Inactive Programs run in Windows safe mode but not in Windows 7

browner10 · 2010/09/06

[Inactive] Programs run in Windows safe mode but not in Windows 7

Hi! I've been sent over to this Forum from THe Windows 7 forum as a first port of call for the problem i have. Have 2 programs on my PC which run happily in safe mode but refuse to run in Windows 7 after boot up! The programs affected are Avant Browser and your uninstaller! I have run DDS and the logs will Follow

DDS (Ver_10-03-17.01) - NTFSx86
Run by Gary Browne at 19:34:34.55 on 06/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3327.1980 [GMT 1:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\DAP\DAP.EXE
C:\Windows\system32\sppsvc.exe
C:\Users\Gary Browne\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.ask.com/?o=15709&l=dis
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {68ef74a6-e37c-0187-583a-81f4a329d0a3} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [{6D317348-40DA-5DD2-F198-8EE1DAAF6E78}] "c:\users\gary browne\appdata\roaming\seku\kemay.exe "
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [SpeedBitVideoAccelerator] c:\program files\speedbit video accelerator\VideoAccelerator.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lnk~1 - c:\program files\avg\avg9\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ps3med~1.lnk - c:\program files\ps3 media server\PMS.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to AD Black List - c:\program files\avant browser\AddToADBlackList.htm
IE: Block All Images from the Same Server - c:\program files\avant browser\AddAllToADBlackList.htm
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Highlight - c:\program files\avant browser\Highlight.htm
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Open All Links in This Page... - c:\program files\avant browser\OpenAllLinks.htm
IE: Search - c:\program files\avant browser\Search.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\progra~1\speedb~1\sblsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-11-22 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-11-22 15856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-31 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-31 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-31 243024]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-11-22 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/01 17:24:38];c:\program files\cyberlink\powerdvd9\000.fcl [2009-9-1 87536]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-7 176128]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-22 90112]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-7-7 5882368]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-7 210944]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-11-22 27632]
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-5-6 413208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-24 135664]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-11-1 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-10-31 79360]
S3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [2009-11-24 22528]
S3 DrmRVideo32;DrmRVideo32;c:\windows\system32\drivers\DrmRVideo32.sys [2009-11-24 2688]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-1 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2010-7-22 24197]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-25 1343400]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-28 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-2-28 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-2-28 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-2-28 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-2-28 25704]
S4 Zwunzi Service;Zwunzi Service; "c:\programdata\zwunzi\zwunzi131.exe" "c:\program files\zwunzi\zwunzi.dll" service --> c:\programdata\zwunzi\zwunzi131.exe [?]

