1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Adverts playing on my PC

Discussion in 'Virus & Other Malware Removal' started by Alpaca, Jul 28, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Alpaca

    Alpaca Thread Starter

    Joined:
    Jul 28, 2010
    Messages:
    8
    Hi

    Since Monday 26th July I've been getting audio of various adverts playing from my pc which isn't due to any programs I've been running.

    I understand that other users have had the same problem on this and other boards and I have examined what process was used to attempt to fix this (it seems to be potentially quite a serious infection in many cases), but I'm a bit of a noob and wondered if someone would be kind enough to walk me through this.


    Many thanks
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please download MBRCheck.exe to your desktop.
    • Be sure to disable your security programs
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
    • A window will open on your desktop
    • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
    • Please post the contents of that file.



    NEXT



    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.



    NEXT


    Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
    • Double click the exe file.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and attach it in reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  3. Alpaca

    Alpaca Thread Starter

    Joined:
    Jul 28, 2010
    Messages:
    8
    Thank you very much for taking the time time to help me, CatByte.

    MBR Check:

    MBRCheck, version 1.1.1

    (c) 2010, AD



    \\.\C: --> \\.\PhysicalDrive0



    Size Device Name MBR Status

    --------------------------------------------

    149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected





    Done! Press ENTER to exit...


    DDS - DDS.TXT


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Admin at 0:11:33.32 on 30/07/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.1821 [GMT 1:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fingerprint Reader Suite\psqltray.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Admin\Desktop\dds.com
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.co.uk/
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [IR_SERVER] c:\progra~1\realtek\realte~1\IR_SERVER.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{90120000-0030-0000-0000-0000000ff1ce}\outicon.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmmoni~1.lnk - c:\program files\arcsoft\totalmedia 3\TMMonitor.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli psqlpwd

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\zpav4p02.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\admin\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-6-24 136120]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-6-24 810144]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-4-28 96896]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [2010-2-21 31872]
    S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-2-21 93344]
    S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [2010-2-21 32800]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2009-12-9 230784]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-22 1343400]

    =============== Created Last 30 ================

    2010-07-29 13:11:32 0 d-----w- c:\program files\Ask.com
    2010-07-28 04:36:01 0 d-----w- c:\windows\system32\appmgmt
    2010-07-26 22:12:14 0 d-----w- c:\programdata\ESET
    2010-07-26 22:12:14 0 d-----w- c:\program files\ESET
    2010-07-26 21:15:14 0 d-----w- c:\program files\Trend Micro
    2010-07-26 20:26:30 98816 ----a-w- c:\windows\sed.exe
    2010-07-26 20:26:30 77312 ----a-w- c:\windows\MBR.exe
    2010-07-26 20:26:30 256512 ----a-w- c:\windows\PEV.exe
    2010-07-26 20:26:30 161792 ----a-w- c:\windows\SWREG.exe
    2010-07-26 20:26:25 0 d-s---w- C:\ComboFix
    2010-07-26 17:57:47 0 d-----w- c:\users\admin\appdata\roaming\Malwarebytes
    2010-07-26 17:57:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-26 17:57:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-26 17:57:38 0 d-----w- c:\programdata\Malwarebytes
    2010-07-26 17:57:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-26 17:29:00 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-07-26 17:29:00 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-25 03:54:31 0 d-----w- c:\users\admin\appdata\roaming\NVIDIA
    2010-07-25 03:53:45 0 d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
    2010-07-25 03:53:42 0 d-----w- c:\program files\common files\Wise Installation Wizard
    2010-07-25 03:53:31 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
    2010-07-25 03:53:31 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
    2010-07-25 03:53:31 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
    2010-07-25 03:53:30 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2010-07-25 03:53:30 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2010-07-25 03:53:29 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2010-07-24 21:22:50 0 d-----w- c:\program files\SystemRequirementsLab
    2010-07-24 19:50:28 0 d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2010-07-23 23:03:10 0 d-----w- c:\program files\iPod
    2010-07-01 16:23:24 0 d-----w- c:\program files\common files\Futuremark Shared
    2010-06-30 20:02:10 0 d-----w- c:\programdata\NVIDIA Corporation
    2010-06-30 20:02:06 0 d-----w- c:\program files\NVIDIA Corporation
    2010-06-30 14:39:50 0 d-sh--w- c:\programdata\SecuROM
    2010-06-30 14:36:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-06-30 14:36:04 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-06-30 14:36:04 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-06-30 14:35:35 0 d-----w- c:\windows\system32\xlive
    2010-06-30 14:35:35 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2010-06-30 14:34:14 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-06-30 14:34:14 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
    2010-06-30 14:34:14 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2010-06-30 14:34:13 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
    2010-06-30 14:34:13 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

    ==================== Find3M ====================

    2010-06-30 19:49:33 193693 ----a-w- c:\programdata\nvModes.dat
    2010-06-24 08:04:14 136120 ----a-w- c:\windows\system32\drivers\eamonm.sys
    2010-06-20 15:15:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-06-07 16:47:34 66664 ----a-w- c:\windows\system32\nvshext.dll
    2010-06-07 16:47:34 579688 ----a-w- c:\windows\system32\nv3dappshext.dll
    2010-06-07 16:47:34 53864 ----a-w- c:\windows\system32\nv3dappshextr.dll
    2010-06-07 16:47:34 408168 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2010-06-07 16:47:34 258142 ----a-w- c:\windows\system32\nvcoproc.bin
    2010-06-07 16:47:34 255592 ----a-w- c:\windows\system32\nvhotkey.dll
    2010-06-07 16:47:34 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
    2010-06-07 16:47:34 13917800 ----a-w- c:\windows\system32\nvcpl.dll
    2010-06-07 16:47:34 1331816 ----a-w- c:\windows\system32\nvsvc.dll
    2010-06-07 16:47:34 129640 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-06-07 16:47:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-06-03 15:15:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-06-02 08:13:07 136720 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-06-02 08:13:00 183520 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-05-28 11:58:26 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
    2010-05-28 00:09:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
    2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-09 09:14:55 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-05-09 09:14:50 417792 ----a-w- c:\windows\system32\msdri.dll
    2010-05-01 14:49:25 2326528 ----a-w- c:\windows\system32\win32k.sys
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2010-01-22 03:16:43 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 0:12:01.50 ===============


    DDS - Attach.txt:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 01/12/2009 23:09:04
    System Uptime: 29/07/2010 21:09:13 (3 hours ago)

    Motherboard: Dell Inc. | | 0D501F
    Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 2501/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 17.056 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: adfs
    Device ID: ROOT\LEGACY_ADFS\0000
    Manufacturer:
    Name: adfs
    PNP Device ID: ROOT\LEGACY_ADFS\0000
    Service: adfs

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Acrobat.com
    Ad-Aware
    Ad-Aware Email Scanner for Outlook
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader 9.3.2
    Airfoil
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft TotalMedia 3
    Ask Toolbar
    Audacity 1.3.12 (Unicode)
    Aura
    Bonjour
    Burnout Paradise: The Ultimate Box
    Call of Duty(R) - World at War(TM) 1.2 Patch
    Canon MP Navigator 2.0
    Canon MP150
    CCleaner
    CDBurnerXP
    Counter-Strike: Source
    Debut Video Capture Software
    DeskPins (remove only)
    Drv
    DVD Flick 1.3.0.7
    DVD Shrink 3.2
    DVDFab 6.2.1.8 (31/12/2009)
    Eraser 6.0.7.1893
    ESET NOD32 Antivirus
    Express Burn
    EZ Grabber
    Facebook Plug-In
    Far Cry 2
    Fingerprint Reader Suite 5.6
    FormatFactory 2.30
    Futuremark SystemInfo
    Google Earth
    Google Update Helper
    Grand Theft Auto: San Andreas
    Half-Life 2
    Half-Life 2: Deathmatch
    HiJackThis
    iTunes
    Java(TM) 6 Update 17
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Left 4 Dead 2
    Left 4 Dead 2 Add-on Support
    Malwarebytes' Anti-Malware
    Medal of Honor Allied Assault
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft XML Parser
    Moonbase Alpha
    Mozilla Firefox (3.6.8)
    MSVC80_x86_v2
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8
    neroxml
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA PhysX
    OGA Notifier 2.0.0048.0
    Opera 10.53
    PC Connectivity Solution
    Picasa 3
    PunkBuster Services
    QuickTime
    REALTEK DTV USB DEVICE
    SAMSUNG Mobile Composite Device Software
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Drive Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB980376)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB982135)
    Skype web features
    Skype¬ô 4.1
    Spybot - Search & Destroy
    Steam
    Switch Sound File Converter
    System Requirements Lab
    Team Fortress 2
    Ulead VideoStudio SE DVD
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb2202131)
    VCRedistSetup
    VideoLAN VLC media player 0.8.5
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
    Windows Driver Package - Nokia Modem (10/05/2009 4.2)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.6
    WinRAR archiver
    Xfire (remove only)

