SpywareHammer.com

SpywareHammer Malware Removal Forums => Completed Malware and Rootkit Removal Topics => Topic started by: stogie53 on April 04, 2011, 06:16:00 PM

Title: [Resolved] Help!!
Post by: stogie53 on April 04, 2011, 06:16:00 PM
Here is my Hijack this log. My PC after its been on for awhile all of the sudden different programs stop working! Avast Itunes etc....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:56 PM, on 4/4/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\GreenPrint\gpsrdg01.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
C:\Program Files\Common Files\logishrd\LComMgr\LVComSX.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NetworkIndicator\NetworkIndicator.exe
C:\Users\Joe\Desktop\DesktopOK.exe
C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\XWindows Dock\XWD.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
C:\Users\Joe\Desktop\HijackThis.exe
C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {9e3f670b-884b-4776-a19f-d363c9a4145c} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XmarksThumbnailsDLLBHO - {1BD0BEFE-F697-4eee-B7E1-76B849A5CB84} - C:\Program Files\Xmarks\Thumbnails for IE\xmarksthumbnails.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe -auto
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NetworkIndicator] C:\Program Files\NetworkIndicator\NetworkIndicator.exe
O4 - HKCU\..\Run: [Epson Stylus NX510(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE /FU "C:\Windows\TEMP\E_SC5ED.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DesktopOK] "C:\Users\Joe\Desktop\DesktopOK.exe"  -bg -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
O4 - HKCU\..\Run: [Core Temp] "C:\Core Temp\Core Temp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user')
O4 - Startup: Dropbox.lnk = Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: XWindows Dock.lnk = C:\Program Files\XWindows Dock\XWD.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Joe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Joe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - Trusted Zone: http://novastor.cleverreach.com
O15 - Trusted Zone: http://*.google-analytics.com
O15 - Trusted Zone: http://*.novastor.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AirPrint - Apple Inc. - C:\Program Files\AirPrint\airprint.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - Unknown owner - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Firefox Service - Unknown owner - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\u36cr1xu.default\extensions\startup.service@mozilla.com\svc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Genie Timeline Service (GenieTimelineService) - Genie-Soft - C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
O23 - Service: GreenPrint - GreenPrint Technologies LLC. - C:\Program Files\GreenPrint\GPSRHT01.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: OO DiskImage - Unknown owner - C:\Program Files\OO Software\DiskImage\oodiag.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\Windows\system32\UTSCSI.EXE
O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\Windows\system32\WebUpdateSvc4.exe

--
End of file - 15816 bytes
 
Title: Re: [In Progress] Help!!
Post by: Hoov on April 04, 2011, 06:28:42 PM
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

Now onto trying to fix your computer.

Does your computer just quit responding? Or do the programs just not start up? If they are already responding, do other programs work?

We need to see some information about what is happening in your machine.  Please perform the following scan:Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet. 

Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html)
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 04, 2011, 07:15:55 PM
I have only run Malwarebytes and a complete avast scan.  Yes for example avast will be running and then thing just start to stop, if for example when this starts if i try to open itunes it tells me re-install to fix. some things just do not start. Then the PC stops responding and I cant even click restart.

.
DDS (Ver_11-03-05.01) - NTFSx86  
Run by Joe at 19:44:04.77 on Mon 04/04/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3327.1133 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\u36cr1xu.default\extensions\startup.service@mozilla.com\svc.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\GreenPrint\GPSRHT01.exe
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
C:\Program Files\GreenPrint\gpsrdg01.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\UTSCSI.EXE
C:\Windows\System32\vds.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
C:\Program Files\Common Files\logishrd\LComMgr\LVComSX.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NetworkIndicator\NetworkIndicator.exe
C:\Users\Joe\Desktop\DesktopOK.exe
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\XWindows Dock\XWD.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\system32\WebUpdateSvc4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AirPrint\airprint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\OO Software\DiskImage\oodiag.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\vdsldr.exe
C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Joe\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Joe\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://my.yahoo.com/
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ThumbnailsBHO Class: {1bd0befe-f697-4eee-b7e1-76b849a5cb84} - c:\program files\xmarks\thumbnails for ie\xmarksthumbnails.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {9E3F670B-884B-4776-A19F-D363C9A4145C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [NetworkIndicator] c:\program files\networkindicator\NetworkIndicator.exe
uRun: [Epson Stylus NX510(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\windows\temp\E_SC5ED.tmp" /EF "HKCU"
uRun: [DesktopOK] "c:\users\joe\desktop\DesktopOK.exe"  -bg -startup
uRun: [Google Update] "c:\users\joe\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [NetBalancer] c:\program files\netbalancer\SeriousBit.NetBalancer.Tray.exe
uRun: [Core Temp] "c:\core temp\Core Temp.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [VAWinAgent] c:\expressgateutil\VAWinAgent.exe
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Genie TimeLine Tray] c:\program files\genie-soft\genie timeline\GSTimeLineAgent.exe -auto
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [OODefragTray] c:\program files\oo software\defrag\oodtray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
StartupFolder: c:\users\joe\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\joe\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\joe\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\joe\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\joe\appdata\roaming\micros~1\windows\startm~1\programs\startup\xwindo~1.lnk - c:\program files\xwindows dock\XWD.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\joe\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\joe\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://dsl.sbc.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\{08ea8b71-4ab6-431b-8b39-c60b1f121218}\components\RadioWMPCore.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\{08ea8b71-4ab6-431b-8b39-c60b1f121218}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\{3c577568-be1e-4551-8968-b38bc97ff655}\components\RadioWMPCore.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\{3c577568-be1e-4551-8968-b38bc97ff655}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\{de6fdbf9-913c-461d-857a-4ed69d47c755}\components\RadioWMPCore.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\{de6fdbf9-913c-461d-857a-4ed69d47c755}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\olympus\ib utilities\firefox plugin\npIbInst.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\joe\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\joe\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\users\joe\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\joe\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\drivers\oodisr.sys [2010-9-1 96336]
R0 oodisrh;oodisrh;c:\windows\system32\drivers\oodisrh.sys [2010-9-1 28752]
R0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\drivers\oodivd.sys [2010-9-1 171088]
R0 oodivdh;oodivdh;c:\windows\system32\drivers\oodivdh.sys [2010-9-1 31824]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-7-5 11448]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-18 294608]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2010-12-9 64608]
R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [2010-12-9 33744]
R2 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -s --> c:\program files\airprint\airprint.exe -s [?]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-26 284672]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\amd\raidxpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-3-18 90112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-18 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-3-18 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-14 40384]
R2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\comodo\comodo system-cleaner\Cleaner_Validator.exe [2010-12-9 305600]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-3-19 12672]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-4-10 294912]
R2 Firefox Service;Firefox Service;c:\users\joe\appdata\roaming\mozilla\firefox\profiles\u36cr1xu.default\extensions\startup.service@mozilla.com\svc.exe [2011-3-26 83456]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-11-20 238952]
R2 GenieTimelineService;Genie Timeline Service;c:\program files\genie-soft\genie timeline\GenieTimelineService.exe [2011-1-11 362624]
R2 GreenPrint;GreenPrint;c:\program files\greenprint\gpsrht01.exe [2010-3-29 427048]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-1-2 821592]
R2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\netbalancer\SeriousBit.NetBalancer.Service.exe [2011-2-17 10240]
R2 OO DiskImage;OO DiskImage;c:\program files\oo software\diskimage\oodiag.exe [2010-9-1 2811208]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\oo software\defrag\oodag.exe [2010-11-25 2404168]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-3-18 27648]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-4-4 439632]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-10-19 2011944]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-8-20 77312]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-11-8 237568]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-11-8 1060352]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-11-8 484352]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2008-9-15 262360]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2010-11-3 17984]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-2-26 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2011-2-14 18256]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-20 36608]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [2011-2-17 28776]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2011-2-14 41424]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-21 328808]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2011-2-14 24432]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-3-18 1077760]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\bcuservice.exe --> c:\program files\devicevm\browser configuration utility