=============== Created Last 30 ================

2010-09-05 19:12:15 0 d-----w- c:\program files\Avant Browser
2010-09-04 23:21:58 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-09-04 23:21:58 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-09-04 23:21:58 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-09-04 23:21:43 0 d-----w- c:\windows\system32\AGEIA
2010-09-04 23:19:09 0 d-----w- c:\program files\Team17
2010-09-04 10:00:08 0 d-----w- c:\program files\iPod
2010-09-04 10:00:07 0 d-----w- c:\program files\iTunes
2010-09-03 23:18:55 0 d-----w- c:\program files\SpeedBit Video Accelerator
2010-09-03 23:15:33 0 d-----w- c:\programdata\SpeedBit
2010-09-03 23:15:27 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-09-03 23:15:26 0 d-----w- c:\program files\DAP
2010-08-27 19:08:31 0 d-----w- c:\program files\RapidShareManager
2010-08-25 14:40:03 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-08-25 12:23:05 0 d-----w- c:\users\garybr~1\appdata\roaming\Avant Browser
2010-08-25 07:13:05 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 12:57:08 0 d-----w- c:\program files\Windows Resource Kits
2010-08-23 15:42:58 0 d-----w- C:\ubuntu
2010-08-23 14:36:31 0 d-----w- c:\programdata\XoftSpySE
2010-08-23 14:27:15 0 d-----w- c:\programdata\Yahoo! Companion
2010-08-23 14:27:14 0 d-----w- c:\program files\Yahoo!
2010-08-23 14:27:10 0 d-----w- c:\program files\CCleaner
2010-08-22 17:24:11 0 d-----w- c:\program files\Perfect Optimizer
2010-08-22 09:44:01 0 d-----w- c:\users\garybr~1\appdata\roaming\SUPERAntiSpyware.com
2010-08-22 09:44:01 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-22 09:43:58 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-22 09:32:36 0 d-----w- c:\program files\Your Uninstaller 2010
2010-08-21 11:32:12 0 d-----w- C:\Extracted
2010-08-18 19:03:52 0 d-----w- c:\programdata\ATI
2010-08-18 19:02:55 0 d-----w- c:\program files\common files\ATI Technologies
2010-08-18 18:53:25 0 d-----w- c:\users\garybr~1\appdata\roaming\DriverCure
2010-08-18 18:53:18 0 d-----w- c:\programdata\ParetoLogic
2010-08-18 18:53:18 0 d-----w- c:\programdata\DriverCure
2010-08-18 18:53:18 0 d-----w- c:\program files\ParetoLogic
2010-08-18 18:53:18 0 d-----w- c:\program files\common files\ParetoLogic
2010-08-17 19:12:42 0 d-----w- c:\users\garybr~1\appdata\roaming\Dicsoft Software
2010-08-17 19:11:59 0 d-----w- c:\program files\Dicsoft
2010-08-17 19:07:39 0 d-----w- c:\users\garybr~1\appdata\roaming\DVD Flick
2010-08-17 19:07:35 81920 ----a-w- c:\windows\system32\mbmouse.ocx
2010-08-17 19:07:35 36864 ----a-w- c:\windows\system32\trayicon.ocx
2010-08-17 19:07:34 212240 ----a-w- c:\windows\system32\richtx32.ocx
2010-08-17 19:07:34 0 d-----w- c:\program files\MKV to DVD Converter
2010-08-12 21:24:13 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 21:24:06 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-16 18:17:58 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 18:17:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 18:17:56 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 16:58:31 30784 ----a-w- c:\windows\system32\drivers\sfcxjsdx.sys
2010-07-09 16:39:29 4128 ----a-w- c:\windows\system32\msrun.exe
2010-07-07 01:55:08 15461888 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:54:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:54:08 513024 ----a-w- c:\windows\system32\aticfx32.dll
2010-07-07 01:51:30 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51:10 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-07-07 01:50:42 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-07-07 01:49:42 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-07-07 01:49:28 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:49:18 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:49:12 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-07-07 01:49:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:46:26 3826688 ----a-w- c:\windows\system32\atidxx32.dll
2010-07-07 01:29:24 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-07-07 01:29:14 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-07-07 01:28:20 3975680 ----a-w- c:\windows\system32\atiumdag.dll
2010-07-07 01:27:58 4323840 ----a-w- c:\windows\system32\aticaldd.dll
2010-07-07 01:24:32 50176 ----a-w- c:\windows\system32\coinst.dll
2010-07-07 01:23:14 3058688 ----a-w- c:\windows\system32\atiumdva.dll
2010-07-07 01:16:00 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:15:50 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-07-07 01:15:46 16896 ----a-w- c:\windows\system32\atigktxx.dll
2010-07-07 01:14:58 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-07-07 01:14:44 22528 ----a-w- c:\windows\system32\atiu9pag.dll
2010-07-07 01:11:06 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-07-07 01:11:06 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-15 22:28:58 2857 ----a-w- c:\windows\system32\atipblag.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:35:14.14 ==============

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 31/10/2009 19:05:19
System Uptime: 09/06/2010 19:31:24 (2136 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-73PVM-S2H
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 424.366 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: WinDriver
Device ID: ROOT\SYSTEM\0001
Manufacturer: Jungo
Name: WinDriver
PNP Device ID: ROOT\SYSTEM\0001
Service: WinDriver6

==== System Restore Points ===================

RP287: 05/09/2010 00:20:38 - Installed UE3Redist
RP289: 05/09/2010 00:22:21 - Installed DirectX
RP291: 05/09/2010 15:40:05 - Configured UE3Redist
RP293: 05/09/2010 15:40:47 - Installed DirectX

==== Installed Programs ======================

ABC (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 8.0
Adobe Reader 9.3.3
Advertising Center
Air Video Server 2.2.7-update1
Alien Breed: Impact
AMD Drag and Drop Transcoding
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 9.03
Ashampoo Snap 3.30
Ask Toolbar
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Catalyst Registration
Avant Browser (remove only)
AVG Free 9.0
AviSynth 2.5
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bandwidth Meter Pro 2.6 build 629
Battlefield: Bad Company™ 2
BIAS SoundSoap SE 2.2
Bing Maps 3D
BioShock 2
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Creative ALchemy
Creative Audio Control Panel
Creative Diagnostics
Creative Software AutoUpdate
Creative Sound Blaster Properties
Creative WaveStudio 7
CyberLink PowerDVD 9
DAEMON Tools Toolbar
Definition update for Microsoft Office 2010 (KB982726)
DirectX 9 Runtime
DolbyFiles
Download Accelerator Plus (DAP)
DVDFab 7.0.3.0 (26/03/2010)
Email Updater
EPSON Printer Software
erLT
FLV Direct Player
FormatFactory 2.30
Free Audio Editor
FrostWire 4.20.9
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
Google Earth
Google Update Helper
Host OpenAL
HydraVision
ieSpell
ImagXpress
Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
Internet Download Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
LightZone 3.7
LoudMo Contextual Ad Assistant
Memory-Map OS Edition Version 5
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero ControlCenter
Nero Installer
neroxml
NVIDIA PhysX v8.10.29
Opera 10.61
ParetoLogic DriverCure
PS3 Video 9 4.06
QuickPar 0.9
QuickTime
RapidShare Manager
RealPlayer
RealUpgrade 1.0
RoadAngel 2 - UK
RoadAngel II USB Drivers
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010 Content
Roxio Creator 2010 Pro
Roxio Disaster Recovery
Roxio File Backup
Roxio PhotoShow
Roxio Video Capture USB
Safari
SereneScreen Marine Aquarium 3
SmartSound Quicktracks Plugin
SmartSound Sonicfire Pro 5
Sony Ericsson PC Suite 6.009.00
SpeedBit Video Accelerator
SUPERAntiSpyware
The Lord of the Rings FREE Trial
Ubuntu
UltraISO Premium V8.6
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Outlook Social Connector (KB983403)
VistaSwitcher
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.1.4
Win7codecs
Windows 7 Logon Background Changer
Windows 7 Manager
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Resource Kit Tools - SubInAcl.exe
WinRAR archiver
Yahoo! Toolbar
Your Uninstaller! 2010

==== Event Viewer Messages From Past Week ========

06/09/2010 19:32:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
06/09/2010 19:31:47, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
06/09/2010 19:31:41, Error: Service Control Manager [7000] - The srenum service failed to start due to the following error: The system cannot find the file specified.
05/09/2010 20:36:29, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
05/09/2010 20:35:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
05/09/2010 20:35:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
05/09/2010 20:34:39, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
05/09/2010 20:34:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
05/09/2010 20:34:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
05/09/2010 20:34:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
05/09/2010 20:34:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
05/09/2010 20:34:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 discache SaibVd32 SASDIFSV SASKUTIL spldr sptd Wanarpv6
05/09/2010 20:34:14, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
05/09/2010 20:33:58, Error: sptd [4] - Driver detected an internal error in its data structures for .
04/09/2010 10:59:15, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
04/09/2010 10:58:15, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/09/2010 10:58:02, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/09/2010 00:23:09, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
04/09/2010 00:19:10, Error: Service Control Manager [7030] - The VideoAcceleratorService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

==== End Of File ===========================

Many Thanks In advance!

broni · 2010/09/06

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Log in or Sign up

Inactive Programs run in Windows safe mode but not in Windows 7

browner10 Banned Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Programs run in Windows safe mode but not in Windows 7

browner10 Banned Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches