
0x8449F000 \SystemRoot\System32\drivers\volmgrx.sys
0x844E9000 \SystemRoot\system32\drivers\pciide.sys
0x844F0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x844FE000 \SystemRoot\System32\drivers\mountmgr.sys
0x8450E000 \SystemRoot\system32\drivers\atapi.sys
0x84516000 \SystemRoot\system32\drivers\ataport.SYS
0x84534000 \SystemRoot\system32\drivers\fltmgr.sys
0x84566000 \SystemRoot\system32\drivers\fileinfo.sys
0x84576000 \SystemRoot\system32\drivers\bdfsfltr.sys
0x845BB000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x845C4000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x84603000 \SystemRoot\System32\Drivers\ksecdd.sys
0x84674000 \SystemRoot\system32\drivers\ndis.sys
0x8477F000 \SystemRoot\system32\drivers\msrpc.sys
0x847AA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BC0E000 \SystemRoot\System32\drivers\tcpip.sys
0x8BCFB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BE0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF1E000 \SystemRoot\system32\drivers\volsnap.sys
0x8BF57000 \SystemRoot\System32\Drivers\spldr.sys
0x8BF5F000 \SystemRoot\system32\drivers\AVGIDSEH.sys
0x8BF68000 \SystemRoot\system32\drivers\psdvdisk.sys
0x8BF7A000 \SystemRoot\system32\drivers\PSDNServ.sys
0x8BF83000 \SystemRoot\System32\Drivers\mup.sys
0x8BF92000 \SystemRoot\System32\drivers\ecache.sys
0x8BFB9000 \SystemRoot\system32\drivers\disk.sys
0x8BFCA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BFEB000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8BFF3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BD16000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BD1F000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x9220F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x92D17000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x92D19000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92DB9000 \SystemRoot\System32\drivers\watchdog.sys
0x8BD2F000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x92DC5000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8BD7D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x92DCF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92DDE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x92DF6000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x92DF8000 \SystemRoot\system32\drivers\InCDPass.sys
0x92200000 \SystemRoot\system32\drivers\InCDRm.sys
0x92209000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x93209000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x93296000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x932A6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x932B4000 \SystemRoot\system32\DRIVERS\fdc.sys
0x932BF000 \SystemRoot\system32\DRIVERS\serial.sys
0x932D9000 \SystemRoot\system32\DRIVERS\serenum.sys
0x932E3000 \SystemRoot\system32\DRIVERS\parport.sys
0x932FB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9330E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x93319000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x93324000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x93353000 \SystemRoot\system32\DRIVERS\storport.sys
0x93394000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9339F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x933B6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x933C1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x933E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BDBB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BDCF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x933F3000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x8BDE4000 \SystemRoot\system32\DRIVERS\rp_skt32.sys
0x8BDF0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\rp_pkt32.sys
0x933F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x845C9000 \SystemRoot\system32\DRIVERS\ks.sys
0x847E5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x847EF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x93600000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x93635000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9380B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x93B14000 \SystemRoot\system32\drivers\portcls.sys
0x93B41000 \SystemRoot\system32\drivers\drmk.sys
0x93B66000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x93B8D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x93B96000 \SystemRoot\System32\Drivers\Null.SYS
0x93B9D000 \SystemRoot\System32\Drivers\Beep.SYS
0x93BAD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x93BB4000 \SystemRoot\System32\drivers\vga.sys
0x93BC0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x93BE1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x93BE9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x93BF1000 \SystemRoot\System32\Drivers\InCDrec.SYS
0x93646000 \SystemRoot\system32\drivers\InCDFs.sys
0x93BF4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x93662000 \SystemRoot\System32\Drivers\Npfs.SYS
0x93800000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x93670000 \SystemRoot\system32\DRIVERS\tdx.sys
0x93686000 \SystemRoot\system32\DRIVERS\smb.sys
0x9369A000 \SystemRoot\system32\drivers\afd.sys
0x936E2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x93714000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x93809000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x93729000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9373F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9374D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x93760000 \??\C:\Users\Maureen\Desktop\SASKUTIL.SYS
0x93BA4000 \??\C:\Users\Maureen\Desktop\SASDIFSV.SYS
0x93782000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x937BE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x937C8000 \SystemRoot\System32\Drivers\dfsc.sys
0x83270000 \SystemRoot\System32\win32k.sys
0x937EC000 \SystemRoot\System32\drivers\Dxapi.sys
0x807D3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x83490000 \SystemRoot\System32\TSDDD.dll
0x834B0000 \SystemRoot\System32\cdd.dll
0x807E2000 \SystemRoot\system32\drivers\luafv.sys
0xA2008000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xA2025000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA2035000 \SystemRoot\system32\drivers\spsys.sys
0xA20E5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA210F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA2119000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA212C000 \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
0xA2131000 \SystemRoot\system32\drivers\HTTP.sys
0xA219E000 \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
0xA21A8000 \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
0xA21D0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA4403000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA441C000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA4431000 \SystemRoot\system32\drivers\mrxdav.sys
0xA4452000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA4471000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA44AA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA44C2000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA44EA000 \SystemRoot\System32\DRIVERS\srv.sys
0xA4538000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xA4542000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA4549000 \??\C:\Windows\system32\drivers\int15.sys
0xA6E06000 \SystemRoot\system32\drivers\peauth.sys
0xA6EE4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA6EEE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA6EFA000 \??\C:\Windows\system32\drivers\tvicport.sys
0xA6EFD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA6F12000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA6F24000 \??\C:\Windows\system32\drivers\zntport.sys
0xA6F25000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0xA6F31000 \??\C:\Program Files\Virgin Media\Security\BitDefender\profos.sys
0xA6F35000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7B52DC6-BC87-4DD1-A445-F3821F48F9E9}\MpKsl9e2f5957.sys
0xA6F3B000 \??\C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys
0xAD409000 \SystemRoot\System32\Drivers\dd254605.sys
0xAD54A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77830000 \Windows\System32\ntdll.dll

