Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Adverts playing on my PC


(!)

Alpaca's Avatar
Alpaca Alpaca is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Jul 2010
28-Jul-2010, 10:45 AM #1
Adverts playing on my PC
Hi

Since Monday 26th July I've been getting audio of various adverts playing from my pc which isn't due to any programs I've been running.

I understand that other users have had the same problem on this and other boards and I have examined what process was used to attempt to fix this (it seems to be potentially quite a serious infection in many cases), but I'm a bit of a noob and wondered if someone would be kind enough to walk me through this.


Many thanks
CatByte's Avatar
Malware Removal Specialist with 3,884 posts.
 
Join Date: Feb 2009
29-Jul-2010, 02:17 PM #2
Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.



NEXT



Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.



NEXT


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Alpaca's Avatar
Alpaca Alpaca is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Jul 2010
29-Jul-2010, 07:51 PM #3
Thank you very much for taking the time time to help me, CatByte.

MBR Check:

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected





Done! Press ENTER to exit...


DDS - DDS.TXT


DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 0:11:33.32 on 30/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.1821 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Admin\Desktop\dds.com
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IR_SERVER] c:\progra~1\realtek\realte~1\IR_SERVER.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\m icros~1.lnk - c:\windows\installer\{90120000-0030-0000-0000-0000000ff1ce}\outicon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmmoni~1.lnk - c:\program files\arcsoft\totalmedia 3\TMMonitor.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\zpav4p02.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\admin\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-6-24 136120]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-6-24 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-4-28 96896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [2010-2-21 31872]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-2-21 93344]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [2010-2-21 32800]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2009-12-9 230784]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-22 1343400]

=============== Created Last 30 ================

2010-07-29 13:11:32 0 d-----w- c:\program files\Ask.com
2010-07-28 04:36:01 0 d-----w- c:\windows\system32\appmgmt
2010-07-26 22:12:14 0 d-----w- c:\programdata\ESET
2010-07-26 22:12:14 0 d-----w- c:\program files\ESET
2010-07-26 21:15:14 0 d-----w- c:\program files\Trend Micro
2010-07-26 20:26:30 98816 ----a-w- c:\windows\sed.exe
2010-07-26 20:26:30 77312 ----a-w- c:\windows\MBR.exe
2010-07-26 20:26:30 256512 ----a-w- c:\windows\PEV.exe
2010-07-26 20:26:30 161792 ----a-w- c:\windows\SWREG.exe
2010-07-26 20:26:25 0 d-s---w- C:\ComboFix
2010-07-26 17:57:47 0 d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2010-07-26 17:57:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 17:57:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 17:57:38 0 d-----w- c:\programdata\Malwarebytes
2010-07-26 17:57:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 17:29:00 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-26 17:29:00 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-25 03:54:31 0 d-----w- c:\users\admin\appdata\roaming\NVIDIA
2010-07-25 03:53:45 0 d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-07-25 03:53:42 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-07-25 03:53:31 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-07-25 03:53:31 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-07-25 03:53:31 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-07-25 03:53:30 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-07-25 03:53:30 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-07-25 03:53:29 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-07-24 21:22:50 0 d-----w- c:\program files\SystemRequirementsLab
2010-07-24 19:50:28 0 d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-07-23 23:03:10 0 d-----w- c:\program files\iPod
2010-07-01 16:23:24 0 d-----w- c:\program files\common files\Futuremark Shared
2010-06-30 20:02:10 0 d-----w- c:\programdata\NVIDIA Corporation
2010-06-30 20:02:06 0 d-----w- c:\program files\NVIDIA Corporation
2010-06-30 14:39:50 0 d-sh--w- c:\programdata\SecuROM
2010-06-30 14:36:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-30 14:36:04 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-06-30 14:36:04 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-30 14:35:35 0 d-----w- c:\windows\system32\xlive
2010-06-30 14:35:35 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-30 14:34:14 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-06-30 14:34:14 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-06-30 14:34:14 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-06-30 14:34:13 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-06-30 14:34:13 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

==================== Find3M ====================

2010-06-30 19:49:33 193693 ----a-w- c:\programdata\nvModes.dat
2010-06-24 08:04:14 136120 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-06-20 15:15:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-07 16:47:34 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-06-07 16:47:34 579688 ----a-w- c:\windows\system32\nv3dappshext.dll
2010-06-07 16:47:34 53864 ----a-w- c:\windows\system32\nv3dappshextr.dll
2010-06-07 16:47:34 408168 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2010-06-07 16:47:34 258142 ----a-w- c:\windows\system32\nvcoproc.bin
2010-06-07 16:47:34 255592 ----a-w- c:\windows\system32\nvhotkey.dll
2010-06-07 16:47:34 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
2010-06-07 16:47:34 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 16:47:34 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 16:47:34 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 16:47:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-03 15:15:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-02 08:13:07 136720 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-02 08:13:00 183520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-28 11:58:26 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-28 00:09:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-09 09:14:55 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14:50 417792 ----a-w- c:\windows\system32\msdri.dll
2010-05-01 14:49:25 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 03:16:43 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows \ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:12:01.50 ===============


DDS - Attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 01/12/2009 23:09:04
System Uptime: 29/07/2010 21:09:13 (3 hours ago)

Motherboard: Dell Inc. | | 0D501F
Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 2501/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 17.056 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.3.2
Airfoil
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia 3
Ask Toolbar
Audacity 1.3.12 (Unicode)
Aura
Bonjour
Burnout Paradise: The Ultimate Box
Call of Duty(R) - World at War(TM) 1.2 Patch
Canon MP Navigator 2.0
Canon MP150
CCleaner
CDBurnerXP
Counter-Strike: Source
Debut Video Capture Software
DeskPins (remove only)
Drv
DVD Flick 1.3.0.7
DVD Shrink 3.2
DVDFab 6.2.1.8 (31/12/2009)
Eraser 6.0.7.1893
ESET NOD32 Antivirus
Express Burn
EZ Grabber
Facebook Plug-In
Far Cry 2
Fingerprint Reader Suite 5.6
FormatFactory 2.30
Futuremark SystemInfo
Google Earth
Google Update Helper
Grand Theft Auto: San Andreas
Half-Life 2
Half-Life 2: Deathmatch
HiJackThis
iTunes
Java(TM) 6 Update 17
Laptop Integrated Webcam Driver (1.04.01.1011)
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Malwarebytes' Anti-Malware
Medal of Honor Allied Assault
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Moonbase Alpha
Mozilla Firefox (3.6.8)
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Opera 10.53
PC Connectivity Solution
Picasa 3
PunkBuster Services
QuickTime
REALTEK DTV USB DEVICE
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Skype web features
Skype™ 4.1
Spybot - Search & Destroy
Steam
Switch Sound File Converter
System Requirements Lab
Team Fortress 2
Ulead VideoStudio SE DVD
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2202131)
VCRedistSetup
VideoLAN VLC media player 0.8.5
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 CRT (x86) WinSXS MSM
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

29/07/2010 21:09:46, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
29/07/2010 13:45:29, Error: Service Control Manager [7038] - The wscsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
29/07/2010 13:45:29, Error: Service Control Manager [7038] - The WinDefend service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
29/07/2010 13:45:29, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
29/07/2010 13:45:29, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not start due to a logon failure.
29/07/2010 13:45:29, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not start due to a logon failure.
29/07/2010 13:45:29, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not start due to a logon failure.
28/07/2010 19:05:07, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
28/07/2010 19:05:07, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
28/07/2010 19:04:55, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Error Reporting Service service, but this action failed with the following error: An instance of the service is already running.
28/07/2010 19:04:07, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
28/07/2010 19:03:07, Error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
28/07/2010 19:02:55, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
28/07/2010 18:52:42, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
28/07/2010 09:20:54, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
26/07/2010 23:12:24, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
26/07/2010 22:05:47, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
26/07/2010 22:05:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
26/07/2010 22:05:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
26/07/2010 22:04:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr StarOpen tdx vwififlt Wanarpv6 WfpLwf
26/07/2010 22:04:47, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/07/2010 22:04:47, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
26/07/2010 22:04:47, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
26/07/2010 22:04:47, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
26/07/2010 22:04:47, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/07/2010 22:04:47, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/07/2010 22:04:46, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
26/07/2010 22:04:46, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
26/07/2010 22:04:46, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/07/2010 22:04:46, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
26/07/2010 21:27:46, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
25/07/2010 15:05:01, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
24/07/2010 00:01:49, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================


GMER.TXT attached


Thanks again,

Alpaca
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
CatByte's Avatar
Malware Removal Specialist with 3,884 posts.
 
Join Date: Feb 2009
29-Jul-2010, 08:18 PM #4
Hi

Please do the following:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
Alpaca's Avatar
Alpaca Alpaca is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Jul 2010
29-Jul-2010, 11:28 PM #5
ComboFix.txt attached.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
CatByte's Avatar
Malware Removal Specialist with 3,884 posts.
 
Join Date: Feb 2009
29-Jul-2010, 11:44 PM #6
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT

**Vista users - right click on the IE icon and run as administrator

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
Alpaca's Avatar
Alpaca Alpaca is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Jul 2010
30-Jul-2010, 06:28 PM #7
Malwarebytes':

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4371
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
30/07/2010 19:18:51
mbam-log-2010-07-30 (19-18-51).txt
Scan type: Quick scan
Objects scanned: 138355
Time elapsed: 4 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, July 30, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, July 30, 2010 13:41:10
Records in database: 4194014
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 165308
Threats found: 6
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 02:46:33

File name / Threat / Threats count
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\38ab0b0d-579d816a Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\38ab0b0d-579d816a Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\38ab0b0d-579d816a Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\34eb48b1-1b63b21d Infected: Exploit.Java.Agent.ax 1
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\70a43fd-4f1fb0a5 Infected: Trojan.Win32.Vilsel.akzq 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployme nt\cache\6.0\39\72bf3727-4f72e666 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployme nt\cache\6.0\39\72bf3727-4f72e666 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployme nt\cache\6.0\39\72bf3727-4f72e666 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.1.7600.16385_none_06a5a17a3714c64d\RDPENCDD.sys Infected: Rootkit.Win32.TDSS.ap 1
Selected area has been scanned.


Regards,

Alpaca
CatByte's Avatar
Malware Removal Specialist with 3,884 posts.
 
Join Date: Feb 2009
30-Jul-2010, 07:01 PM #8
Hi

Please do the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:
    :filefind
    *DPENCDD*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Alpaca's Avatar
Alpaca Alpaca is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Jul 2010
31-Jul-2010, 10:58 AM #9
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:55 on 31/07/2010 by Admin (Administrator - Elevation successful)

========== filefind ==========

Searching for "*DPENCDD*"
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\RDPENCDD.sys.vir --a--- 6656 bytes [00:01 14/07/2009] [00:01 14/07/2009] FFE5E85C9128FA38AD700DE3BEFA88A4
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\RDPENCDD.sys.vir_ --a--- 6656 bytes [00:01 14/07/2009] [02:57 30/07/2010] FFE5E85C9128FA38AD700DE3BEFA88A4
C:\Windows\System32\drivers\rdpencdd.sys --a--- 6656 bytes [00:01 14/07/2009] [00:01 14/07/2009] 5A53CA1598DD4156D44196D200C94B8A
C:\Windows\System32\RDPENCDD.dll --a--- 121856 bytes [00:01 14/07/2009] [01:09 14/07/2009] 78619D9A964ED75980756263153C5B14
C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.1.7600.16385_none_06a5a17a3714c64d\RDPENCDD.dll --a--- 121856 bytes [00:01 14/07/2009] [01:09 14/07/2009] 78619D9A964ED75980756263153C5B14
C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.1.7600.16385_none_06a5a17a3714c64d\RDPENCDD.sys ------ 6656 bytes [00:01 14/07/2009] [00:01 14/07/2009] 7785CB8CDC82ABBB872706D80767FF8A

-=End Of File=-
CatByte's Avatar
Malware Removal Specialist with 3,884 posts.
 
Join Date: Feb 2009
31-Jul-2010, 01:31 PM #10
Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
FCopy::
C:\Windows\System32\drivers\rdpencdd.sys | C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.1.7600.16385_none_06a5a17a3714c64d\RDPENCDD.sys
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Alpaca's Avatar
Alpaca Alpaca is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Jul 2010
31-Jul-2010, 02:37 PM #11
ComboFix 10-07-31.01 - Admin 31/07/2010 19:24:45.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2170 [GMT 1:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 18:30 . 2010-07-31 18:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-31 18:30 . 2010-07-31 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-31 18:22 . 2010-07-31 18:22 -------- d-----w- C:\32788R22FWJFW
2010-07-30 18:55 . 2010-07-30 18:55 -------- d-----w- c:\users\Admin\AppData\Local\AskToolbar
2010-07-30 03:11 . 2010-07-31 18:30 -------- d-----w- c:\users\Admin\AppData\Local\temp
2010-07-30 02:59 . 2010-07-30 02:59 -------- d-----w- C:\Device
2010-07-29 13:11 . 2010-07-29 13:11 -------- d-----w- c:\program files\Ask.com
2010-07-27 14:06 . 2010-07-27 14:06 -------- d-----w- c:\users\Admin\AppData\Local\ESET
2010-07-26 22:12 . 2010-07-26 22:12 -------- d-----w- c:\program files\ESET
2010-07-26 21:15 . 2010-07-26 21:15 388096 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-26 21:15 . 2010-07-26 21:15 -------- d-----w- c:\program files\Trend Micro
2010-07-26 17:57 . 2010-07-26 17:57 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2010-07-26 17:57 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 17:57 . 2010-07-26 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 17:57 . 2010-07-26 17:57 -------- d-----w- c:\programdata\Malwarebytes
2010-07-26 17:57 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 17:29 . 2010-07-26 17:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-26 17:29 . 2010-07-26 17:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-25 03:54 . 2010-07-25 03:54 -------- d-----w- c:\users\Admin\AppData\Roaming\NVIDIA
2010-07-25 03:53 . 2010-07-25 03:53 -------- d-----w- c:\users\Admin\AppData\Local\Downloaded Installations
2010-07-25 03:53 . 2010-07-25 03:53 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-07-25 03:53 . 2010-07-25 03:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-25 03:53 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-07-25 03:53 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-07-25 03:53 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-07-25 03:53 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-07-25 03:53 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-07-25 03:53 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-07-24 21:22 . 2010-07-24 21:22 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-24 21:22 . 2010-07-24 21:22 85504 ----a-w- c:\users\Admin\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0 A.dll
2010-07-24 21:22 . 2010-07-24 21:22 -------- d-----w- c:\users\Admin\AppData\Roaming\SystemRequirementsLab
2010-07-24 19:58 . 2010-07-24 19:58 -------- d-----w- c:\users\Public\New folder
2010-07-24 19:54 . 2010-07-25 13:04 -------- d-----w- c:\users\Admin\AppData\Roaming\Audacity
2010-07-24 19:50 . 2010-07-24 19:50 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-07-23 23:03 . 2010-07-23 23:03 -------- d-----w- c:\program files\iPod
2010-07-23 23:00 . 2010-07-23 23:00 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 18:04 . 2010-06-06 14:17 -------- d-----w- c:\program files\Steam
2010-07-28 05:11 . 2010-04-18 11:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-28 04:54 . 2010-06-23 05:44 -------- d-----w- c:\program files\MasterSplitter
2010-07-23 23:03 . 2010-05-20 17:14 -------- d-----w- c:\program files\iTunes
2010-07-23 23:03 . 2010-05-20 17:12 -------- d-----w- c:\program files\Common Files\Apple
2010-07-14 15:08 . 2009-12-01 23:12 -------- d-----w- c:\programdata\Microsoft Help
2010-07-09 02:39 . 2009-12-12 12:46 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype
2010-07-08 23:01 . 2009-12-12 12:49 -------- d-----w- c:\users\Admin\AppData\Roaming\skypePM
2010-07-04 23:58 . 2010-01-10 13:41 -------- d-----w- c:\programdata\Xfire
2010-07-01 16:23 . 2010-07-01 16:23 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-07-01 16:23 . 2009-12-05 20:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-30 20:04 . 2009-12-01 23:25 -------- d-----w- c:\programdata\NVIDIA
2010-06-30 20:03 . 2010-06-30 20:02 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-30 20:02 . 2010-06-30 20:02 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-06-30 19:49 . 2009-12-05 20:52 193693 ----a-w- c:\programdata\nvModes.dat
2010-06-30 14:39 . 2010-06-30 14:39 -------- d-sh--w- c:\programdata\SecuROM
2010-06-30 14:36 . 2010-06-30 14:36 -------- d--h--r- c:\users\Admin\AppData\Roaming\SecuROM
2010-06-30 14:36 . 2010-06-30 14:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-30 14:36 . 2010-06-30 14:35 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-28 13:34 . 2010-06-28 13:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-25 15:04 . 2009-12-01 23:14 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 22:23 . 2010-02-05 15:52 -------- d-----w- c:\users\Admin\AppData\Roaming\DVD Flick
2010-06-24 21:22 . 2009-12-06 04:41 -------- d-----w- c:\users\Admin\AppData\Roaming\dvdcss
2010-06-24 08:04 . 2010-06-24 08:04 136120 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-06-21 14:05 . 2010-01-10 13:41 -------- d-----w- c:\users\Admin\AppData\Roaming\Xfire
2010-06-20 15:15 . 2010-03-11 16:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-19 18:45 . 2010-06-19 18:45 -------- d-----w- c:\program files\Bonjour
2010-06-17 19:49 . 2010-06-17 19:49 50354 ----a-w- c:\users\Admin\AppData\Roaming\Facebook\uninstall.exe
2010-06-17 19:49 . 2010-06-17 19:49 -------- d-----w- c:\users\Admin\AppData\Roaming\Facebook
2010-06-15 00:35 . 2010-06-15 00:35 -------- d-----w- c:\program files\Eraser
2010-06-13 15:57 . 2010-06-13 15:57 -------- d-----w- c:\program files\Opera
2010-06-12 14:24 . 2009-12-06 13:07 -------- d-----w- c:\programdata\NOS
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Admin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-06-07 16:47 . 2010-06-07 16:47 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-06-07 16:47 . 2010-06-07 16:47 579688 ----a-w- c:\windows\system32\nv3dappshext.dll
2010-06-07 16:47 . 2010-06-07 16:47 53864 ----a-w- c:\windows\system32\nv3dappshextr.dll
2010-06-07 16:47 . 2010-06-07 16:47 408168 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2010-06-07 16:47 . 2010-06-07 16:47 258142 ----a-w- c:\windows\system32\nvcoproc.bin
2010-06-07 16:47 . 2010-06-07 16:47 255592 ----a-w- c:\windows\system32\nvhotkey.dll
2010-06-07 16:47 . 2010-06-07 16:47 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
2010-06-07 16:47 . 2010-06-07 16:47 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 16:47 . 2010-06-07 16:47 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 16:47 . 2010-06-07 16:47 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 16:47 . 2010-06-07 16:47 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-06 14:17 . 2010-06-06 14:17 -------- d-----w- c:\program files\Common Files\Steam
2010-06-03 22:39 . 2010-01-10 13:41 -------- d-----w- c:\program files\Xfire
2010-06-03 15:15 . 2010-06-06 15:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-02 08:13 . 2009-12-05 21:08 136720 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-02 08:13 . 2009-12-05 21:08 183520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-28 11:58 . 2009-12-01 23:14 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-27 07:24 . 2010-06-10 21:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-10 21:55 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 04:52 . 2010-05-23 04:52 95232 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-05-23 04:52 . 2010-05-23 04:52 8192 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-05-23 04:52 . 2010-05-23 04:52 61440 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-05-23 04:52 . 2010-05-23 04:52 10240 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-05-23 04:51 . 2010-05-23 04:52 34399664 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng_web[1].exe
2010-05-21 13:14 . 2009-12-01 23:24 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-10 21:55 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-17 18:35 . 2009-12-01 23:34 120968 ----a-w- c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-09 09:14 . 2010-06-23 17:35 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-06-23 17:35 417792 ----a-w- c:\windows\system32\msdri.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 16:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 16:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Steam"="c:\program files\steam\steam.exe" [2010-06-06 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-19 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-06-07 255592]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office Outlook 2007 (2).lnk - c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe [2009-12-2 845584]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3\TMMonitor.exe [2010-2-21 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 23:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-23 14:18 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 08:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
R3 cpuz130;cpuz130;c:\users\Admin\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 93344]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-10-26 32800]
R3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\DRIVERS\U6000ALL.sys [2007-07-13 230784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-03 64288]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 136120]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-06-24 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 96896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-30 1352832]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:15]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 15:25]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zpav4p02.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Admin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,09,dc,f4,b5,5d,a2,4b,b4,1b,cd, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,09,dc,f4,b5,5d,a2,4b,b4,1b,cd, \