    ==== Event Viewer Messages From Past Week ========

    29/07/2010 21:09:46, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
    29/07/2010 13:45:29, Error: Service Control Manager [7038] - The wscsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    29/07/2010 13:45:29, Error: Service Control Manager [7038] - The WinDefend service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    29/07/2010 13:45:29, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    29/07/2010 13:45:29, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not start due to a logon failure.
    29/07/2010 13:45:29, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not start due to a logon failure.
    29/07/2010 13:45:29, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not start due to a logon failure.
    28/07/2010 19:05:07, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    28/07/2010 19:05:07, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    28/07/2010 19:04:55, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Error Reporting Service service, but this action failed with the following error: An instance of the service is already running.
    28/07/2010 19:04:07, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    28/07/2010 19:03:07, Error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    28/07/2010 19:03:07, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    28/07/2010 19:02:55, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    28/07/2010 18:52:42, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    28/07/2010 09:20:54, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    26/07/2010 23:12:24, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    26/07/2010 22:05:47, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    26/07/2010 22:05:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    26/07/2010 22:05:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    26/07/2010 22:04:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr StarOpen tdx vwififlt Wanarpv6 WfpLwf
    26/07/2010 22:04:47, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    26/07/2010 22:04:47, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    26/07/2010 22:04:47, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    26/07/2010 22:04:47, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    26/07/2010 22:04:47, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    26/07/2010 22:04:47, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    26/07/2010 22:04:46, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    26/07/2010 22:04:46, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    26/07/2010 22:04:46, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    26/07/2010 22:04:46, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    26/07/2010 21:27:46, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    25/07/2010 15:05:01, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
    24/07/2010 00:01:49, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================


    GMER.TXT attached


    Thanks again,

    Alpaca
     

    Attached Files:

  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Hi

    Please do the following:

    Download Combofix from either of the links below, and save it to your desktop.

    Link 1
    Link 2



    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------
    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    --------------------------------------------------------------------

    Double click on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.
     
  5. Alpaca

    Alpaca Thread Starter

    Joined:
    Jul 28, 2010
    Messages:
    8
    ComboFix.txt attached.
     

    Attached Files:

  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




    NEXT

    **Vista users - right click on the IE icon and run as administrator

    Run an on-line scan with Kaspersky

    Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

    1. Click Accept, when prompted to download and install the program files and database of malware definitions.
    2. To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    3. Click Run at the Security prompt.
    The program will then begin downloading and installing and will also update the database.
    Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View scan report at the bottom.

      [​IMG]
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
     
  7. Alpaca

    Alpaca Thread Starter

    Joined:
    Jul 28, 2010
    Messages:
    8
    Malwarebytes':

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 4371
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385
    30/07/2010 19:18:51
    mbam-log-2010-07-30 (19-18-51).txt
    Scan type: Quick scan
    Objects scanned: 138355
    Time elapsed: 4 minute(s), 41 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)


    Kaspersky:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Friday, July 30, 2010
    Operating system: Microsoft Professional (build 7600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, July 30, 2010 13:41:10
    Records in database: 4194014
    --------------------------------------------------------------------------------
    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes
    Scan area - My Computer:
    C:\
    D:\
    Scan statistics:
    Objects scanned: 165308
    Threats found: 6
    Infected objects found: 9
    Suspicious objects found: 0
    Scan duration: 02:46:33

    File name / Threat / Threats count
    C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\38ab0b0d-579d816a Infected: Trojan-Downloader.Java.Agent.ft 1
    C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\38ab0b0d-579d816a Infected: Trojan-Downloader.Java.Agent.fu 1
    C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\38ab0b0d-579d816a Infected: Trojan-Downloader.Java.Agent.fv 1
    C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\34eb48b1-1b63b21d Infected: Exploit.Java.Agent.ax 1
    C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\70a43fd-4f1fb0a5 Infected: Trojan.Win32.Vilsel.akzq 1
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\72bf3727-4f72e666 Infected: Trojan-Downloader.Java.Agent.ft 1
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\72bf3727-4f72e666 Infected: Trojan-Downloader.Java.Agent.fu 1
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\72bf3727-4f72e666 Infected: Trojan-Downloader.Java.Agent.fv 1
    C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.1.7600.16385_none_06a5a17a3714c64d\RDPENCDD.sys Infected: Rootkit.Win32.TDSS.ap 1
    Selected area has been scanned.


    Regards,

    Alpaca
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Hi

    Please do the following:

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      Code:
      :filefind
      *DPENCDD*
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  9. Alpaca

    Alpaca Thread Starter

    Joined:
    Jul 28, 2010
    Messages:
    8
    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 15:55 on 31/07/2010 by Admin (Administrator - Elevation successful)

    ========== filefind ==========

    Searching for "*DPENCDD*"
    C:\Qoobox\Quarantine\C\Windows\system32\Drivers\RDPENCDD.sys.vir --a--- 6656 bytes [00:01 14/07/2009] [00:01 14/07/2009] FFE5E85C9128FA38AD700DE3BEFA88A4
    C:\Qoobox\Quarantine\C\Windows\system32\Drivers\RDPENCDD.sys.vir_ --a--- 6656 bytes [00:01 14/07/2009] [02:57 30/07/2010] FFE5E85C9128FA38AD700DE3BEFA88A4
    C:\Windows\System32\drivers\rdpencdd.sys --a--- 6656 bytes [00:01 14/07/2009] [00:01 14/07/2009] 5A53CA1598DD4156D44196D200C94B8A
    C:\Windows\System32\RDPENCDD.dll --a--- 121856 bytes [00:01 14/07/2009] [01:09 14/07/2009] 78619D9A964ED75980756263153C5B14
    C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.1.7600.16385_none_06a5a17a3714c64d\RDPENCDD.dll --a--- 121856 bytes [00:01 14/07/2009] [01:09 14/07/2009] 78619D9A964ED75980756263153C5B14
    C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.1.7600.16385_none_06a5a17a3714c64d\RDPENCDD.sys ------ 6656 bytes [00:01 14/07/2009] [00:01 14/07/2009] 7785CB8CDC82ABBB872706D80767FF8A

    -=End Of File=-
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Hi

    Please do the following:


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    FCopy::
    C:\Windows\System32\drivers\rdpencdd.sys | C:\Windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.1.7600.16385_none_06a5a17a3714c64d\RDPENCDD.sys
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
     
  11. Alpaca

    Alpaca Thread Starter

    Joined:
    Jul 28, 2010
    Messages:
    8
    ComboFix 10-07-31.01 - Admin 31/07/2010 19:24:45.3.2 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2170 [GMT 1:00]
    Running from: c:\users\Admin\Desktop\ComboFix.exe
    Command switches used :: c:\users\Admin\Desktop\CFScript.txt
    .

    ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
    .

    2010-07-31 18:30 . 2010-07-31 18:30 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-07-31 18:30 . 2010-07-31 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-07-31 18:22 . 2010-07-31 18:22 -------- d-----w- C:\32788R22FWJFW
    2010-07-30 18:55 . 2010-07-30 18:55 -------- d-----w- c:\users\Admin\AppData\Local\AskToolbar
    2010-07-30 03:11 . 2010-07-31 18:30 -------- d-----w- c:\users\Admin\AppData\Local\temp
    2010-07-30 02:59 . 2010-07-30 02:59 -------- d-----w- C:\Device
    2010-07-29 13:11 . 2010-07-29 13:11 -------- d-----w- c:\program files\Ask.com
    2010-07-27 14:06 . 2010-07-27 14:06 -------- d-----w- c:\users\Admin\AppData\Local\ESET
    2010-07-26 22:12 . 2010-07-26 22:12 -------- d-----w- c:\program files\ESET
    2010-07-26 21:15 . 2010-07-26 21:15 388096 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-07-26 21:15 . 2010-07-26 21:15 -------- d-----w- c:\program files\Trend Micro
    2010-07-26 17:57 . 2010-07-26 17:57 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
    2010-07-26 17:57 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-26 17:57 . 2010-07-26 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-26 17:57 . 2010-07-26 17:57 -------- d-----w- c:\programdata\Malwarebytes
    2010-07-26 17:57 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-26 17:29 . 2010-07-26 17:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-07-26 17:29 . 2010-07-26 17:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-25 03:54 . 2010-07-25 03:54 -------- d-----w- c:\users\Admin\AppData\Roaming\NVIDIA
    2010-07-25 03:53 . 2010-07-25 03:53 -------- d-----w- c:\users\Admin\AppData\Local\Downloaded Installations
    2010-07-25 03:53 . 2010-07-25 03:53 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
    2010-07-25 03:53 . 2010-07-25 03:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-07-25 03:53 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
    2010-07-25 03:53 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
    2010-07-25 03:53 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
    2010-07-25 03:53 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2010-07-25 03:53 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2010-07-25 03:53 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2010-07-24 21:22 . 2010-07-24 21:22 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-07-24 21:22 . 2010-07-24 21:22 85504 ----a-w- c:\users\Admin\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
    2010-07-24 21:22 . 2010-07-24 21:22 -------- d-----w- c:\users\Admin\AppData\Roaming\SystemRequirementsLab
    2010-07-24 19:58 . 2010-07-24 19:58 -------- d-----w- c:\users\Public\New folder
    2010-07-24 19:54 . 2010-07-25 13:04 -------- d-----w- c:\users\Admin\AppData\Roaming\Audacity
    2010-07-24 19:50 . 2010-07-24 19:50 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
    2010-07-23 23:03 . 2010-07-23 23:03 -------- d-----w- c:\program files\iPod
    2010-07-23 23:00 . 2010-07-23 23:00 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-31 18:04 . 2010-06-06 14:17 -------- d-----w- c:\program files\Steam
    2010-07-28 05:11 . 2010-04-18 11:24 -------- d-----w- c:\program files\Common Files\Adobe
    2010-07-28 04:54 . 2010-06-23 05:44 -------- d-----w- c:\program files\MasterSplitter
    2010-07-23 23:03 . 2010-05-20 17:14 -------- d-----w- c:\program files\iTunes
    2010-07-23 23:03 . 2010-05-20 17:12 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-14 15:08 . 2009-12-01 23:12 -------- d-----w- c:\programdata\Microsoft Help
    2010-07-09 02:39 . 2009-12-12 12:46 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype
    2010-07-08 23:01 . 2009-12-12 12:49 -------- d-----w- c:\users\Admin\AppData\Roaming\skypePM
    2010-07-04 23:58 . 2010-01-10 13:41 -------- d-----w- c:\programdata\Xfire
    2010-07-01 16:23 . 2010-07-01 16:23 -------- d-----w- c:\program files\Common Files\Futuremark Shared
    2010-07-01 16:23 . 2009-12-05 20:55 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-06-30 20:04 . 2009-12-01 23:25 -------- d-----w- c:\programdata\NVIDIA
    2010-06-30 20:03 . 2010-06-30 20:02 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-06-30 20:02 . 2010-06-30 20:02 -------- d-----w- c:\programdata\NVIDIA Corporation
    2010-06-30 19:49 . 2009-12-05 20:52 193693 ----a-w- c:\programdata\nvModes.dat
    2010-06-30 14:39 . 2010-06-30 14:39 -------- d-sh--w- c:\programdata\SecuROM
    2010-06-30 14:36 . 2010-06-30 14:36 -------- d--h--r- c:\users\Admin\AppData\Roaming\SecuROM
    2010-06-30 14:36 . 2010-06-30 14:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-06-30 14:36 . 2010-06-30 14:35 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2010-06-28 13:34 . 2010-06-28 13:34 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-06-25 15:04 . 2009-12-01 23:14 -------- d-----w- c:\program files\Microsoft.NET
    2010-06-24 22:23 . 2010-02-05 15:52 -------- d-----w- c:\users\Admin\AppData\Roaming\DVD Flick
    2010-06-24 21:22 . 2009-12-06 04:41 -------- d-----w- c:\users\Admin\AppData\Roaming\dvdcss
    2010-06-24 08:04 . 2010-06-24 08:04 136120 ----a-w- c:\windows\system32\drivers\eamonm.sys
    2010-06-21 14:05 . 2010-01-10 13:41 -------- d-----w- c:\users\Admin\AppData\Roaming\Xfire
    2010-06-20 15:15 . 2010-03-11 16:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-06-19 18:45 . 2010-06-19 18:45 -------- d-----w- c:\program files\Bonjour
    2010-06-17 19:49 . 2010-06-17 19:49 50354 ----a-w- c:\users\Admin\AppData\Roaming\Facebook\uninstall.exe
    2010-06-17 19:49 . 2010-06-17 19:49 -------- d-----w- c:\users\Admin\AppData\Roaming\Facebook
    2010-06-15 00:35 . 2010-06-15 00:35 -------- d-----w- c:\program files\Eraser
    2010-06-13 15:57 . 2010-06-13 15:57 -------- d-----w- c:\program files\Opera
    2010-06-12 14:24 . 2009-12-06 13:07 -------- d-----w- c:\programdata\NOS
    2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Admin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    2010-06-07 16:47 . 2010-06-07 16:47 66664 ----a-w- c:\windows\system32\nvshext.dll
    2010-06-07 16:47 . 2010-06-07 16:47 579688 ----a-w- c:\windows\system32\nv3dappshext.dll
    2010-06-07 16:47 . 2010-06-07 16:47 53864 ----a-w- c:\windows\system32\nv3dappshextr.dll
    2010-06-07 16:47 . 2010-06-07 16:47 408168 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2010-06-07 16:47 . 2010-06-07 16:47 258142 ----a-w- c:\windows\system32\nvcoproc.bin
    2010-06-07 16:47 . 2010-06-07 16:47 255592 ----a-w- c:\windows\system32\nvhotkey.dll
    2010-06-07 16:47 . 2010-06-07 16:47 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
    2010-06-07 16:47 . 2010-06-07 16:47 13917800 ----a-w- c:\windows\system32\nvcpl.dll
    2010-06-07 16:47 . 2010-06-07 16:47 1331816 ----a-w- c:\windows\system32\nvsvc.dll
    2010-06-07 16:47 . 2010-06-07 16:47 129640 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-06-07 16:47 . 2010-06-07 16:47 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-06-06 14:17 . 2010-06-06 14:17 -------- d-----w- c:\program files\Common Files\Steam
    2010-06-03 22:39 . 2010-01-10 13:41 -------- d-----w- c:\program files\Xfire
    2010-06-03 15:15 . 2010-06-06 15:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-06-02 08:13 . 2009-12-05 21:08 136720 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-06-02 08:13 . 2009-12-05 21:08 183520 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-05-28 11:58 . 2009-12-01 23:14 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
    2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2010-05-27 07:24 . 2010-06-10 21:55 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-27 03:49 . 2010-06-10 21:55 293888 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-23 04:52 . 2010-05-23 04:52 95232 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
    2010-05-23 04:52 . 2010-05-23 04:52 8192 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
    2010-05-23 04:52 . 2010-05-23 04:52 61440 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
    2010-05-23 04:52 . 2010-05-23 04:52 10240 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
    2010-05-23 04:51 . 2010-05-23 04:52 34399664 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng_web[1].exe
    2010-05-21 13:14 . 2009-12-01 23:24 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-21 05:18 . 2010-06-10 21:55 977920 ----a-w- c:\windows\system32\wininet.dll
    2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-17 18:35 . 2009-12-01 23:34 120968 ----a-w- c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-05-09 09:14 . 2010-06-23 17:35 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-05-09 09:14 . 2010-06-23 17:35 417792 ----a-w- c:\windows\system32\msdri.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2007-09-10 16:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2007-09-10 16:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
    "Steam"="c:\program files\steam\steam.exe" [2010-06-06 1238352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
    "PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-19 149280]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-06-07 255592]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]

    c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office Outlook 2007 (2).lnk - c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe [2009-12-2 845584]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3\TMMonitor.exe [2010-2-21 258048]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "DisableCAD"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-04-16 23:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
    @="FSFilter System Recovery"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-10-23 14:18 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2007-09-20 08:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
    R3 cpuz130;cpuz130;c:\users\Admin\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
    R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872]
    R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 93344]
    R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-10-26 32800]
    R3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\DRIVERS\U6000ALL.sys [2007-07-13 230784]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-03 64288]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-06-24 136120]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-06-24 810144]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-28 96896]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-30 1352832]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:15]

    2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 15:25]

    2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 15:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zpav4p02.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Admin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,09,dc,f4,b5,5d,a2,4b,b4,1b,cd,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,09,dc,f4,b5,5d,a2,4b,b4,1b,cd,\

    [HKEY_USERS\S-1-5-21-2925721793-3100897190-1553486399-1000\Software\SecuROM\License information*]
    "datasecu"=hex:bf,ab,32,a4,4d,06,61,33,35,3a,3f,0c,2f,5d,b4,ba,c2,2a,e8,08,26,
    54,57,eb,1c,99,4a,76,90,f6,e8,a2,2c,ad,72,01,8d,96,b8,3d,d6,1d,f1,d2,c8,d7,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(548)
    c:\windows\system32\psqlpwd.DLL
    c:\program files\Fingerprint Reader Suite\homefus2.dll
    c:\program files\Fingerprint Reader Suite\infra.dll

    - - - - - - - > 'Explorer.exe'(2740)
    c:\program files\Fingerprint Reader Suite\farchns.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    .
    Completion time: 2010-07-31 19:32:54
    ComboFix-quarantined-files.txt 2010-07-31 18:32
    ComboFix2.txt 2010-07-30 03:20

    Pre-Run: 13,585,645,568 bytes free
    Post-Run: 13,681,037,312 bytes free

    - - End Of File - - 945EDA877C4675F29C8E94DD2F98EAC9
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please do the following:

    [​IMG]
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    • Download the latest version of Java Runtime Environment (JRE) 21 and save it to your desktop.
    • Scroll down to where it says JDK 6 Update 21 (JDK or JRE)
    • Click the Download JRE button to the right
    • Select the Windows platform from the dropdown menu.
    • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.
    • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave BOTH Checked

        • Applications and Applets
          Trace and Log Files
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.


    NEXT

    Please advise how your computer is running and if there are any outstanding issues
     
  13. Alpaca

    Alpaca Thread Starter

    Joined:
    Jul 28, 2010
    Messages:
    8
    Dear Catbyte,

    The adverts have ceased and there's no other evidence that the infection persists so I'd say this was a resolved issue.

    Really, thank you very much for giving up your own time in helping me out with this; it's truly appreciated.

    Kind regards
     
  14. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Just some housekeeping to do now:

    You can delete the MBRCheck, DDS and GMER logs and programs from your desktop.


    NEXT


    Follow these steps to uninstall Combofix

    • Make sure your security programs are totally disabled.
    • Click START then RUN
    • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

    [​IMG]


    If there are any logs/tools remaining > right click and delete them.


    NEXT


    Below I have included a number of recommendations for how to protect your computer against malware infections.

    • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
      Strong passwords: How to create and use them
      Then consider a password keeper, to keep all your passwords safe.

    • Keep Windows updated by regularly checking their website at :
      http://windowsupdate.microsoft.com/
      This will ensure your computer has always the latest security updates available installed on your computer.

    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    • Download TFC to your desktop
      • Close any open windows.
      • Double click the TFC icon to run the program
      • TFC will close all open programs itself in order to run,
      • Click the Start button to begin the process.
      • Allow TFC to run uninterrupted.
      • The program should not take long to finish it's job
      • Once its finished it should automatically reboot your machine,
      • if it doesn't, manually reboot to ensure a complete clean
      It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      • Green to go
      • Yellow for caution
      • Red to stop
      WOT has an addon available for both Firefox and IE

    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
      Think Prevention.
      PC Safety and Security--What Do I Need?.


    **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


    Thank you for your patience, and performing all of the procedures requested.

    Please respond one last time so we can consider the thread resolved and close it, thank-you.
     
  15. Alpaca

    Alpaca Thread Starter

    Joined:
    Jul 28, 2010
    Messages:
    8
    Again, thanks for all your help CatByte. All resolved.

    Best wishes.

    Alpaca
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/938999