\BCUService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 133104]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 25112]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-3-18 35328]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtVlan60.sys [2010-3-18 19968]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-3-18 35328]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-2 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-31 1343400]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-24 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-24 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-24 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-24 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-24 25704]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-04-05 00:00:45   --------   d-----w-   c:\program files\WinPcap
2011-04-05 00:00:20   --------   d-----w-   c:\program files\Trend Micro
2011-04-03 19:29:57   --------   d-----w-   c:\program files\DVDFab 8
2011-04-01 16:14:11   6792528   ----a-w-   c:\progra~2\microsoft\windows defender\definition updates\{5de9594e-d487-4435-a704-34a514cabc9d}\mpengine.dll
2011-03-24 17:00:46   --------   d-----w-   c:\program files\iPod
2011-03-24 17:00:45   --------   d-----w-   c:\program files\iTunes
2011-03-24 16:57:20   --------   d-----w-   c:\program files\Bonjour
2011-03-24 16:27:16   --------   d-----w-   c:\windows\system32\appmgmt
2011-03-24 16:04:17   --------   d-----w-   c:\users\joe\appdata\roaming\DVDVideoSoft
2011-03-23 02:06:03   --------   d-----w-   c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-23 00:16:45   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-23 00:16:41   781272   ----a-w-   c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-23 00:16:41   728024   ----a-w-   c:\program files\mozilla firefox\libGLESv2.dll
2011-03-23 00:16:41   1874904   ----a-w-   c:\program files\mozilla firefox\mozjs.dll
2011-03-23 00:16:41   15832   ----a-w-   c:\program files\mozilla firefox\mozalloc.dll
2011-03-23 00:16:41   142296   ----a-w-   c:\program files\mozilla firefox\libEGL.dll
2011-03-23 00:16:40   1975768   ----a-w-   c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-23 00:16:40   1893336   ----a-w-   c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-16 22:29:14   --------   d-----w-   c:\users\joe\appdata\local\Xmarks
2011-03-16 22:29:14   --------   d-----w-   c:\program files\Xmarks
2011-03-12 17:28:40   103864   ----a-w-   c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 17:28:40   103864   ----a-w-   c:\program files\internet explorer\plugins\nppdf32.dll
2011-03-10 03:31:25   --------   d-----w-   c:\users\joe\Logitech
2011-03-10 03:30:00   --------   d-----w-   c:\program files\common files\Remote Control USB Driver
2011-03-10 03:29:42   274432   ----a-w-   c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-03-10 03:29:42   204800   ----a-w-   c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-03-10 03:29:41   757760   ----a-w-   c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-03-10 03:29:41   69715   ----a-w-   c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-03-10 03:29:41   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-03-10 03:29:41   331908   ----a-w-   c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-03-10 03:29:41   200836   ----a-w-   c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-03-09 16:27:18   --------   d-----w-   c:\users\joe\appdata\local\CrashDumps
2011-03-09 01:50:44   805376   ----a-w-   c:\windows\system32\FntCache.dll
2011-03-09 01:50:44   739840   ----a-w-   c:\windows\system32\d2d1.dll
2011-03-09 01:50:44   1076736   ----a-w-   c:\windows\system32\DWrite.dll
2011-03-09 01:50:43   642048   ----a-w-   c:\windows\system32\CPFilters.dll
2011-03-09 01:50:43   534528   ----a-w-   c:\windows\system32\EncDec.dll
2011-03-09 01:50:42   850944   ----a-w-   c:\windows\system32\sbe.dll
2011-03-09 01:50:42   199680   ----a-w-   c:\windows\system32\mpg2splt.ax
.
==================== Find3M  ====================
.
2011-03-03 03:17:35   152576   ----a-w-   c:\windows\system32\msclmd.dll
2011-02-18 22:36:58   4184352   ----a-w-   c:\windows\system32\usbaaplrc.dll
2011-02-03 03:40:23   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-02-02 23:11:20   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-01-26 23:00:44   143360   ----a-w-   c:\windows\system32\atiapfxx.exe
2011-01-26 23:00:30   596480   ----a-w-   c:\windows\system32\aticfx32.dll
2011-01-26 22:59:46   17204736   ----a-w-   c:\windows\system32\atioglxx.dll
2011-01-26 22:56:30   462848   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:55:54   393216   ----a-w-   c:\windows\system32\atieclxx.exe
2011-01-26 22:55:24   176128   ----a-w-   c:\windows\system32\atiesrxx.exe
2011-01-26 22:54:10   159744   ----a-w-   c:\windows\system32\atitmmxx.dll
2011-01-26 22:53:54   356352   ----a-w-   c:\windows\system32\atipdlxx.dll
2011-01-26 22:53:42   278528   ----a-w-   c:\windows\system32\Oemdspif.dll
2011-01-26 22:53:34   15872   ----a-w-   c:\windows\system32\atimuixx.dll
2011-01-26 22:53:26   43520   ----a-w-   c:\windows\system32\ati2edxx.dll
2011-01-26 22:49:44   4105728   ----a-w-   c:\windows\system32\atidxx32.dll
2011-01-26 22:32:12   1912832   ----a-w-   c:\windows\system32\atiumdmv.dll
2011-01-26 22:28:52   4170752   ----a-w-   c:\windows\system32\atiumdag.dll
2011-01-26 22:27:50   46080   ----a-w-   c:\windows\system32\aticalrt.dll
2011-01-26 22:27:40   44032   ----a-w-   c:\windows\system32\aticalcl.dll
2011-01-26 22:25:50   5580800   ----a-w-   c:\windows\system32\aticaldd.dll
2011-01-26 22:24:18   3463680   ----a-w-   c:\windows\system32\atiumdva.dll
2011-01-26 22:20:44   52736   ----a-w-   c:\windows\system32\coinst.dll
2011-01-26 22:14:06   249856   ----a-w-   c:\windows\system32\atiadlxx.dll
2011-01-26 22:13:52   12800   ----a-w-   c:\windows\system32\atiglpxx.dll
2011-01-26 22:13:42   32768   ----a-w-   c:\windows\system32\atigktxx.dll
2011-01-26 22:12:40   30720   ----a-w-   c:\windows\system32\atiuxpag.dll
2011-01-26 22:12:24   28672   ----a-w-   c:\windows\system32\atiu9pag.dll
2011-01-26 22:08:40   52736   ----a-w-   c:\windows\system32\atimpc32.dll
2011-01-26 22:08:40   52736   ----a-w-   c:\windows\system32\amdpcom32.dll
2011-01-21 12:36:02   80416   ----a-w-   c:\windows\system32\RtNicProp32.dll
2011-01-17 05:47:13   161792   ----a-w-   c:\windows\system32\d3d10_1.dll
2011-01-13 08:47:35   38848   ----a-w-   c:\windows\avastSS.scr
2011-01-07 07:46:34   870912   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-01-07 07:46:34   288256   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:45:57   34304   ----a-w-   c:\windows\system32\atmlib.dll
2011-01-07 05:43:36   294400   ----a-w-   c:\windows\system32\atmfd.dll
2011-01-06 01:34:01   87608   ----a-w-   c:\users\joe\appdata\roaming\inst.exe
2011-01-06 01:34:01   47360   ----a-w-   c:\users\joe\appdata\roaming\pcouffin.sys
2011-01-05 03:51:01   2330624   ----a-w-   c:\windows\system32\win32k.sys
.
============= FINISH: 19:47:09.43 ===============

second log will follow...................







Title: Re: [In Progress] Help!!
Post by: stogie53 on April 04, 2011, 07:28:35 PM
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/18/2010 8:22:17 PM
System Uptime: 4/4/2011 7:06:23 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M4A785TD-V EVO
Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3214/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 127 GiB total, 52.426 GiB free.
D: is FIXED (NTFS) - 405 GiB total, 282.718 GiB free.
E: is FIXED (NTFS) - 400 GiB total, 150.398 GiB free.
F: is FIXED (NTFS) - 298 GiB total, 196.175 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is Removable
K: is CDROM ()
L: is FIXED (NTFS) - 596 GiB total, 481.442 GiB free.
N: is CDROM ()
Y: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP490: 4/3/2011 2:26:23 PM - Revo Uninstaller Pro's restore point - DVDFab

8.0.7.3 (29/01/2011)
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Acronis True Image WD Edition
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Advanced MP3 Renamer 1.0.0
AeroWeather
AIM 7
AM-DeadLink 4.3
AMD Drag and Drop Transcoding
AMD Fuel
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Calendar
ASUSUpdate
AT&T Unified Messaging
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Stream SDK v2 Developer
avast! Free Antivirus
AVS Audio Converter version 6.1
AVS Update Manager 1.0
Bandwidth Monitor 3.4 build 757
Bejeweled 3
BioShock 2
Bonjour
Bonjour Print Services
Browser Configuration Utility
Call of Duty: Black Ops
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Circle Dock
COMODO System-Cleaner
CopyTrans Suite Remove Only
Core Temp version 0.99.8
Counter-Strike: Source
Coupon Printer for Windows
CPUID CPU-Z 1.53.1
Crysis® 2
D3DX10
Dell Driver Download Manager
DH Driver Cleaner Professional Edition
Diagnostic Utility
Download Updater (AOL LLC)
Dropbox
DVDFab 8.0.8.5 (19/03/2011)
Epson CreativeZone
Epson Event Manager
EPSON NX510 Series Printer Uninstall
EPSON Scan
EpsonNet Print
EpsonNet Setup
EPU-4 Engine
eReg
Evernote v. 4.2.2
Express Gate
ExpressGate Cloud
FastStone Photo Resizer 3.0
Flash Renamer 5.02
Free Studio version 5.0.6
Free Video to iPhone Converter version 3.2.10
FreeArc 0.60
Genie Timeline Home 2.1
Gold Fish Animated Wallpaper version 1.0
Google Chrome
Google Earth Plug-in
Google Gmail Notifier
Google Talk Plugin
Google Update Helper
GreenPrint
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
HijackThis 2.0.2
IObit Malware Fighter
iTunes
Java Auto Updater
Java Media Framework 2.1.1e
Java(TM) 6 Update 24
Juniper Networks Cache Cleaner 5.5.0
Juniper Networks Setup Client
Junk Mail filter update
LG ODD Auto Firmware Update
Logitech Harmony Remote Software
Logitech QuickCam
Logitech SetPoint 6.20
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Mass Effect 2
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Fix it Center
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007 Trial
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MobileMe Control Panel
MozBackup 1.4.10
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MusicBrainz Picard
NetBalancer
Network Activity Indicator for Windows 7 version 1.2
NVIDIA PhysX
O&O Defrag Professional
O&O DiskImage Professional
OGA Notifier 2.0.0048.0
OLYMPUS Digital Camera Updater
Olympus ib
PC Wizard 2010.1.93
Platform
Portal
PunkBuster Services
QuickTime
RAIDXpert
Realtek 8136 8168 8169 Ethernet Driver
Remote Control USB Driver
Safari
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
Samsung_MonSetup
Secunia PSI (2.0.0.3001)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Software Update Wizard (Redistributable) 4.5
Sonic RecordNow! Plus
Sonic Update Manager
SplashID iPhone Desktop 5.2
Steam
SyncToy 2.1 (x86)
TeamViewer 5
TeraCopy 2.12
The Lord of the Rings FREE Trial
Trend Micro RUBotted 2.0 Beta
TurboV
Uninstall 1.0.0.1
Unlocker 1.9.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
VIA Platform Device Manager
VSO CopyToDVD 4
WD SmartWare
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver

Package (09/09/2009 1.0.0.0)
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
WinRAR archiver
WinZip 15.0
WMV9/VC-1 Video Playback
Xmarks for IE
Xmarks Thumbnails for IE
XWindows Dock
Yahoo! BrowserPlus 2.7.1
.
==== Event Viewer Messages From Past Week ========
.
4/4/2011 7:14:56 PM, Error: Service Control Manager [7022]  - The Windows

Update service hung on starting.
4/4/2011 7:08:59 PM, Error: VDS Basic Provider [1]  - Unexpected failure.

Error code: D@01010004
4/4/2011 6:40:56 PM, Error: Service Control Manager [7009]  - A timeout was

reached (30000 milliseconds) while waiting for the O&O Defrag Agent service to

connect.
4/4/2011 6:40:56 PM, Error: Service Control Manager [7000]  - The O&O Defrag

Agent service failed to start due to the following error:  The service did not

respond to the start or control request in a timely fashion.
4/4/2011 6:40:23 PM, Error: Service Control Manager [7009]  - A timeout was

reached (30000 milliseconds) while waiting for the NetBalancer Windows Service

service to connect.
4/4/2011 6:40:23 PM, Error: Service Control Manager [7000]  - The NetBalancer

Windows Service service failed to start due to the following error:  The

service did not respond to the start or control request in a timely fashion.
4/4/2011 6:07:37 AM, Error: Service Control Manager [7031]  - The Genie

Timeline Service service terminated unexpectedly.  It has done this 2 time(s).

 The following corrective action will be taken in 5000 milliseconds: Restart

the service.
4/4/2011 5:45:18 AM, Error: Service Control Manager [7031]  - The Genie

Timeline Service service terminated unexpectedly.  It has done this 1 time(s).

 The following corrective action will be taken in 5000 milliseconds: Restart

the service.
4/4/2011 5:42:43 AM, Error: Service Control Manager [7034]  - The COMODO

System - Cleaner Service service terminated unexpectedly.  It has done this 1

time(s).
4/4/2011 4:14:07 PM, Error: Service Control Manager [7011]  - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

GenieTimelineService service.
4/3/2011 9:17:50 AM, Error: Microsoft-Windows-Application-Experience [205]  -

The Program Compatibility Assistant service failed to perform the phase two

initialization.
4/3/2011 9:14:29 AM, Error: Service Control Manager [7001]  - The Network List

Service service depends on the Network Location Awareness service which failed

to start because of the following error:  The dependency service or group

failed to start.
4/3/2011 9:14:29 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM

got error "1068" attempting to start the service fdPHost with arguments "" in

order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
4/3/2011 9:14:29 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM

got error "1068" attempting to start the service fdPHost with arguments "" in

order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/3/2011 9:14:09 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM

got error "1084" attempting to start the service WSearch with arguments "" in

order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/3/2011 9:14:09 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM

got error "1084" attempting to start the service WSearch with arguments "" in

order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/3/2011 9:14:07 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM

got error "1068" attempting to start the service netprofm with arguments "" in

order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/3/2011 9:14:07 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM

got error "1068" attempting to start the service netman with arguments "" in

order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/3/2011 9:14:06 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM

got error "1084" attempting to start the service EventSystem with arguments ""

in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/3/2011 9:14:00 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM

got error "1084" attempting to start the service ShellHWDetection with

arguments "" in order to run the server: {DD522ACC-F821-461A-A407-

50B198B896DC}
4/3/2011 9:13:53 AM, Error: Service Control Manager [7026]  - The following

boot-start or system-start driver(s) failed to load:  AFD AsIO AsUpIO aswRdr

aswSP aswTdi CFRMD CFRPD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss

spldr tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf
4/3/2011 9:13:50 AM, Error: Service Control Manager [7001]  - The Workstation

service depends on the Network Store Interface Service service which failed to

start because of the following error:  The dependency service or group failed

to start.
4/3/2011 9:13:50 AM, Error: Service Control Manager [7001]  - The TCP/IP

NetBIOS Helper service depends on the Ancillary Function Driver for Winsock

service which failed to start because of the following error:  A device

attached to the system is not functioning.
4/3/2011 9:13:50 AM, Error: Service Control Manager [7001]  - The SMB

MiniRedirector Wrapper and Engine service depends on the Redirected Buffering

Sub Sysytem service which failed to start because of the following error:  A

device attached to the system is not functioning.
4/3/2011 9:13:50 AM, Error: Service Control Manager [7001]  - The SMB 2.0

MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine

service which failed to start because of the following error:  The dependency

service or group failed to start.
4/3/2011 9:13:50 AM, Error: Service Control Manager [7001]  - The SMB 1.x

MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine

service which failed to start because of the following error:  The dependency

service or group failed to start.
4/3/2011 9:13:50 AM, Error: Service Control Manager [7001]  - The Network

Store Interface Service service depends on the NSI proxy service driver.

service which failed to start because of the following error:  A device

attached to the system is not functioning.
4/3/2011 9:13:50 AM, Error: Service Control Manager [7001]  - The Network

Location Awareness service depends on the Network Store Interface Service

service which failed to start because of the following error:  The dependency

service or group failed to start.
4/3/2011 9:13:50 AM, Error: Service Control Manager [7001]  - The IP Helper

service depends on the Network Store Interface Service service which failed to

start because of the following error:  The dependency service or group failed

to start.
4/3/2011 9:13:50 AM, Error: Service Control Manager [7001]  - The DNS Client

service depends on the NetIO Legacy TDI Support Driver service which failed to

start because of the following error:  A device attached to the system is not

functioning.
4/3/2011 9:13:50 AM, Error: Service Control Manager [7001]  - The DHCP Client

service depends on the Ancillary Function Driver for Winsock service which

failed to start because of the following error:  A device attached to the

system is not functioning.
4/3/2011 8:29:10 PM, Error: Disk [11]  - The driver detected a controller

error on \Device\Harddisk3\DR3.
4/3/2011 8:28:57 PM, Error: Service Control Manager [7009]  - A timeout was

reached (30000 milliseconds) while waiting for the AirPrint service to

connect.
4/3/2011 8:28:57 PM, Error: Service Control Manager [7000]  - The AirPrint

service failed to start due to the following error:  The service did not

respond to the start or control request in a timely fashion.
4/3/2011 8:21:26 PM, Error: Service Control Manager [7009]  - A timeout was

reached (30000 milliseconds) while waiting for the Web Update Wizard Service

V4 service to connect.
4/3/2011 3:20:02 AM, Error: Microsoft-Windows-Eventlog [23]  - The event

logging service encountered an error (res=8) while initializing logging

resources for channel Microsoft-Windows-WER-Diag/Operational.
4/2/2011 8:45:07 PM, Error: Service Control Manager [7011]  - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

TeamViewer5 service.
4/2/2011 3:50:39 PM, Error: Service Control Manager [7011]  - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

GreenPrint service.
4/1/2011 11:07:47 PM, Error: Disk [11]  - The driver detected a controller

error on \Device\Harddisk2\DR2.
3/30/2011 5:39:36 PM, Error: volsnap [36]  - The shadow copies of volume C:

were aborted because the shadow copy storage could not grow due to a user

imposed limit.
3/30/2011 3:23:23 PM, Error: Service Control Manager [7026]  - The following

boot-start or system-start driver(s) failed to load:  CFRMD
.
==== End Of File ===========================
Title: Re: [In Progress] Help!!
Post by: Hoov on April 04, 2011, 07:56:39 PM
First please read http://spywarehammer.com/simplemachinesforum/index.php?topic=110.0 .

Once you have uninstalled all your P2P programs, can you tell me how long your computer runs before you start seeing problems?

Next I need you to go to the administration tools in Windows 7. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on  System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

Please read carefully and follow these steps.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 04, 2011, 08:17:22 PM
cant send in zip file, too large!
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 04, 2011, 08:19:52 PM
2011/04/04 21:18:27.0425 15388   TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/04 21:18:27.0606 15388   ================================================================================
2011/04/04 21:18:27.0606 15388   SystemInfo:
2011/04/04 21:18:27.0606 15388   
2011/04/04 21:18:27.0606 15388   OS Version: 6.1.7601 ServicePack: 1.0
2011/04/04 21:18:27.0606 15388   Product type: Workstation
2011/04/04 21:18:27.0607 15388   ComputerName: STORNELLO-PC1
2011/04/04 21:18:27.0607 15388   UserName: Joe
2011/04/04 21:18:27.0607 15388   Windows directory: C:\Windows
2011/04/04 21:18:27.0607 15388   System windows directory: C:\Windows
2011/04/04 21:18:27.0607 15388   Processor architecture: Intel x86
2011/04/04 21:18:27.0607 15388   Number of processors: 4
2011/04/04 21:18:27.0607 15388   Page size: 0x1000
2011/04/04 21:18:27.0607 15388   Boot type: Normal boot
2011/04/04 21:18:27.0607 15388   ================================================================================
2011/04/04 21:18:28.0311 15388   Initialize success
2011/04/04 21:18:36.0560 15824   ================================================================================
2011/04/04 21:18:36.0560 15824   Scan started
2011/04/04 21:18:36.0560 15824   Mode: Manual;
2011/04/04 21:18:36.0560 15824   ================================================================================
2011/04/04 21:18:37.0085 15824   1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/04/04 21:18:37.0119 15824   ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/04/04 21:18:37.0149 15824   AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/04/04 21:18:37.0210 15824   adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/04 21:18:37.0236 15824   adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/04 21:18:37.0262 15824   adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/04 21:18:37.0306 15824   AFD             (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/04/04 21:18:37.0326 15824   agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/04/04 21:18:37.0345 15824   aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/04 21:18:37.0387 15824   aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/04/04 21:18:37.0489 15824   amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/04/04 21:18:37.0510 15824   amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/04/04 21:18:37.0536 15824   amdiox86        (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
2011/04/04 21:18:37.0556 15824   AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/04 21:18:37.0688 15824   amdkmdag        (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/04 21:18:37.0819 15824   amdkmdap        (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/04 21:18:37.0841 15824   AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/04 21:18:37.0869 15824   amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/04/04 21:18:37.0894 15824   amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/04 21:18:37.0919 15824   amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/04/04 21:18:37.0957 15824   AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/04/04 21:18:38.0013 15824   arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/04 21:18:38.0031 15824   arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/04 21:18:38.0057 15824   AsIO            (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
2011/04/04 21:18:38.0087 15824   AsUpIO          (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys
2011/04/04 21:18:38.0102 15824   aswFsBlk        (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/04 21:18:38.0127 15824   aswMonFlt       (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/04 21:18:38.0147 15824   aswRdr          (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
2011/04/04 21:18:38.0172 15824   aswSP           (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
2011/04/04 21:18:38.0192 15824   aswTdi          (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
2011/04/04 21:18:38.0214 15824   AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/04 21:18:38.0227 15824   atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/04/04 21:18:38.0300 15824   AtiHDAudioService (95b1e9804ca10d096c0383f7c6684950) C:\Windows\system32\drivers\AtihdW73.sys
2011/04/04 21:18:38.0408 15824   AtiHdmiService  (36a49b49e982450ac117eda6ab35bdf5) C:\Windows\system32\drivers\AtiHdmi.sys
2011/04/04 21:18:38.0429 15824   AtiPcie         (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/04/04 21:18:38.0472 15824   b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/04 21:18:38.0497 15824   b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/04 21:18:38.0529 15824   Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/04 21:18:38.0558 15824   blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/04 21:18:38.0578 15824   bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/04 21:18:38.0601 15824   BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/04 21:18:38.0629 15824   BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/04 21:18:38.0662 15824   Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/04 21:18:38.0677 15824   BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/04 21:18:38.0699 15824   BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/04 21:18:38.0717 15824   BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/04 21:18:38.0746 15824   BthAvrcp        (db99076533ffb38cbec8ac88e4535850) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/04/04 21:18:38.0800 15824   BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
2011/04/04 21:18:38.0820 15824   BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/04 21:18:38.0846 15824   BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/04 21:18:38.0883 15824   BTHPORT         (195c41cc67e9e1cedd960ccb74925920) C:\Windows\System32\Drivers\BTHport.sys
2011/04/04 21:18:38.0922 15824   BTHUSB          (43b3206dd654e783aa7e4ead340a43b8) C:\Windows\System32\Drivers\BTHUSB.sys
2011/04/04 21:18:38.0957 15824   CamDrL          (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\Windows\system32\DRIVERS\Camdrl.sys
2011/04/04 21:18:38.0997 15824   cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/04 21:18:39.0035 15824   cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/04/04 21:18:39.0066 15824   CFRMD           (51a59d8608bcfa84d71dd9977439f074) C:\Windows\system32\DRIVERS\CFRMD.sys
2011/04/04 21:18:39.0086 15824   CFRPD           (12ff8d1f133c4d60c5dc782cac7e1362) C:\Windows\system32\DRIVERS\CFRPD.sys
2011/04/04 21:18:39.0116 15824   circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/04 21:18:39.0152 15824   CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/04 21:18:39.0194 15824   CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/04 21:18:39.0212 15824   cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/04/04 21:18:39.0236 15824   CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/04 21:18:39.0260 15824   Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/04 21:18:39.0291 15824   CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/04/04 21:18:39.0336 15824   cpuz132         (097a0a4899b759a4f032bd464963b4be) C:\Windows\system32\drivers\cpuz132_x32.sys
2011/04/04 21:18:39.0357 15824   crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/04 21:18:39.0405 15824   CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/04/04 21:18:39.0438 15824   DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/04/04 21:18:39.0459 15824   discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/04 21:18:39.0480 15824   Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/04 21:18:39.0525 15824   drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/04 21:18:39.0564 15824   DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/04 21:18:39.0639 15824   ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/04 21:18:39.0724 15824   elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/04 21:18:39.0772 15824   ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/04/04 21:18:39.0811 15824   exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/04 21:18:39.0826 15824   fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/04 21:18:39.0853 15824   fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/04 21:18:39.0872 15824   FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/04 21:18:39.0930 15824   FileMonitor     (53ae964b7271c4ce8f5dc3bdb96c6949) C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys
2011/04/04 21:18:39.0949 15824   Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/04 21:18:39.0981 15824   flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/04 21:18:40.0004 15824   FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/04 21:18:40.0035 15824   FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/04 21:18:40.0052 15824   fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/04 21:18:40.0085 15824   FsUsbExDisk     (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
2011/04/04 21:18:40.0119 15824   Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/04 21:18:40.0145 15824   fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/04 21:18:40.0168 15824   gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/04 21:18:40.0195 15824   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/04 21:18:40.0231 15824   hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/04 21:18:40.0260 15824   HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/04/04 21:18:40.0284 15824   HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/04/04 21:18:40.0300 15824   HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/04 21:18:40.0319 15824   HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/04 21:18:40.0342 15824   HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/04 21:18:40.0376 15824   HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/04 21:18:40.0406 15824   HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/04 21:18:40.0445 15824   HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/04/04 21:18:40.0470 15824   hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/04 21:18:40.0488 15824   i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/04/04 21:18:40.0510 15824   iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/04/04 21:18:40.0546 15824   iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/04 21:18:40.0590 15824   intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/04/04 21:18:40.0607 15824   intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/04 21:18:40.0635 15824   IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/04 21:18:40.0656 15824   IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/04 21:18:40.0671 15824   IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/04 21:18:40.0689 15824   IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/04 21:18:40.0705 15824   isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/04/04 21:18:40.0724 15824   iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/04/04 21:18:40.0761 15824   ivusb           (37412294ea4b70ed8b4a9338ebaeecaa) C:\Windows\system32\DRIVERS\ivusb.sys
2011/04/04 21:18:40.0794 15824   kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/04/04 21:18:40.0827 15824   kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/04/04 21:18:40.0862 15824   KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/04 21:18:40.0877 15824   KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/04 21:18:40.0933 15824   LEqdUsb         (eee5a87ec378c9ad7ce91073fbd63465) C:\Windows\system32\Drivers\LEqdUsb.Sys
2011/04/04 21:18:40.0956 15824   LHidEqd         (62663b385087f5977d8ebd1fdc67b639) C:\Windows\system32\Drivers\LHidEqd.Sys
2011/04/04 21:18:40.0975 15824   LHidFilt        (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/04 21:18:41.0011 15824   lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/04 21:18:41.0037 15824   LMouFilt        (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/04 21:18:41.0064 15824   LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/04 21:18:41.0089 15824   LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/04 21:18:41.0104 15824   LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/04 21:18:41.0122 15824   LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/04 21:18:41.0142 15824   luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/04 21:18:41.0203 15824   LVcKap          (9a3d4fc6b86e7e36473079ab76ac703d) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/04/04 21:18:41.0283 15824   LVMVDrv         (0acbc11f19320af6c19f2e20013d9095) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2011/04/04 21:18:41.0335 15824   LVPr2Mon        (12866641284ebb41e627bb53c04da959) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/04 21:18:41.0382 15824   LVUSBSta        (64bc29c3a0388bfc580bb8b1346f7659) C:\Windows\system32\DRIVERS\LVUSBSta.sys
2011/04/04 21:18:41.0412 15824   mcdbus          (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/04/04 21:18:41.0432 15824   megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/04 21:18:41.0459 15824   MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/04 21:18:41.0484 15824   Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/04 21:18:41.0520 15824   monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/04 21:18:41.0552 15824   mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/04/04 21:18:41.0566 15824   mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/04 21:18:41.0605 15824   mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/04 21:18:41.0628 15824   mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/04/04 21:18:41.0651 15824   mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/04 21:18:41.0690 15824   MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/04/04 21:18:41.0712 15824   mrxsmb          (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/04 21:18:41.0727 15824   mrxsmb10        (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/04 21:18:41.0746 15824   mrxsmb20        (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/04 21:18:41.0764 15824   msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/04/04 21:18:41.0785 15824   msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/04/04 21:18:41.0808 15824   Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/04 21:18:41.0829 15824   mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/04 21:18:41.0841 15824   msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/04/04 21:18:41.0877 15824   MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/04 21:18:41.0895 15824   MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/04 21:18:41.0914 15824   MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/04 21:18:41.0939 15824   MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/04 21:18:41.0965 15824   mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/04/04 21:18:41.0989 15824   MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/04 21:18:42.0009 15824   MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/04 21:18:42.0041 15824   MTsensor        (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/04 21:18:42.0070 15824   Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/04 21:18:42.0102 15824   NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/04 21:18:42.0138 15824   Nbdrv           (ce450acf87ea92fd3c09873149b4badb) C:\Windows\system32\DRIVERS\nbdrv.sys
2011/04/04 21:18:42.0178 15824   NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/04/04 21:18:42.0208 15824   NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/04 21:18:42.0230 15824   NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/04 21:18:42.0258 15824   Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/04 21:18:42.0286 15824   NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/04 21:18:42.0307 15824   NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/04/04 21:18:42.0339 15824   NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/04 21:18:42.0370 15824   NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/04 21:18:42.0428 15824   nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/04 21:18:42.0464 15824   NPF             (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2011/04/04 21:18:42.0480 15824   Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/04 21:18:42.0496 15824   nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/04 21:18:42.0523 15824   Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/04/04 21:18:42.0554 15824   Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/04 21:18:42.0591 15824   nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/04/04 21:18:42.0618 15824   nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/04/04 21:18:42.0642 15824   nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/04/04 21:18:42.0663 15824   ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/04/04 21:18:42.0743 15824   oodisr          (0d48a7d3859c3bc893241444729aefee) C:\Windows\system32\DRIVERS\oodisr.sys
2011/04/04 21:18:42.0759 15824   oodisrh         (7baa052b7409509f7e81365281865895) C:\Windows\system32\DRIVERS\oodisrh.sys
2011/04/04 21:18:42.0776 15824   oodivd          (f694728aa200fa295fd8a093a907c1ea) C:\Windows\system32\DRIVERS\oodivd.sys
2011/04/04 21:18:42.0792 15824   oodivdh         (df8b3600467c380e60cc7053e7eecc02) C:\Windows\system32\DRIVERS\oodivdh.sys
2011/04/04 21:18:42.0835 15824   Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/04 21:18:42.0858 15824   partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/04/04 21:18:42.0881 15824   Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/04 21:18:42.0905 15824   pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/04/04 21:18:42.0920 15824   pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/04/04 21:18:42.0952 15824   pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/04 21:18:42.0990 15824   pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/04 21:18:43.0006 15824   pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/04 21:18:43.0033 15824   PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/04 21:18:43.0110 15824   PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/04 21:18:43.0127 15824   Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/04 21:18:43.0159 15824   Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/04 21:18:43.0190 15824   PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/04/04 21:18:43.0216 15824   PxHelp20        (30cbae0a34359f1cd19d1576245149ed) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/04 21:18:43.0255 15824   ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/04 21:18:43.0288 15824   ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/04 21:18:43.0306 15824   QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/04 21:18:43.0336 15824   RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/04 21:18:43.0358 15824   RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/04 21:18:43.0374 15824   Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/04 21:18:43.0437 15824   RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/04 21:18:43.0462 15824   RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/04 21:18:43.0492 15824   rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/04 21:18:43.0508 15824   rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/04 21:18:43.0530 15824   RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/04 21:18:43.0562 15824   RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/04/04 21:18:43.0586 15824   RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/04 21:18:43.0603 15824   RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/04 21:18:43.0637 15824   RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/04/04 21:18:43.0675 15824   rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/04/04 21:18:43.0753 15824   RegFilter       (ea7d751a55c8935257f3438efa469c48) C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\RegFilter.sys
2011/04/04 21:18:43.0784 15824   RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/04 21:18:43.0832 15824   RimVSerPort     (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/04/04 21:18:43.0857 15824   ROOTMODEM       (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/04 21:18:43.0903 15824   rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/04 21:18:43.0942 15824   RTL8167         (94a48c15d32d69867f03894a4e70a87a) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/04/04 21:18:43.0990 15824   RtNdPt60        (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
2011/04/04 21:18:44.0007 15824   RTTEAMPT        (d78d74c6ed83339910ccca7e68534222) C:\Windows\system32\DRIVERS\RtTeam60.sys
2011/04/04 21:18:44.0031 15824   RTVLANPT        (e6472a4007fb17d27d4091abd657a291) C:\Windows\system32\DRIVERS\RtVlan60.sys
2011/04/04 21:18:44.0061 15824   s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/04/04 21:18:44.0092 15824   sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/04/04 21:18:44.0127 15824   scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/04 21:18:44.0168 15824   secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/04 21:18:44.0216 15824   Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/04 21:18:44.0243 15824   Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/04 21:18:44.0264 15824   sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/04 21:18:44.0302 15824   sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/04/04 21:18:44.0324 15824   sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/04 21:18:44.0348 15824   sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/04 21:18:44.0363 15824   sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/04 21:18:44.0391 15824   sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/04/04 21:18:44.0406 15824   SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/04 21:18:44.0420 15824   SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/04 21:18:44.0451 15824   Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/04 21:18:44.0493 15824   snapman         (68fc62a72bd6d8e9dfe3718440be94a0) C:\Windows\system32\DRIVERS\snapman.sys
2011/04/04 21:18:44.0512 15824   spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/04 21:18:44.0542 15824   srv             (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys
2011/04/04 21:18:44.0561 15824   srv2            (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/04 21:18:44.0584 15824   srvnet          (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/04 21:18:44.0632 15824   stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/04 21:18:44.0651 15824   storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/04/04 21:18:44.0679 15824   storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/04/04 21:18:44.0703 15824   swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/04/04 21:18:44.0744 15824   Tcpip           (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/04/04 21:18:44.0779 15824   TCPIP6          (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/04 21:18:44.0812 15824   tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/04 21:18:44.0838 15824   TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/04/04 21:18:44.0876 15824   tdrpman         (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
2011/04/04 21:18:44.0898 15824   TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/04/04 21:18:44.0927 15824   tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/04 21:18:44.0956 15824   TEAM            (d78d74c6ed83339910ccca7e68534222) C:\Windows\system32\DRIVERS\RtTeam60.sys
2011/04/04 21:18:44.0985 15824   TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/04/04 21:18:45.0020 15824   tifsfilter      (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/04/04 21:18:45.0041 15824   timounter       (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
2011/04/04 21:18:45.0089 15824   tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/04 21:18:45.0137 15824   TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/04/04 21:18:45.0189 15824   tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/04 21:18:45.0222 15824   uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/04 21:18:45.0256 15824   udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/04 21:18:45.0298 15824   uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/04 21:18:45.0318 15824   umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/04/04 21:18:45.0337 15824   UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/04 21:18:45.0387 15824   UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/04/04 21:18:45.0445 15824   UrlFilter       (19ec30fe022618600785ab81015d4178) C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys
2011/04/04 21:18:45.0479 15824   USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/04 21:18:45.0527 15824   usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
2011/04/04 21:18:45.0556 15824   usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/04/04 21:18:45.0578 15824   usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/04/04 21:18:45.0600 15824   usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/04 21:18:45.0635 15824   usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/04/04 21:18:45.0651 15824   usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/04 21:18:45.0666 15824   usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/04 21:18:45.0697 15824   USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/04/04 21:18:45.0718 15824   usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/04 21:18:45.0747 15824   vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/04/04 21:18:45.0764 15824   vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/04 21:18:45.0778 15824   VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/04 21:18:45.0799 15824   vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/04/04 21:18:45.0831 15824   viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/04/04 21:18:45.0856 15824   ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/04 21:18:45.0906 15824   VIAHdAudAddService (4906e025dd6b322c4bbd6b9e35c9993a) C:\Windows\system32\drivers\viahduaa.sys
2011/04/04 21:18:45.0940 15824   viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/04/04 21:18:45.0959 15824   vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/04/04 21:18:45.0982 15824   VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/04/04 21:18:45.0997 15824   volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/04/04 21:18:46.0014 15824   volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/04 21:18:46.0032 15824   volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/04/04 21:18:46.0069 15824   vpcbus          (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/04/04 21:18:46.0097 15824   vpcnfltr        (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/04/04 21:18:46.0119 15824   vpcusb          (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/04/04 21:18:46.0149 15824   vpcvmm          (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
2011/04/04 21:18:46.0171 15824   vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/04 21:18:46.0193 15824   vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/04 21:18:46.0230 15824   WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/04 21:18:46.0268 15824   WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/04 21:18:46.0278 15824   Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/04 21:18:46.0333 15824   Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/04 21:18:46.0360 15824   WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2011/04/04 21:18:46.0393 15824   Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/04 21:18:46.0449 15824   WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/04 21:18:46.0469 15824   WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/04 21:18:46.0496 15824   WinFLdrv        (3edae52bbccf3fdfbd884c8d7ba1d392) C:\Windows\system32\WinFLdrv.sys
2011/04/04 21:18:46.0546 15824   WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/04 21:18:46.0584 15824   WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/04 21:18:46.0615 15824   ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/04 21:18:46.0640 15824   WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
2011/04/04 21:18:46.0657 15824   WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
2011/04/04 21:18:46.0675 15824   WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
2011/04/04 21:18:46.0692 15824   WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
2011/04/04 21:18:46.0710 15824   WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
2011/04/04 21:18:46.0740 15824   WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/04/04 21:18:46.0765 15824   WSDScan         (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/04/04 21:18:46.0802 15824   WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/04/04 21:18:46.0828 15824   WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/04 21:18:46.0912 15824   ================================================================================
2011/04/04 21:18:46.0912 15824   Scan finished
2011/04/04 21:18:46.0912 15824   ================================================================================
Title: Re: [In Progress] Help!!
Post by: Hoov on April 04, 2011, 08:37:38 PM
I am going to send you a private message on what to do with the logs.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 04, 2011, 09:15:54 PM
I will run combofix tomorrow
Title: Re: [In Progress] Help!!
Post by: Hoov on April 04, 2011, 09:22:46 PM
OK.
Title: Re: [In Progress] Help!!
Post by: Hoov on April 05, 2011, 08:42:57 AM
Have you ever messed with the paging file settings?
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 05, 2011, 03:14:30 PM
Maybe, some tweak I read about, but not 100% sure.
Title: Re: [In Progress] Help!!
Post by: Hoov on April 05, 2011, 03:22:48 PM
Lets see what combofix says before we dig into the paging file.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 05, 2011, 07:40:57 PM
ComboFix 11-04-05.02 - Joe 04/05/2011  20:10:56.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3327.1900 [GMT -5:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ErrLog.txt
c:\program files\Genie-Soft\Genie Timeline\htmlayout.dll
c:\programdata\ntuser.dat
c:\programdata\SQLite3.dll
c:\programdata\uninst.exe
c:\restoration\Restoration.exe
c:\users\Joe\AppData\Roaming\EurekaLog
c:\users\Joe\AppData\Roaming\inst.exe
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-06 to 2011-04-06  )))))))))))))))))))))))))))))))
.
.
2011-04-06 01:20 . 2011-04-06 01:20   --------   d-----w-   c:\users\Mary\AppData\Local\temp
2011-04-06 01:20 . 2011-04-06 01:20   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-04-06 01:20 . 2011-04-06 01:20   --------   d-----w-   c:\users\Christian\AppData\Local\temp
2011-04-06 01:08 . 2011-04-06 01:08   --------   d-----w-   C:\32788R22FWJFW
2011-04-05 18:01 . 2011-03-15 04:05   6792528   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{C019A885-3F8D-4E51-A8CF-F3C3976743C6}\mpengine.dll
2011-04-05 00:00 . 2011-04-05 00:00   --------   d-----w-   c:\program files\WinPcap
2011-04-05 00:00 . 2011-04-05 00:00   --------   d-----w-   c:\program files\Trend Micro
2011-04-03 19:29 . 2011-04-03 19:30   --------   d-----w-   c:\program files\DVDFab 8
2011-04-02 21:16 . 2011-04-05 20:49   --------   d-----w-   c:\users\Mary\AppData\Local\CrashDumps
2011-03-28 01:48 . 2011-03-28 01:48   --------   d-----w-   c:\users\Christian\AppData\Local\AMD
2011-03-28 01:48 . 2011-03-28 01:48   --------   d-----w-   c:\users\Christian\AppData\Roaming\TeamViewer
2011-03-28 01:48 . 2011-03-28 01:48   --------   d-----w-   c:\users\Christian\AppData\Local\Western Digital
2011-03-28 01:48 . 2011-03-28 01:48   --------   d-----w-   c:\users\Christian\AppData\Roaming\Epson
2011-03-28 01:48 . 2011-03-28 01:48   --------   d-----w-   c:\users\Christian\AppData\Roaming\Logitech
2011-03-24 17:00 . 2011-03-24 17:00   --------   d-----w-   c:\program files\iPod
2011-03-24 17:00 . 2011-03-24 17:01   --------   d-----w-   c:\program files\iTunes
2011-03-24 16:57 . 2011-03-24 16:57   --------   d-----w-   c:\program files\Apple Software Update
2011-03-24 16:57 . 2011-03-24 16:57   --------   d-----w-   c:\program files\Bonjour
2011-03-24 16:57 . 2011-03-24 17:00   --------   d-----w-   c:\program files\Common Files\Apple
2011-03-24 16:04 . 2011-03-24 16:04   --------   d-----w-   c:\users\Joe\AppData\Roaming\DVDVideoSoft
2011-03-23 02:06 . 2011-03-23 02:06   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-23 01:04 . 2011-04-04 21:15   --------   d-----w-   c:\users\Francesca\AppData\Local\CrashDumps
2011-03-23 00:16 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-23 00:16 . 2011-03-18 17:53   781272   ----a-w-   c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-23 00:16 . 2011-03-18 17:53   1874904   ----a-w-   c:\program files\Mozilla Firefox\mozjs.dll
2011-03-23 00:16 . 2011-03-18 17:53   15832   ----a-w-   c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-23 00:16 . 2011-03-18 17:53   728024   ----a-w-   c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-23 00:16 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\libEGL.dll
2011-03-23 00:16 . 2011-03-18 17:53   1893336   ----a-w-   c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-23 00:16 . 2011-03-18 17:53   1975768   ----a-w-   c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-16 22:29 . 2011-03-16 22:36   --------   d-----w-   c:\users\Joe\AppData\Local\Xmarks
2011-03-16 22:29 . 2011-03-16 22:31   --------   d-----w-   c:\program files\Xmarks
2011-03-12 17:28 . 2011-03-12 17:28   103864   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 17:28 . 2011-03-12 17:28   103864   ----a-w-   c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-10 03:31 . 2011-03-10 03:31   --------   d-----w-   c:\users\Joe\Logitech
2011-03-10 03:30 . 2011-03-10 03:30   --------   d-----w-   c:\program files\Common Files\Remote Control USB Driver
2011-03-10 03:29 . 2006-02-07 21:40   204800   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-03-10 03:29 . 2006-02-07 21:40   274432   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-03-10 03:29 . 2011-03-10 03:29   331908   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-03-10 03:29 . 2011-03-10 03:29   200836   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-03-10 03:29 . 2006-02-07 21:45   757760   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-03-10 03:29 . 2006-02-07 21:40   69715   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-03-10 03:29 . 2005-11-14 05:19   5632   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-03-09 16:27 . 2011-04-05 20:52   --------   d-----w-   c:\users\Joe\AppData\Local\CrashDumps
2011-03-09 01:50 . 2011-02-19 06:30   805376   ----a-w-   c:\windows\system32\FntCache.dll
2011-03-09 01:50 . 2011-02-19 06:30   1076736   ----a-w-   c:\windows\system32\DWrite.dll
2011-03-09 01:50 . 2011-02-19 06:30   739840   ----a-w-   c:\windows\system32\d2d1.dll
2011-03-09 01:50 . 2010-12-23 05:54   642048   ----a-w-   c:\windows\system32\CPFilters.dll
2011-03-09 01:50 . 2010-12-23 05:54   534528   ----a-w-   c:\windows\system32\EncDec.dll
2011-03-09 01:50 . 2010-12-23 05:54   850944   ----a-w-   c:\windows\system32\sbe.dll
2011-03-09 01:50 . 2010-12-23 05:50   199680   ----a-w-   c:\windows\system32\mpg2splt.ax
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 16:39 . 2010-06-24 16:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 03:17 . 2009-07-14 02:05   152576   ----a-w-   c:\windows\system32\msclmd.dll
2011-02-18 22:36 . 2011-02-18 22:36   41984   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2011-02-18 22:36 . 2011-02-18 22:36   4184352   ----a-w-   c:\windows\system32\usbaaplrc.dll
2011-02-05 17:09 . 2011-02-05 17:09   53248   ----a-r-   c:\users\Joe\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-02-05 17:09 . 2010-12-31 03:04   16400   ----a-w-   c:\windows\system32\drivers\LNonPnP.sys
2011-02-03 05:54 . 2011-02-09 03:42   219008   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
2011-02-03 03:40 . 2010-04-20 00:39   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-02-02 23:11 . 2010-03-19 01:26   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-01-26 23:36 . 2011-01-26 23:36   7566848   ----a-w-   c:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:00 . 2011-01-26 23:00   143360   ----a-w-   c:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2010-02-03 04:23   596480   ----a-w-   c:\windows\system32\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59   17204736   ----a-w-   c:\windows\system32\atioglxx.dll
2011-01-26 22:56 . 2011-01-26 22:56   462848   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:55 . 2011-01-26 22:55   393216   ----a-w-   c:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55   176128   ----a-w-   c:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54   159744   ----a-w-   c:\windows\system32\atitmmxx.dll
2011-01-26 22:53 . 2011-01-26 22:53   356352   ----a-w-   c:\windows\system32\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53   278528   ----a-w-   c:\windows\system32\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53   15872   ----a-w-   c:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53   43520   ----a-w-   c:\windows\system32\ati2edxx.dll
2011-01-26 22:49 . 2010-04-07 02:06   4105728   ----a-w-   c:\windows\system32\atidxx32.dll
2011-01-26 22:32 . 2011-01-26 22:32   1912832   ----a-w-   c:\windows\system32\atiumdmv.dll
2011-01-26 22:28 . 2010-02-03 03:55   4170752   ----a-w-   c:\windows\system32\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27   46080   ----a-w-   c:\windows\system32\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27   44032   ----a-w-   c:\windows\system32\aticalcl.dll
2011-01-26 22:25 . 2011-01-26 22:25   5580800   ----a-w-   c:\windows\system32\aticaldd.dll
2011-01-26 22:24 . 2010-02-03 03:37   3463680   ----a-w-   c:\windows\system32\atiumdva.dll
2011-01-26 22:20 . 2010-02-03 03:23   52736   ----a-w-   c:\windows\system32\coinst.dll
2011-01-26 22:14 . 2011-01-26 22:14   249856   ----a-w-   c:\windows\system32\atiadlxx.dll
2011-01-26 22:13 . 2011-01-26 22:13   12800   ----a-w-   c:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13   32768   ----a-w-   c:\windows\system32\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13   238592   ----a-w-   c:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2010-02-03 03:23   30720   ----a-w-   c:\windows\system32\atiuxpag.dll
2011-01-26 22:12 . 2010-02-03 03:22   28672   ----a-w-   c:\windows\system32\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11   53248   ----a-w-   c:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08   52736   ----a-w-   c:\windows\system32\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08   52736   ----a-w-   c:\windows\system32\amdpcom32.dll
2011-01-21 12:36 . 2011-01-21 12:36   80416   ----a-w-   c:\windows\system32\RtNicProp32.dll
2011-01-21 12:36 . 2011-01-21 12:36   328808   ----a-w-   c:\windows\system32\drivers\Rt86win7.sys
2011-01-17 05:47 . 2011-03-03 02:54   161792   ----a-w-   c:\windows\system32\d3d10_1.dll
2011-01-13 08:47 . 2010-10-17 04:38   38848   ----a-w-   c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-03-19 01:42   188216   ----a-w-   c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-03-19 01:42   294608   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-03-19 01:42   47440   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-03-19 01:42   23632   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-03-19 01:42   51280   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-03-19 01:42   17744   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 07:46 . 2011-02-23 04:37   870912   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-01-07 07:46 . 2011-02-23 04:37   288256   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-09 03:43   34304   ----a-w-   c:\windows\system32\atmlib.dll
2011-01-07 05:43 . 2011-02-09 03:43   294400   ----a-w-   c:\windows\system32\atmfd.dll
2011-01-06 01:34 . 2010-03-19 22:22   47360   ----a-w-   c:\users\Joe\AppData\Roaming\pcouffin.sys
2011-03-18 17:53 . 2011-03-23 00:16   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36   94208   ----a-w-   c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36   94208   ----a-w-   c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36   94208   ----a-w-   c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2010-09-01 06:07   111944   ----a-w-   c:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"NetworkIndicator"="c:\program files\NetworkIndicator\NetworkIndicator.exe" [2010-01-04 163840]
"DesktopOK"="c:\users\Joe\Desktop\DesktopOK.exe" [2010-02-23 79872]
"Google Update"="c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-19 136176]
"NetBalancer"="c:\program files\NetBalancer\SeriousBit.NetBalancer.Tray.exe" [2010-12-10 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 1486848]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-12 21504]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2011-01-11 1051264]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 252704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-01-30 3788632]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-11-25 2781000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\users\Francesca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-2-16 967168]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-3-19 576000]
XWindows Dock.lnk - c:\program files\XWindows Dock\XWD.exe [2010-11-16 2217472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13   64592   ----a-w-   c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Joe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07   932288   ----a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus NX510(Network) @ Stornello-PC1]
2009-11-04 12:07   199680   ----a-w-   c:\windows\System32\spool\drivers\w32x86\3\E_FATIFIA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON09EB72]
2009-11-04 12:07   199680   ----a-w-   c:\windows\System32\spool\drivers\w32x86\3\E_FATIFIA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44   31072   ----a-w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-21 00:08   963976   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODITRAY.EXE]
2010-09-01 06:07   2192712   ----a-w-   c:\program files\OO Software\DiskImage\ooditray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xmarks]
2011-02-05 15:55   1092808   ----a-w-   c:\program files\Xmarks\IE Extension\xmarkssync.exe
.
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 133104]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 25112]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\RegFilter.sys [2011-01-26 41424]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 35328]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 35328]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-01-26 24432]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-09-19 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-09-19 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-09-19 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-09-19 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-09-19 25704]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-01-29 18256]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys [2010-09-01 96336]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys [2010-09-01 28752]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [2010-09-01 171088]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [2010-09-01 31824]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 aswSP;aswSP;
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2010-12-09 64608]
S1 CFRPD;CFRPD;c:\windows\system32\DRIVERS\CFRPD.sys [2010-12-09 33744]
S2 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe [2010-10-07 234784]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-27 284672]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 305600]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-04-10 294912]
S2 Firefox Service;Firefox Service;c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\u36cr1xu.default\extensions\startup.service@mozilla.com\svc.exe [2011-03-10 83456]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-05 238952]
S2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [2011-01-11 362624]
S2 GreenPrint;GreenPrint;c:\program files\GreenPrint\GPSRHT01.exe [2009-10-28 427048]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-01-30 821592]
S2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2010-12-10 10240]
S2 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe [2010-09-01 2811208]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-11-25 2404168]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 27648]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-11-08 237568]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-11-08 1060352]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-11-08 484352]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2008-09-15 262360]
S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2010-11-03 17984]
S3 ALSysIO;ALSysIO;c:\users\Joe\AppData\Local\Temp\ALSysIO.sys
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-08-24 40912]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-08-24 10448]
S3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [2010-05-15 28776]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-21 328808]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1077760]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-05 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 01:42]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 01:42]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3473983106-165326119-2687021982-1001Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 04:57]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3473983106-165326119-2687021982-1001UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-27 04:57]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3473983106-165326119-2687021982-1004Core.job
- c:\users\Francesca\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 04:57]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3473983106-165326119-2687021982-1004UA.job
- c:\users\Francesca\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 04:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Joe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Joe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\u36cr1xu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://dsl.sbc.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{9e3f670b-884b-4776-a19f-d363c9a4145c} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{9E3F670B-884B-4776-A19F-D363C9A4145C} - (no file)
HKCU-Run-Core Temp - c:\core temp\Core Temp.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
SafeBoot-SolutoService
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,43,7b,fb,bc,20,01,4c,8d,2e,cb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,43,7b,fb,bc,20,01,4c,8d,2e,cb,\
.
[HKEY_USERS\S-1-5-21-3473983106-165326119-2687021982-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \Smart Bookmarks]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2800)
c:\program files\TeamViewer\Version5\tv.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\OO Software\DiskImage\oodishi.dll
c:\program files\OO Software\DiskImage\oodishrs.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Core Temp\Core Temp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\GreenPrint\gpsrdg01.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\UTSCSI.EXE
c:\windows\System32\vds.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\vdsldr.exe
c:\program files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
c:\program files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
c:\program files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\msfeedssync.exe
.
**************************************************************************
.
Completion time: 2011-04-05  20:31:10 - machine was rebooted
ComboFix-quarantined-files.txt  2011-04-06 01:31
.
Pre-Run: 55,385,604,096 bytes free
Post-Run: 57,404,837,888 bytes free
.
- - End Of File - - 6424335621794BB1FF1B605F50F7256E
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 05, 2011, 07:42:35 PM
this is one of the error messages i get when things stop working.....

The instance at 0x00000000 referenced memory 0x00000000 then memory could not be written.
Title: Re: [In Progress] Help!!
Post by: Hoov on April 05, 2011, 07:48:56 PM
How is the computer running now? Any change at all?
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 05, 2011, 07:52:43 PM
too soon to tell it usually takes awhile before things stop working.
Title: Re: [In Progress] Help!!
Post by: Hoov on April 05, 2011, 07:58:38 PM
Go ahead and run it for a while, about twice as long as it normally takes (if it has no problems) and let me know. If you start having problems, then let me know right away.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 05, 2011, 08:16:40 PM
Will do! Did you find anything that may have been causing it? Thanks!!
Title: Re: [In Progress] Help!!
Post by: Hoov on April 05, 2011, 08:27:30 PM
That is the bad thing about combofix. It doesn't tell you exactly what is wrong, just what files were affected. If you look at the top of the log, it will tell you what files were the problem.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 06, 2011, 06:35:19 AM
This morning it was trying to reboot and the screen said failed restore I have turned off the Put PC to sleep.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 06, 2011, 12:31:26 PM
Have you ever heard of ThreatFire? is it any good?
Title: Re: [In Progress] Help!!
Post by: Hoov on April 06, 2011, 01:22:10 PM
About Threatfire, I have never heard of it, so let me ask around.

As for the continuing problem, I need you to go to the administration tools in Windows 7. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on  System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

Title: Re: [In Progress] Help!!
Post by: stogie53 on April 06, 2011, 01:50:32 PM
will do, but if i cant post should i send per PM instructions from last time?
Title: Re: [In Progress] Help!!
Post by: Hoov on April 06, 2011, 02:45:25 PM
Do you have several harddrives installed using a RAID configuration?
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 06, 2011, 02:49:37 PM
2 internal 1-external I don't use RAID
Title: Re: [In Progress] Help!!
Post by: Hoov on April 06, 2011, 02:56:47 PM
How is the computer running? I will have to look at the event log some more. For some reason it is indicating a RAID setup.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 06, 2011, 03:20:36 PM
it just started doing the same thing!! I first can tell when i see my avast stops then i cannot do anything.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 06, 2011, 03:23:51 PM
When I just tried to restart i got error saying i dont have permission to restart this computer!!
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 06, 2011, 03:30:56 PM
avast asked if i wanted it to restart and i get an error saying insufficient system resources.
Title: Re: [In Progress] Help!!
Post by: Hoov on April 06, 2011, 05:37:11 PM
I need you to reboot windows cleanly. To do that please go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer.

Now try running an Avast scan from this.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 06, 2011, 05:47:08 PM
will do! do you think if all else fails a re-image from a backup image that was created with windows 7 backup tool will fix?
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 06, 2011, 05:54:00 PM
should i run avast on all drives?
Title: Re: [In Progress] Help!!
Post by: Hoov on April 06, 2011, 06:01:08 PM
Do you have all your data saved?

And if Avast will run, definitely run it on all drives.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 06, 2011, 06:04:38 PM
if you mean all my documents, music pictures, yes I store that on a separate drive. Avast scan is running!
Title: Re: [In Progress] Help!!
Post by: Hoov on April 06, 2011, 08:55:14 PM
I talked to some of the other malware removal staff, and so far no one has had good experiences with ThreatFire. They all like the idea of how it is suppose to work, but apparently it does not work as advertised. But if you want to try it, it might be worth it.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 06, 2011, 09:05:02 PM
Thanks I read similar about threatfire. Avast found a rootkit in a program iobit malware. I removed the program and now avast is running abbot scan.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 07, 2011, 07:58:44 AM
Ok Avast found what it called a rootkit in a program iobit Malwarefighter, the file was called filemonitor.sys. I let avast delete the file and was able to completly remove the program. I then let avast run a full boot scan, it did find some corrupt files and deleted the too. I rebooted and reenabled startup items through "msconfig" so far this morning all is good. However I still see errors in the system and application evnt viewers. They refer to
System log:The flush and hold writes operation on volume D: timed out while waiting for file system cleanup.<BR><BR>Volume Shadow Copy Service error:

Application:The I/O writes cannot be flushed during the shadow copy creation period on volume \\?\Volume{b0fc8158-3304-11df-b514-806e6f6e6963}\. The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.<BR>], Flush[0x80042313, The shadow copy provider timed out while flushing data to the volume being shadow copied. This is probably due to excessive activity on the volume. Try again later when the volume is not being used so heavily.<BR>], Release[0x00000000, The operation completed successfully.<BR>], OnRun[0x00000000, The operation completed successfully.<BR>]. <BR><BR>Operation:<BR>&nbsp; Executing Asynchronous Operation<BR><BR>Context:<BR>&nbsp; Current State: DoSnapshotSet

So I am not sure if those errors lead to the PC crapping out??
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 07, 2011, 08:03:17 AM
I also just remembered I have Microsoft "sync toy" running that syncs a folder from that drive to a public folder.....
Title: Re: [In Progress] Help!!
Post by: Hoov on April 07, 2011, 08:11:37 AM
Try turning off the Sync Toy and see if the VSS problem clears up.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 07, 2011, 08:13:05 AM
will do!!  fingers crossed!! will those type errors cause the crashes?
Title: Re: [In Progress] Help!!
Post by: Hoov on April 07, 2011, 08:24:53 AM
Conflicting software can always be a source of a crash. But I have no idea if it is the source of your particular problem though. But we keep knocking down problems as we see them, and soon all will be well with the universe.  :a
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 07, 2011, 10:54:33 AM
 :AG
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 08, 2011, 06:38:33 AM
Looks like we got it!! Thank You very much! PC has been running fine since night before last! No VSO shadow errors today.  I am not convinced that was the cause of any problem, since i see errors like that dating back at least a month.  most likely something from combofix or other scans fixed it??? :ty :t
Title: Re: [In Progress] Help!!
Post by: Hoov on April 08, 2011, 08:17:47 AM
It was just the last piece of the puzzle. More than likely something changed because of the malware infection, something that caused SyncToy's problem to come to the surface.

Do you have any other questions or concerns or other problems that need addressing? If not we can do some cleanup and call this done.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 08, 2011, 08:19:18 AM
no I think I am good
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 08, 2011, 08:20:58 AM
Let me know what cleanup I need to do.
Title: Re: [In Progress] Help!!
Post by: Hoov on April 08, 2011, 08:28:41 AM
Now  there are a few thing's you need to do to fully clean your system and keep it secure.


Uninstall Combofix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTC
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Cleaning out Temporary Files etc. There are several different products that you can use for this. You can go thru the Internet Options in the windows Control Panel. There are several programs that also do the job better than windows does it, in my opinion. There is System Security Suite (http://www.igorshpak.net/software/3ssetup104.zip), EasyCleaner (http://personal.inet.fi/business/toniarts/ecleane.htm), Ccleaner (http://www.ccleaner.com). Also sometimes other program sometimes do it as well as what you originally got it for like ZoneAlarm Security Suite. Just make sure to keep them updated and use them regularly.

Disable and Enable System Restore.
I recommend you turn off System restore, and then turn it back on so that you will not be able to restore your problems to a clean computer.
For Vista use these instructions, Windows Vista Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
For XP use these instructions, Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/index.php?showtutorial=56)
Reboot
Re-enable system restore with instructions from tutorial above
Create a System Restore Point
Go to all programs, then to accessories, then to system tools, then to system restore. Check the box for create restore point (not select a restore point), then click next and follow the instructions.

Make your Internet Explorer more secure - This can be done by following these simple instructions: (unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall). There are some good basic instructions for that here (http://www.us-cert.gov/reading_room/securing_browser/).

Use a different browser other than  IE (most exploits are pointed towards IE). One of them is
Firefox (http://www.mozilla.org/products/firefox/).
It is also worth trying Thunderbird (http://www.mozilla.org/products/thunderbird/) for controlling spam in your e-mail.

Always use an UPDATED anti-virus program Make sure you update this at least weekly, if not more often. This is one thing that may save you more than anything else.

Run malware scanners. Three free ones are Spybot Search and Destroy (http://www.safer-networking.org), and AdAware (http://www.lavasoftusa.com) and Malwarebytes' Anti-Malware (http://www.besttechie.net/mbam/mbam-setup.exe)

Always use a firewall.
Any firewall is better than none, and you should pick a firewall that you will use, as even the best firewall is worthless if you turn it off.
 
Learn how to use your firewall Only programs that need it should have access to the net. But these are specific to the firewall you use, so you will need to learn how. Several firewalls have support forums here. My page will help you with ZoneAlarm if that is what you choose. 


Never run two Antivirus programs or two Firewalls  at the same time. They can interfere with each other and cause problems. Some people swear that more protection is provided, but the reverse is true. They tend to argue amongst themselves and end up leaving holes. Now I have more than 1 AV installed on my computer, and I keep them up to date. I only run one at a time, but each program has weakness's, so I keep a backup in case my computer starts acting up.


 MOST IMPORTANT : Windows and IE, and whatever other software that you have that connects to the net, needs to be kept updated. The reason is, these programs connect to the net, and if there is an internal security problem, you have already told your firewall to allow the communication, and thus you will have allowed a hole. UPDATES are important. I suggest that you make sure that Windows Updates and the updates for your antivirus and antimalware programs are set for automatic updates. I also suggest running Secunia PSI (http://secunia.com/vulnerability_scanning/personal/). It will monitor the software you have installed and let you know when something needs to be updated.

Don't ever use P2P or filesharing software Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Before using any malware detection / removal software Check with Rogue/Suspect Spyware List (http://www.spywarewarrior.com/rogue_anti-spyware.htm) and Rogue Applications List (http://www.malwarebytes.org/database.php) That way you will know if the program you are looking at is on the up and up. If you want to know how it stacks up against other programs check out SpywareWarrior (http://www.spywarewarrior.com/asw-test-guide.htm)

We have a good guide here at Spyware Hammer (http://spywarehammer.com/simplemachinesforum/index.php?topic=398.0) on how to prevent Malware in the Future. You might want to peruse this and follow the recommendations in there.
PLEASE READ IT AND FOLLOW THE RECOMMENDATIONS TO PROTECT YOURSELF.

Let us know if you have any more problems, either new or old.
Have a good time surfing the net, but stay safe.
If you have no more problems, let me know and I will mark this as resolved. Or if you have more questions, ask away, that is why I am here.
Title: Re: [In Progress] Help!!
Post by: stogie53 on April 08, 2011, 05:09:12 PM
I think I'm all good now performed clean-up. Combo-fix seemed to be gone already. All else is done. Thanks for your help, I would have probably reloaded windows!! :ty
Title: Re: [In Progress] Help!!
Post by: Hoov on April 08, 2011, 05:29:00 PM
You are welcome!