[HKEY_USERS\S-1-5-21-2925721793-3100897190-1553486399-1000\Software\SecuROM\License information*]
"datasecu"=hex:bf,ab,32,a4,4d,06,61,33,35,3a,3f,0c,2f,5d,b4,ba,c2,2a,e8,08, 26,
54,57,eb,1c,99,4a,76,90,f6,e8,a2,2c,ad,72,01,8d,96,b8,3d,d6,1d,f1,d2,c8,d7, \
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_Ac tiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(548)
c:\windows\system32\psqlpwd.DLL
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll

- - - - - - - > 'Explorer.exe'(2740)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2010-07-31 19:32:54
ComboFix-quarantined-files.txt 2010-07-31 18:32
ComboFix2.txt 2010-07-30 03:20

Pre-Run: 13,585,645,568 bytes free
Post-Run: 13,681,037,312 bytes free

- - End Of File - - 945EDA877C4675F29C8E94DD2F98EAC9
CatByte's Avatar
Malware Removal Specialist with 3,884 posts.
 
Join Date: Feb 2009
31-Jul-2010, 03:40 PM #12
Please do the following:


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 21 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 21 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


NEXT

Please advise how your computer is running and if there are any outstanding issues
Alpaca's Avatar
Alpaca Alpaca is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Jul 2010
01-Aug-2010, 03:49 AM #13
Dear Catbyte,

The adverts have ceased and there's no other evidence that the infection persists so I'd say this was a resolved issue.

Really, thank you very much for giving up your own time in helping me out with this; it's truly appreciated.

Kind regards
CatByte's Avatar
Malware Removal Specialist with 3,884 posts.
 
Join Date: Feb 2009
01-Aug-2010, 09:55 AM #14
Just some housekeeping to do now:

You can delete the MBRCheck, DDS and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.




If there are any logs/tools remaining > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Alpaca's Avatar
Alpaca Alpaca is offline
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Jul 2010
05-Aug-2010, 12:07 AM #15
Again, thanks for all your help CatByte. All resolved.

Best wishes.

Alpaca
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
adverts, audoi, infection, malware

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
My PC Crash/Freeze While playing games or watching movies on full screen CreepyDog Virus & Other Malware Removal 46 27-Mar-2010 12:55 PM
No Game Will Play On my PC Nanotech Games 8 14-Sep-2007 02:33 AM
No Game Will Play on my PC Nanotech Hardware 2 12-Sep-2007 02:33 PM
sound plays on my pc, but no sound comes out Redcommie Hardware 5 19-Nov-2002 09:49 PM
i read sound plays on my pc but no sound comes out...need more help sheilamurray Hardware 3 19-Nov-2002 12:16 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