Processes (total 102):
0 System Idle Process
4 System
584 C:\Windows\System32\smss.exe
660 csrss.exe
708 C:\Windows\System32\wininit.exe
720 csrss.exe
756 C:\Windows\System32\winlogon.exe
796 C:\Windows\System32\services.exe
808 C:\Windows\System32\lsass.exe
820 C:\Windows\System32\lsm.exe
964 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\nvvsvc.exe
1036 C:\Windows\System32\svchost.exe
1116 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1232 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\audiodg.exe
1408 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\SLsvc.exe
1528 C:\Windows\System32\svchost.exe
1580 C:\Windows\System32\nvvsvc.exe
1704 C:\Windows\System32\svchost.exe
2040 C:\Windows\System32\spoolsv.exe
448 C:\Windows\System32\svchost.exe
1792 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
1924 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
1456 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
1136 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
896 C:\Program Files\Bonjour\mDNSResponder.exe
1968 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
2060 C:\Windows\System32\svchost.exe
2072 C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
2160 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
2272 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2304 C:\Windows\System32\svchost.exe
2340 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
2500 C:\Windows\System32\svchost.exe
2512 C:\Windows\System32\svchost.exe
2576 C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
2592 C:\Windows\System32\svchost.exe
2612 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2644 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2680 C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
2704 C:\Windows\System32\svchost.exe
2772 C:\Windows\System32\svchost.exe
2880 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2916 C:\Windows\System32\SearchIndexer.exe
2980 WUDFHost.exe
2988 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3024 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3592 C:\Windows\System32\taskeng.exe
3936 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3108 C:\Windows\System32\taskeng.exe
2604 C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
2972 C:\Windows\System32\taskeng.exe
2268 C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe
3736 C:\Windows\System32\dwm.exe
1216 C:\Windows\explorer.exe
2156 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
2396 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
3924 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
3068 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3384 C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe
2564 C:\Acer\Empowering Technology\SysMonitor.exe
4024 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
3336 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
3752 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2764 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
1396 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1536 C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
1144 C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
3928 C:\Windows\System32\wbem\unsecapp.exe
3696 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3972 C:\Program Files\iTunes\iTunesHelper.exe
1472 C:\Program Files\Microsoft Security Client\msseces.exe
936 WmiPrvSE.exe
3864 C:\Program Files\Windows Sidebar\sidebar.exe
2540 C:\Windows\ehome\ehtray.exe
1624 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
3676 C:\Program Files\Windows Media Player\wmpnscfg.exe
3800 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3828 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
3980 C:\Program Files\WinZip\WZQKPICK.EXE
4328 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
4408 C:\Windows\ehome\ehmsas.exe
4928 C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
5000 C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
5156 C:\Program Files\iPod\bin\iPodService.exe
5320 C:\Program Files\Windows Media Player\wmpnetwk.exe
5716 WmiPrvSE.exe
5816 C:\Windows\System32\svchost.exe
5884 WmiPrvSE.exe
5280 C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
4636 C:\Program Files\Virgin Media\Security\RPS.exe
5564 C:\Program Files\Mozilla Firefox\firefox.exe
464 C:\Program Files\Crawler\Toolbar\CToolbar.exe
2084 C:\Program Files\Mozilla Firefox\plugin-container.exe
1192 taskeng.exe
2436 C:\Windows\System32\SearchProtocolHost.exe
5216 C:\Windows\System32\SearchFilterHost.exe
5240 C:\Users\Maureen\Documents\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000002`7098f400 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02
PhysicalDrive1 Model Number: HitachiHDS721616PLA380, Rev: P22OAB3A

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
153 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Maureen 258 · 2011/02/09

DDS (Ver_10-12-12.02) - NTFSx86
Run by Maureen at 15:32:28.95 on 09/02/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.3071.1046 [GMT 0:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Virgin Media Security Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
SP: Virgin Media Security Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Virgin Media Security Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\aol\1256067183\ee\aolsoftware.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
C:\Program Files\Virgin Media\Security\RPS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Maureen\Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80150
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Freecause Toolbar BHO: {b7c2f0d8-2209-4693-a15d-5a537211d48b} - c:\program files\nectar search toolbar\Toolbar.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: Nectar Search Toolbar: {8020143d-5926-4394-a04d-dd0b649da121} - c:\program files\nectar search toolbar\Toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [HostManager] c:\program files\common files\aol\1256067183\ee\AOLSoftware.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -onlytray
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pcmmed~1.lnk - c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: live.com\help
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\maureen\appdata\roaming\mozilla\firefox\profiles\e0v13t8t.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://www.reptileforums.co.uk/
FF - prefs.js: keyword.URL - hxxp://inboxtoolbar.com/search/dispatcher.aspx?tp=sf&tbid=80150&language=en&qkw=
FF - component: c:\progra~1\crawler\firefox\components\xcomm.dll
FF - component: c:\progra~1\crawler\firefox\components\xshared.dll
FF - component: c:\progra~1\crawler\firefox\components\xsupport.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\maureen\appdata\roaming\mozilla\firefox\profiles\e0v13t8t.default\extensions\inboxcomtoolbar@inbox.com\components\plugins.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\progra~1\crawler\firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-14 25608]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl9e2f5957;MpKsl9e2f5957;c:\programdata\microsoft\microsoft antimalware\definition updates\{f7b52dc6-bc87-4dd1-a445-f3821f48f9e9}\MpKsl9e2f5957.sys [2011-2-9 28752]
R1 SASDIFSV;SASDIFSV;c:\users\maureen\desktop\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\users\maureen\desktop\SASKUTIL.SYS [2010-5-10 67656]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2007-4-17 266343]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-10-21 21504]
R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2010-12-1 1406264]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-10-1 583640]
R2 Radialpoint Security Services;Virgin Media Security;c:\program files\virgin media\security\RpsSecurityAwareR.exe [2010-1-4 165408]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2010-12-1 689464]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2010-9-14 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2010-9-14 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSShim.sys [2010-9-14 27800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\virgin media\security\avg\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-14 5832712]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 468480]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-09 15:09:41 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{f7b52dc6-bc87-4dd1-a445-f3821f48f9e9}\MpKsl9e2f5957.sys
2011-02-08 23:46:56 98816 ----a-w- c:\windows\system32\mfps.dll
2011-02-08 23:45:48 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-08 23:45:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-08 19:34:00 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{f7b52dc6-bc87-4dd1-a445-f3821f48f9e9}\mpengine.dll
2011-01-28 23:02:05 -------- d-----w- c:\program files\iPod
2011-01-28 23:01:57 -------- d-----w- c:\program files\iTunes
2011-01-27 19:55:31 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{663388aa-b020-4a7e-b57b-384f78e94231}\gapaengine.dll
2011-01-26 23:51:41 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-01-26 23:49:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-26 23:48:29 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-11 21:39:50 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-11 21:39:50 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 21:39:49 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-11 21:39:49 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-11 21:39:49 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-11 21:39:49 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-11 21:39:46 1169408 ----a-w- c:\windows\system32\sdclt.exe

==================== Find3M ====================

2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 15:33:36.42 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/10/2009 00:10:22
System Uptime: 09/02/2011 15:06:16 (0 hours ago)

Motherboard: Acer | | F690GVM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | Socket AM2 | 2100/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 165.432 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 144 GiB total, 97.779 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acer Arcade Live Main Page
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer HomeMedia
Acer HomeMedia Connect
Acer ScreenSaver
Acer SlideShow DVD
Acer Tour
Acer VideoMagician
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Advanced SystemCare 3
AIO_CDB_Software
AIO_Scan
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
ATI Uninstaller
Bonjour
BufferChm
Camera RAW Plug-In for EPSON Creativity Suite
Copy
Crawler Toolbar
CustomerResearchQFolder
CX4300_5500_DX4400 manual
D3DX10
Destinations
DeviceManagementQFolder
Digital Media Reader
DocProc
DocProcQFolder
DVD Suite
eSobi v2
eSupportQFolder
Fax
FinePixViewer Ver.4.2
Garmin Communicator Plugin
Garmin USB Drivers
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Solution Center 8.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
ImageMixer VCD2 for FinePix
Inbox Toolbar
iTunes
Java Auto Updater
Java(TM) 6 Update 23
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
MarketResearch
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Digital Image Library 10
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Pro 10
Microsoft Digital Image Suite 10
Microsoft Easy Assist v2
Microsoft Office Live Add-in 1.5
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Morrowind
Mozilla Firefox (3.6.7)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nectar Search Toolbar
Nero 7 Essentials
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Display Control Panel
NVIDIA Drivers
Oblivion
OGA Notifier 2.0.0048.0
ParetoLogic DriverCure
PerfectDisk 10 Professional
PowerDVD
PowerProducer
Project64 1.6
PVSonyDll
QuickTime
Radialpoint Security Advisor 2.5.16
RAW FILE CONVERTER LE
RealPlayer
Realtek High Definition Audio Driver
Registry Mechanic 10.0
RPS CRT
RPS PerfectDiskStub
RPS RpsCore
RTC Client API v1.2
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
SolutionCenter
Status
SUPERAntiSpyware
TES Construction Set
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Viewpoint Media Player
Virgin Media Digital Home Support 2.1.23
Virgin Media Security
Virgin Media Service Manager 3.7.35
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinZip 12.1
Yahoo! Toolbar

==== End Of File ===========================

broni · 2011/02/09

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

You're not saying, what the issues are.

Also, you're running two AV programs, Virgin Media Security Anti-Virus and Microsoft Security Essentials.
One of them has to go.

Maureen 258 · 2011/02/09

Hello broni.

Thank you for such a kind welcome, even though I have already messed up.

I think it might be easier to copy over the posts from my other thread on the Vista forum. I hope I have not fallen foul again of the rules. I truly don't mean to, and fully appreciate the time you and the team are spending with me.

Kind Regards,

Mo.

Old 2 Days Ago #1
Maureen 258
Member

Profile:
Join Date: Feb 2011
Posts: 4
Computer Experience:
Beginner
Maureen 258 Reputation Level

Problems with inbuilt software
Hi All.

Having just found your site by searching google, I am hoping someone can please help me out. I am not experienced with computers and have starting using them late in life, so please be patient with me. Thanks in advance.

My computer is an Acer Aspire M1100, and I am using Windows Vista tm home premium with service pack 2.

Some months back I picked up a couple of viruses, and have now had them removed, and have Virgin Media virus checker and firewall on board, and in general all seems well now except for the fact that the inbuilt smart card media reader no longer works, and although my inbuilt DVD is working, I can't get a CD with photos to respond. Window explorer tries to open all, but hours later is still trying, and the comp then freezes. Very weird. I have tried connecting the camera via the usb ports and this does not work either, although the USB ports and drivers are all working fine. I have tried to do repairs and I get the message that windows cannot access the discs.

Have any of you any idea what has occured here please? Has the virus perhaps destroyed a windows file, or disabled access somehow?

Hoping you can help.

Kind Regards,

Maureen.

PS I have read many posts on here, and have to say it is a great site with a good team on board as well as some friendly and helpful members.
Maureen 258 is online now Add to Maureen 258's Reputation Report Post Reply With Quote Quick reply to this message
Maureen 258
View Public Profile
Send a private message to Maureen 258
Find More Posts by Maureen 258
Add Maureen 258 to Your Contacts
My System Information
32/64 Bit OS 32-bit
Old 2 Days Ago #2
mattman
Staff

mattman's Avatar

Profile:
Join Date: Jun 2002
Location: Sydney, Aust
Posts: 7,625
Computer Experience:
working backwards
mattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Level

Hi Maureen and welcome to the WindowsBBS community, (hopefully I'm friendly and helpful , I know others here are ).

I am going to lead you on another path. Do you have software (a program) installed for the camera. That is what I might suspect covers all the areas you mention. I expect they might (all) be related to photos.

Try uninstalling the camera's program in Control Panel -> Programs and Features, but first make sure you have the installation disk at hand or go to the camera manufacturer's website and make sure you can download it from there or (maybe more importantly) an update of the program.

So try uninstalling the program, then reinstalling the same version and/or an updated version.

Let us know the make and model of the camera if you want us to help you find any downloads. Maybe we could check the Troubleshooting or FAQs (Frequently Asked Questions) at their website as well.

Matt
__________________

Matt
SIW Everest (older PCs) Memory diagnostics
mattman is offline Add to mattman's Reputation Report Post Reply With Quote Quick reply to this message
Did you find this post helpful? Yes | No
mattman
View Public Profile
Send a private message to mattman
Find More Posts by mattman
Add mattman to Your Contacts
My System Information
32/64 Bit OS 32-bit
Old 2 Days Ago #3
Admin.
Administrator

Admin.'s Avatar

Profile:
Join Date: Dec 2001
Location: 35⁰ 53'55.1" N, 14⁰ 28'37.5" E
Posts: 4,136
Computer Experience:
***
Admin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation Level

My System

I would also suggest you get your system checked for Malware, to be sure there's nothing lingering...

Read this post, then post the requested log(s) in the Malware and Virus Removal forum.
__________________
Arie Slob,

WindowsBBS Admin.
Admin. is offline Add to Admin.'s Reputation Report Post Reply With Quote Quick reply to this message
Did you find this post helpful? Yes | No
Admin.
View Public Profile
Send a private message to Admin.
Visit Admin.'s homepage!
Find More Posts by Admin.
Add Admin. to Your Contacts
My System Information
PC Make & Model Dell Latitude D820
Processor Intel Core 2 Duo T7200 (2.00GHz) 4M L2 Cache, 667Mhz Dual Core
Memory 4.0GB, DDR2-667 SDRAM
Video Card 256MB NVIDIA® Quadro NVS 110M TurboCache
Hard Drive #1 Seagate Momentus 7200.2, 160GB SATA
Optical Drive #1 8X DVD+/-RW
Floppy Drive? No
Internet Connection DSL/Cable
Modem/Router? Via a Router
Monitor #1 15.4 inch Wide Screen WSXGA+ LCD Panel
Operating System Windows 7 Ultimate
32/64 Bit OS 64-bit
Old 1 Hour Ago #4
Maureen 258
Member

Profile:
Join Date: Feb 2011
Posts: 4
Computer Experience:
Beginner
Maureen 258 Reputation Level

Hello Mattman and Admin.

Thank you both for you kind responses. It's much appreciated.

Mattman,

I know there is not a problem with the camera software. It is happening with other items too such as my mobile phone. The inbuilt smart media reader can no longer read any memory card, be it mine or someone else's. This all occured after I had been infected. Malware which I already have installed on here found two problems and disposed of them, and I then went looking for how to correct the damage done by them, but found nothing to help solve the problem.

I can play a dvd, but it can't pick up on a cd with photos on it. No memory cards whatsoever can be played. I can use the same usb ports to connect a games controller and all usb ports work fine, but add the camera and the computer ends up freezing over an hour later. Windows cannot access my discs to do a scan either. It's really done my head right in now. It's an old head to start with, which does not help either, having had no training with computers when younger.

So sorry to put this on you, but I am grateful to you for trying to help me out here.

Maureen/Mo.

Admin,

I have noted your suggestion, and have followed your instructions, and am about to post my logs on your Malware forum now.

Many thanks.

Maureen/Mo.

Maureen 258 · 2011/02/09

Just like to add to the above broni, that my troubles started with the viruses as shown below.

Mo.

Virgin Media Security - Scan Report
Scan Date: 06/08/2010 20:53:19
Scan Type: Standard
Definition file: 1281083268
Last Update on: 06/08/2010 17:56:44

Folders and files selected to scan
C:\
E:\

Results
Master Boot Records and Fixed Disk Boot Sectors
Scanned 2 Master Boot Record(s).
Your Master Boot Record(s)/Boot Sector(s) are not infected.

Memory
Scanned: 1136 item(s)

Infected files on ACER (C
Scanned: 166206 item(s)
File: C:\Users\Maureen\Downloads\AOL 7.0\cr-ag18k.zip
Warning: This file was not deleted because it is an archive. If this archive contains files you want to keep, extract the good files from the archive using your archive utility (WinZip for example), and then delete the archive. When extracting your files, make sure real-time protection is turned on.

Virus: Trojan.Generic.2134202

Infected files on DATA (E
Scanned: 523 item(s)
File: E:\MAUREEN-PC\Backup Set 2009-10-22 004727\Backup Files 2009-10-22 004727\Backup files 15.zip
Warning: This file was not deleted because it is an archive. If this archive contains files you want to keep, extract the good files from the archive using your archive utility (WinZip for example), and then delete the archive. When extracting your files, make sure real-time protection is turned on.

Virus: Trojan.Generic.2134202

Startup programs
Scanned: 315 item(s)

Rootkits
Found: 0 item(s)

Cookies
Scanned: 73 item(s)
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@atdmt[3].txt

From: atdmt.com/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@CAYWW4VJ.txt

From: advertising.com/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@CAPE2HCW.txt

From: tacoda.net/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@CAYWW4VJ.txt

From: advertising.com/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@CAPE2HCW.txt

From: tacoda.net/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@CAPE2HCW.txt

From: tacoda.net/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@ad.yieldmanager[5].txt

From: ad.yieldmanager.com/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@tag.admeld[2].txt

From: tag.admeld.com/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@CAYWW4VJ.txt

From: advertising.com/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@doubleclick[4].txt

From: doubleclick.net/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@scorecardresearch[7].txt

From: scorecardresearch.com/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@ads.bridgetrack[2].txt

From: ads.bridgetrack.com/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@CAYWW4VJ.txt

From: advertising.com/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@CAPE2HCW.txt

From: tacoda.net/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@scorecardresearch[7].txt

From: scorecardresearch.com/
File: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies\maureen@CAPE2HCW.txt

From: tacoda.net/

broni · 2011/02/09

We can certainly check, if your computer is clean.

Start with my previous suggestion:

Also, you're running two AV programs, Virgin Media Security Anti-Virus and Microsoft Security Essentials.
One of them has to go.
Click to expand...

When done....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Maureen 258 · 2011/02/09

Hi again broni.

I should have said in my last post, that I acted immediately on reading your advice to remove one of my anti virus checkers, and removed the free Microsoft Security Essentials, as my Virgin media one is the full package.

I have now had a chance to run the ComboFix and here hopefully are the logs from there.

Mo.

ComboFix 11-02-09.02 - Maureen 09/02/2011 23:32:15.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.3071.1647 [GMT 0:00]
Running from: c:\users\Maureen\Desktop\ComboFix.exe
AV: Virgin Media Security Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: Virgin Media Security Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: Virgin Media Security Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-09 23:41 . 2011-02-09 23:41 -------- d-----w- c:\users\Maureen\AppData\Local\temp
2011-02-09 23:41 . 2011-02-09 23:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-02-09 23:41 . 2011-02-09 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-09 20:03 . 2011-02-09 20:03 -------- d-----w- c:\program files\Common Files\McAfee
2011-02-09 20:02 . 2011-02-09 20:02 -------- d-----w- c:\programdata\McAfee
2011-02-09 20:02 . 2011-02-09 20:02 -------- d-----w- c:\program files\McAfee
2011-02-09 19:53 . 2011-02-09 19:53 -------- d-----w- c:\users\Maureen\AppData\Roaming\WinPatrol
2011-02-09 19:53 . 2011-02-09 19:53 -------- d-----w- c:\programdata\InstallMate
2011-02-09 19:53 . 2011-02-09 19:53 -------- d-----w- c:\program files\BillP Studios
2011-02-08 23:46 . 2011-01-20 16:07 37376 ----a-w- c:\windows\system32\cdd.dll
2011-02-08 23:45 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-08 23:45 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-28 23:02 . 2011-01-28 23:02 -------- d-----w- c:\program files\iPod
2011-01-28 23:01 . 2011-01-28 23:03 -------- d-----w- c:\program files\iTunes
2011-01-26 23:48 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-11 21:39 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 21:39 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 21:39 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 21:39 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 21:39 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-11 21:39 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 21:39 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 23:52 . 2010-12-28 16:15 11278816 ----a-w- c:\users\Maureen\AppData\Roaming\Microsoft\Windows\Templates\IS360Setup.exe
2010-12-20 18:09 . 2010-10-04 13:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-10-04 13:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 18:53 . 2010-06-29 00:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}]
2010-07-08 01:42 1502208 ----a-w- c:\program files\Nectar Search Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8020143D-5926-4394-A04D-DD0B649DA121} "= "c:\program files\Nectar Search Toolbar\Toolbar.dll" [2010-07-08 1502208]

[HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8020143D-5926-4394-A04D-DD0B649DA121} "= "c:\program files\Nectar Search Toolbar\Toolbar.dll" [2010-07-08 1502208]

[HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PcSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 847872]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"WarReg_PopUp "= "c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc "= "c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD "= "c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"HostManager "= "c:\program files\Common Files\AOL\1256067183\ee\AOLSoftware.exe" [2006-11-14 50736]
"Acer Empowering Technology Monitor "= "c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"PCSuiteTrayApplication "= "c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer "= "c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"SSDMonitor "= "c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ServiceManager.exe "= "c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2010-10-13 4314424]
"DHSClient.exe "= "c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2010-10-13 2032952]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder "= "c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-17 528384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-4-17 200812]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCure]
2010-06-17 21:28 3982616 ----a-w- c:\program files\ParetoLogic\DriverCure\DriverCure.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

R2 0311221297281780mcinstcleanup;McAfee Application Installer Cleanup (0311221297281780);c:\users\Maureen\AppData\Local\Temp\031122~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-11-24 88176]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S1 SASDIFSV;SASDIFSV;c:\users\Maureen\Desktop\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\users\Maureen\Desktop\SASKUTIL.SYS [2010-05-10 67656]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-05 266343]
S2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [2010-10-13 1406264]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [2010-01-04 165408]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [2010-10-13 689464]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 27800]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 73D05D11
*Deregistered* - 73d05d11

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan sysagent
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-09 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-10-02 16:19]

2011-02-09 c:\windows\Tasks\DriverCure Startup.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28]

2011-01-30 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28]

2011-02-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]

2011-01-06 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-04-06 21:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80150
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: live.com\help
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Maureen\AppData\Roaming\Mozilla\Firefox\Profiles\e0v13t8t.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.reptileforums.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\progra~1\Crawler\firefox
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 23:41
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6044)
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Completion time: 2011-02-09 23:45:41
ComboFix-quarantined-files.txt 2011-02-09 23:45
ComboFix2.txt 2010-10-04 15:34

Pre-Run: 175,505,092,608 bytes free
Post-Run: 175,420,022,784 bytes free

- - End Of File - - CD8C01EAE043210784CCC523810EEB76

broni · 2011/02/09

It looks clean as well.

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Maureen 258 · 2011/02/09

Hi again broni.

I am sure lacking in sleep trying to get these scans done. This last one took ages.

I followed the 3 steps you gave me and only have the ComboFix log to post up as the ESET scan did not find any threats.

Kind Regards,

Mo.

[duplicate - Broni]

broni · 2011/02/10

You already posted Combofix log.
Please, follow my other instructions.

Maureen 258 · 2011/02/10

I can't believe I did that broni. That's because I'm way past my bedtime. So sorry.

I did do as you said and here it hopefully is this time.

Mo.

checkup.txt;

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
WinPatrol winpatrol.exe
Empowering Technology eSettings Service capuserv.exe
BillP Studios WinPatrol WinPatrol.exe
``````````End of Log````````````

broni · 2011/02/10

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

I still need Eset log.

Maureen 258 · 2011/02/10

Hi broni.

It is 3.06am where I am, and I am totally shattered after last night, and only getting 2 hours sleep, so off to bed in a minute.

I just wanted to touch base and let you know what an ass I am again. As no threats turned up with the ESET scan, I assumed there was nothing to give you. My punishment being now that I will have to re-run the scan when I awake in order to get a log for you.

I have in the mean time downloaded the adobe reader as per your instructions, and also the Adobe Photoshop® Album Starter Edition, and removed my old adobe installations.

I never had the Adobe Photoshop® Album Starter Edition before. It looks very interesting.

Thanks once again broni, and I hope the rest of your day/night goes well for you.

Mo.

broni · 2011/02/10

Eset won't produce any log, if no threats found, so you're fine.

In any case, your computer is and was clean, so if you have any additional issues, you have to return to your original topic.

Good luck

Maureen 258 · 2011/02/10

In that case broni, I thank you for your time, and your help, plus the reassurance you have given me.

I only get a basic pension, but be assured that come pension day next week I will give this site a donation.

I will report back to the Vista forum.

Take care,

Mo.

broni · 2011/02/10

No worries. It's our pleasure to serve you free of charge

Maureen 258 · 2011/02/19

Hi again broni.

I just wnat to update you and Admin on my situation. Everything is now resolved thanks to Mattman in the Vista forum.

I have copied the last 3 posts that show what has been done.

I will click the resolved button when I have posted this reply.

Take care,

Kind Regards,

Mo.

Old 21 Hours Ago #9
mattman
Staff

mattman's Avatar

Profile:
Join Date: Jun 2002
Location: Sydney, Aust
Posts: 7,639
Computer Experience:
working backwards
mattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Levelmattman Reputation Level

Since there are no error messages appearing, I expect it is a software problem.

Looking at your logs, I will give you some of the ones I think might be malfunctioning or clashing with other programs.

What is Acer eDataSecurity? Try the link here, it doesn't work for me
http://support.acer-euro.com/empower...ogy/etfaq.html
or open the program and read in the Help menu. Check at the Acer website for any update to this program.

Is Virgin Media your antimalware or Microsoft Security Client. If they are both antimalware uninstall one of them, you should only run one antimalware at a time.

There is another "security" program, IObit Advanced SystemCare 3, uninstall it, it is freeware so you can get it later some time if you think you need it.

Acer HomeMedia Connect, what does this program do? Is it something that would try to take control of external media?

The program Nero InCD has been quite problematic in the past, uninstall it if you don't use it. You don't have to uninstall Nero 7, just InCD.

Investigate those programs. I now expect it is security programs fighting over control of the drives. Since there are no error messages, you will need to try uninstalling, otherwise the only other way out might be to reformat (reinstall your system).

Matt
__________________

Matt
SIW Everest (older PCs) Memory diagnostics
mattman is offline Add to mattman's Reputation Report Post Reply With Quote Quick reply to this message
1 out of 1 members found this post helpful.
mattman
View Public Profile
Send a private message to mattman
Find More Posts by mattman
Add mattman to Your Contacts
My System Information
32/64 Bit OS 32-bit
Old 12 Hours Ago #10
Maureen 258
Member

Profile:
Join Date: Feb 2011
Posts: 15
Computer Experience:
Beginner
Maureen 258 Reputation Level

Thank you so much for your reply Mattman.

I will follow through with everything that you have mentioned here, and will then get back to you with the results.

I really do appreciate the help this web site is giving me, and even if my problem is not resolved without having to re-format, I have learnt loads from you all here, so have gained either way.

Thank you, and hoping you have a pleasant weekend.

Mo.
Maureen 258 is online now Add to Maureen 258's Reputation Report Post Edit Message Reply With Quote Quick reply to this message
Maureen 258
View Public Profile
Send a private message to Maureen 258
Find More Posts by Maureen 258
Add Maureen 258 to Your Contacts
My System Information
32/64 Bit OS 32-bit
Old 6 Minutes Ago #11
Maureen 258
Member

Profile:
Join Date: Feb 2011
Posts: 15
Computer Experience:
Beginner
Maureen 258 Reputation Level

Hi again Mattman.

You are my "hero ". All is now working fine. I can't believe how just one program took out so much.

The Acer stuff is just for optimizing the computer and came built in when brought and is not a problem.

I only have Virgin Media running now and that is a paid for all in one package that my internet provider supplies. Broni warned me about having more than one antimalware programs on the other forum, so I took action straight away.

I uninstalled IObit Advanced SystemCare 3, but sadly that made no difference.

I then came to the last item you gave me to look into, and try uninstalling, which I did, and on restart, everything worked. Video's, games, photos, and all other things that had stopped working. The cause of all my problems was the program " Nero InCD "

I wish to thank you once more Mattman, and will post on the other forum too to let broni and Admin know the problem has been resolved by you.

I am now going to try to find the resolve button.

Take care,

Kind Regards,

Mo.

broni · 2011/02/19

Thank you for posting back

Log in or Sign up

Inactive My Logs as per Admin's suggestion.

Maureen 258 Inactive Thread Starter

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive My Logs as per Admin's suggestion.

Maureen 258 Inactive Thread Starter

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Maureen 258 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches