johnloot
2010-04-22, 08:04
Hello everybody, please help me with htis problem. I set chkdsk to run on startup, but it never does. I'm running Windows 7 Home Premium. Any help would be highly appreciated.
Here's my HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:54:09 PM, on 4/22/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - Invalid registry found
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Unknown owner - C:\Windows\system32\rpcnet.exe
O23 - Service: rpcnetp - Unknown owner - C:\Windows\System32\rpcnetp.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 4935 bytes
By the way, I'm quite a newbie....
Hi,
Is there a specific reason why do you want to run it at startup?
johnloot
2010-04-26, 10:22
Hello,
Thanks for replying.
A notification on my taskbar flagged drive c as "bad" a few days ago. It advised to run chkdsk through properties of the drive - tools - error checking. When I did, it cannot proceed and noted that it would schedule to do so on next boot, which I also confirmed. I immediately restarted but it did not run, and I still have this warning from action center on my taskbar about it and sometimes a pop-out reminding me to run disk checking.
Hi,
Thanks for the description.
Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.com) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
--
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
johnloot
2010-04-27, 05:45
Hello,
Here are the DDS results:
DDS (Ver_10-03-17.01) - NTFSx86
Run by John Horatius Loot at 23:43:59.46 on Mon 04/26/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.879 [GMT 8:00]
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\YoWindow\yowindow.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Everything\Everything.exe
C:\Windows\system32\lpksetup.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\bfgclient\bfgclient.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Plants vs. Zombies\PlantsVsZombies.exe
C:\Program Files\Plants vs. Zombies\PlantsVsZombies.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\John Horatius Loot\Downloads\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://ph.yahoo.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mExplorerRun: [<NO NAME>] 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AutorunsDisabled - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
IFEO: taskmgr.exe - "d:\my documents\unzipped\processexplorer\PROCEXP.EXE"
================= FIREFOX ===================
FF - ProfilePath - c:\users\johnho~1\appdata\roaming\mozilla\firefox\profiles\gnu98z2i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://209.131.36.158/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-11 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-11 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-11 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-20 308064]
R3 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-20 916760]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-4-6 87040]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-4-6 1066496]
S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe [2010-4-15 0]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-8-21 27136]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-19 55264]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [2010-4-8 86568]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [2010-4-8 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [2010-4-8 114472]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [2010-4-8 108200]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [2010-4-8 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [2010-4-8 104488]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [2010-4-8 109480]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2009-6-11 48128]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-6 1343400]
=============== Created Last 30 ================
2010-04-26 13:20:47 0 d-----w- c:\programdata\Big Fish Games
2010-04-26 13:20:19 0 d-----w- c:\program files\Plants vs. Zombies
2010-04-26 07:43:23 0 d-----w- c:\programdata\PopCap Games
2010-04-26 07:43:23 0 d-----w- c:\program files\PopCap Games
2010-04-25 05:22:12 0 d-----w- c:\users\johnho~1\appdata\roaming\YoWindow
2010-04-25 05:21:45 0 d-----w- c:\program files\YoWindow
2010-04-25 05:11:38 691 ----a-w- c:\windows\Inrumor.com ScreenSaver V.2.c3
2010-04-25 05:11:38 691 ----a-w- c:\windows\Inrumor.com ScreenSaver V.2.c1
2010-04-25 05:11:38 639 ----a-w- c:\windows\Inrumor.com ScreenSaver V.2.c4
2010-04-25 05:11:38 495104 ----a-w- c:\windows\Inrumor.com ScreenSaver V.2.exe
2010-04-25 05:11:38 38368 ----a-w- c:\windows\Inrumor.com ScreenSaver V.2.c2
2010-04-25 05:11:38 370070 ----a-w- c:\windows\Inrumor.com ScreenSaver V.2.ico
2010-04-25 05:11:38 0 ----a-w- c:\windows\Inrumor.com ScreenSaver V.2.ini
2010-04-25 05:11:37 903680 ----a-w- c:\windows\Inrumor.com ScreenSaver V.2.scr
2010-04-25 05:11:37 174108 ----a-w- c:\windows\Inrumor.com ScreenSaver V.2.swf
2010-04-25 05:11:37 0 d-----w- c:\windows\Inrumor.com ScreenSaver V.2 Uninstaller
2010-04-23 05:18:22 0 d-----w- c:\users\johnho~1\appdata\roaming\KompoZer
2010-04-23 04:50:42 0 d-----w- C:\My Web Sites
2010-04-23 04:49:59 0 d-----w- c:\program files\WinHTTrack
2010-04-22 04:02:00 0 d-----w- c:\windows\MATS
2010-04-22 04:02:00 0 d-----w- c:\program files\Microsoft Fix it Center
2010-04-22 02:53:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 05:07:34 341504 ----a-w- c:\windows\yowindow.scr
2010-04-19 04:27:23 0 d-----w- c:\program files\My Tribe
2010-04-15 10:33:31 1536 ----a-w- c:\windows\system32\bcevent.dll
2010-04-15 05:30:32 0 d-----w- c:\program files\NeoSmart Technologies
2010-04-15 05:08:53 0 d--h--w- c:\windows\PIF
2010-04-15 05:08:39 0 ----a-r- c:\windows\system32\rpcnet.dll
2010-04-15 05:08:24 0 ----a-r- c:\windows\system32\rpcnetp.dll
2010-04-15 05:08:06 0 ----a-r- c:\windows\system32\rpcnetp.exe
2010-04-15 05:07:00 0 ----a-r- c:\windows\system32\rpcnet.exe
2010-04-15 03:05:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 03:05:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 03:05:32 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 03:05:32 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 03:05:06 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 03:05:06 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 03:05:06 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-15 03:05:06 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 10:08:39 0 d-----w- c:\users\johnho~1\appdata\roaming\QuickScan
2010-04-13 01:56:02 0 d-----w- c:\program files\Trend Micro
2010-04-12 10:03:00 0 d-----w- c:\users\johnho~1\appdata\roaming\xVideoServiceThief
2010-04-12 10:02:35 0 d-----w- c:\program files\Xesc & Technology
2010-04-12 05:00:30 0 d-----w- c:\users\johnho~1\appdata\roaming\GOA
2010-04-12 05:00:30 0 d-----w- c:\programdata\GOA
2010-04-12 04:57:13 0 d-----w- c:\program files\Little Folk of Faery
2010-04-11 10:10:33 0 d-----w- c:\program files\JkDefragGUI
2010-04-11 10:02:43 65536 --sha-w- c:\users\john horatius loot\NTUSER.DAT{702a7962-446c-11df-b6e7-002618792927}.TM.blf
2010-04-11 10:02:43 524288 --sha-w- c:\users\john horatius loot\NTUSER.DAT{702a7962-446c-11df-b6e7-002618792927}.TMContainer00000000000000000002.regtrans-ms
2010-04-11 10:02:43 524288 --sha-w- c:\users\john horatius loot\NTUSER.DAT{702a7962-446c-11df-b6e7-002618792927}.TMContainer00000000000000000001.regtrans-ms
2010-04-11 09:59:46 0 --sha-w- c:\users\john horatius loot\NTUSER.tmp.LOG2
2010-04-11 09:59:46 0 --sha-w- c:\users\john horatius loot\NTUSER.tmp.LOG1
2010-04-10 12:17:08 0 d-----w- c:\program files\SmartDraw 2010
2010-04-10 09:20:37 0 d-----w- c:\users\johnho~1\appdata\roaming\foobar2000
2010-04-10 09:20:29 0 d-----w- c:\program files\foobar2000
2010-04-10 06:22:40 13160 ----a-w- c:\windows\system32\Upgrd.exe
2010-04-08 07:33:06 0 d-----w- c:\programdata\Apple
2010-04-08 07:11:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-04-08 07:10:35 86568 ----a-w- c:\windows\system32\drivers\s1029bus.sys
2010-04-08 07:10:35 26024 ----a-w- c:\windows\system32\drivers\s1029nd5.sys
2010-04-08 07:10:35 15016 ----a-w- c:\windows\system32\drivers\s1029mdfl.sys
2010-04-08 07:10:35 12200 ----a-w- c:\windows\system32\drivers\s1029whnt.sys
2010-04-08 07:10:35 12200 ----a-w- c:\windows\system32\drivers\s1029wh.sys
2010-04-08 07:10:35 12200 ----a-w- c:\windows\system32\drivers\s1029cmnt.sys
2010-04-08 07:10:35 12200 ----a-w- c:\windows\system32\drivers\s1029cm.sys
2010-04-08 07:10:35 114472 ----a-w- c:\windows\system32\drivers\s1029mdm.sys
2010-04-08 07:10:35 109480 ----a-w- c:\windows\system32\drivers\s1029unic.sys
2010-04-08 07:10:35 108200 ----a-w- c:\windows\system32\drivers\s1029mgmt.sys
2010-04-08 07:10:35 10792 ----a-w- c:\windows\system32\drivers\s1029cr.sys
2010-04-08 07:10:35 104488 ----a-w- c:\windows\system32\drivers\s1029obex.sys
2010-04-08 07:10:33 0 d-----w- c:\programdata\Sony Ericsson
2010-04-08 07:10:33 0 d-----w- c:\program files\Sony Ericsson
2010-04-08 03:08:41 0 d-----w- c:\program files\epson
2010-04-08 03:08:40 66560 ----a-w- c:\windows\system32\eswia7e.dll
2010-04-08 03:08:40 3584 ----a-w- c:\windows\system32\eswiaml.dll
2010-04-08 03:08:40 208896 ----a-w- c:\windows\system32\esint7e.dll
2010-04-08 03:01:05 86528 ----a-w- c:\windows\system32\E_FLBCAP.DLL
2010-04-08 03:01:05 78848 ----a-w- c:\windows\system32\E_FD4BCAP.DLL
2010-04-08 03:01:05 49152 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-04-08 03:00:38 0 d-----w- c:\programdata\EPSON
2010-04-06 04:05:14 0 d--h--w- C:\$WINDOWS.~Q
2010-04-06 04:01:37 0 d--h--w- C:\$INPLACE.~TR
2010-04-06 03:24:49 0 d-----w- c:\windows\system32\Wat
2010-04-06 03:22:52 0 d-----w- c:\windows\system32\x64
2010-04-06 02:59:46 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-06 02:59:46 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-06 02:59:46 369152 ----a-w- c:\windows\system32\secproc.dll
2010-04-06 02:59:46 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-06 02:59:46 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-06 02:59:46 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-06 02:59:45 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-06 02:59:45 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-05 20:17:56 79170 ----a-w- c:\windows\AsCD_Item_180.jpg
2010-04-05 19:57:51 0 d-----w- c:\windows\system32\SRSLabs
2010-04-05 19:57:46 856064 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2010-04-05 19:57:46 75776 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2010-04-05 19:57:46 497664 ----a-w- c:\windows\system32\VIASysFx.dll
2010-04-05 19:57:46 211456 ----a-w- c:\windows\system32\Dts2APO.dll
2010-04-05 19:57:46 1066496 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2010-04-05 19:54:51 35264 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2010-04-05 19:54:51 2266 ----a-w- c:\windows\Uninstvga.bat
2010-04-05 19:54:51 2008 ----a-w- c:\windows\Uninstsxga.bat
2010-04-05 19:54:51 18496 ----a-w- c:\windows\DrvInst.exe
2010-04-05 19:54:51 1766592 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2010-04-05 19:50:21 0 d-----w- c:\program files\Elantech
2010-04-05 19:50:18 4512768 ----a-w- c:\windows\system32\ETDUI.cpl
2010-04-05 19:50:17 87040 ----a-w- c:\windows\system32\drivers\ETD.sys
2010-04-05 19:45:43 0 d-----w- c:\windows\system32\Atheros_L1e
2010-04-05 19:33:47 9216 ----a-w- c:\windows\system32\AmUStor.dll
2010-04-05 19:33:43 0 d-----w- c:\programdata\AmUStor
2010-04-05 19:33:43 0 d-----w- c:\program files\AmIcoSingLun
2010-04-05 19:22:26 14762 ----a-w- c:\windows\system32\results.xml
2010-04-05 19:14:26 13880 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2010-04-05 19:04:54 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-05 16:19:45 977920 ----a-w- c:\windows\system32\wininet.dll
2010-04-05 16:12:54 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-04-05 16:12:54 2614272 ----a-w- c:\windows\explorer.exe
2010-04-05 16:12:47 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-04-05 16:12:47 507568 ----a-w- c:\windows\system32\winload.exe
2010-04-05 16:12:47 442920 ----a-w- c:\windows\system32\winresume.exe
2010-04-05 16:12:47 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-04-05 16:12:46 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-05 16:04:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-05 15:27:16 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-04-05 14:12:45 20 --sh--w- c:\users\john horatius loot\ntuser.ini
2010-04-05 13:53:50 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-05 12:59:40 11104 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2010-04-05 12:59:40 11104 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2010-04-05 10:28:52 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-04-05 07:35:19 1890 ----a-w- c:\windows\diagwrn.xml
2010-04-05 07:35:19 1890 ----a-w- c:\windows\diagerr.xml
2010-03-30 22:42:01 0 d-----w- c:\programdata\Yahoo!
2010-03-30 22:41:30 0 d-----w- c:\program files\Yahoo!
2010-03-30 22:33:24 76184 ----a-w- c:\windows\system32\atsckernel.exe
2010-03-30 22:33:22 20376 ----a-w- c:\windows\system32\atashost.exe
2010-03-30 22:30:47 0 d-----w- c:\programdata\Pure Networks
==================== Find3M ====================
2010-04-25 04:34:00 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-04-23 04:39:23 692170 ----a-w- c:\windows\system32\perfh00A.dat
2010-04-23 04:39:23 678254 ----a-w- c:\windows\system32\prfh0816.dat
2010-04-23 04:39:23 674902 ----a-w- c:\windows\system32\perfh019.dat
2010-04-23 04:39:23 617436 ----a-w- c:\windows\system32\perfh01D.dat
2010-04-23 04:39:23 609928 ----a-w- c:\windows\system32\perfh01F.dat
2010-04-23 04:39:23 133838 ----a-w- c:\windows\system32\perfc00A.dat
2010-04-23 04:39:23 130720 ----a-w- c:\windows\system32\prfc0816.dat
2010-04-23 04:39:23 129026 ----a-w- c:\windows\system32\perfc019.dat
2010-04-23 04:39:23 120782 ----a-w- c:\windows\system32\perfc01D.dat
2010-04-23 04:39:23 118334 ----a-w- c:\windows\system32\perfc01F.dat
2010-04-22 01:38:50 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-30 03:55:06 20520 ----a-w- c:\program files\init.dat
2010-03-29 16:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 16:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-20 05:41:46 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-20 05:41:05 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-19 05:03:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-10 17:08:54 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-02-10 17:08:50 268312 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-02-10 17:08:50 141848 ----a-w- c:\windows\system32\igfxtray.exe
2010-02-10 17:08:48 167448 ----a-w- c:\windows\system32\igfxpers.exe
2010-02-10 17:08:46 178200 ----a-w- c:\windows\system32\igfxext.exe
2010-02-10 17:08:44 175640 ----a-w- c:\windows\system32\hkcmd.exe
2010-02-10 17:08:42 3126808 ----a-w- c:\windows\system32\GfxUI.exe
2010-02-10 16:59:00 81920 ----a-w- c:\windows\system32\igfxCoIn_v2082.dll
2010-02-10 16:50:18 4502016 ----a-w- c:\windows\system32\igdumd32.dll
2010-02-10 16:48:42 982224 ----a-w- c:\windows\system32\igkrng500.bin
2010-02-10 16:48:42 92292 ----a-w- c:\windows\system32\igfcg500m.bin
2010-02-10 16:48:42 439336 ----a-w- c:\windows\system32\igcompkrng500.bin
2010-02-10 16:45:32 550912 ----a-w- c:\windows\system32\igdumdx32.dll
2010-02-10 16:41:56 3890688 ----a-w- c:\windows\system32\igd10umd32.dll
2010-02-10 16:33:08 4079616 ----a-w- c:\windows\system32\ig4dev32.dll
2010-02-10 16:32:52 6061568 ----a-w- c:\windows\system32\ig4icd32.dll
2010-02-10 16:16:20 59392 ----a-w- c:\windows\system32\oemdspif.dll
2010-02-10 16:16:12 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-02-10 16:16:08 260096 ----a-w- c:\windows\system32\igfxTMM.dll
2010-02-10 16:16:08 200704 ----a-w- c:\windows\system32\igfxpph.dll
2010-02-10 16:15:38 56832 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-02-10 16:15:16 130560 ----a-w- c:\windows\system32\igfxdo.dll
2010-02-10 16:15:06 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-02-10 16:14:54 119808 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-02-10 16:14:52 9030656 ----a-w- c:\windows\system32\igfxress.dll
2010-02-10 16:14:52 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-02-10 16:14:52 225792 ----a-w- c:\windows\system32\igfxdev.dll
2010-02-10 16:05:42 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2010-02-10 16:05:42 143360 ----a-w- c:\windows\system32\iglhcp32.dll
2010-02-10 08:17:00 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-02-10 08:16:26 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2009-10-21 08:14:15 366080 ----a-w- c:\program files\speedyfox.exe
2009-09-10 08:43:16 12800 ----a-w- c:\program files\P4G
2009-08-26 09:48:27 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2009-08-26 09:48:27 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2009-08-26 09:48:27 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2009-08-26 09:48:27 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2009-08-26 09:40:12 40548 ----a-w- c:\windows\inf\perflib\0816\perfd.dat
2009-08-26 09:40:12 40548 ----a-w- c:\windows\inf\perflib\0816\perfc.dat
2009-08-26 09:40:12 336656 ----a-w- c:\windows\inf\perflib\0816\perfi.dat
2009-08-26 09:40:12 336656 ----a-w- c:\windows\inf\perflib\0816\perfh.dat
2009-08-26 09:20:07 37160 ----a-w- c:\windows\inf\perflib\041f\perfd.dat
2009-08-26 09:20:07 37160 ----a-w- c:\windows\inf\perflib\041f\perfc.dat
2009-08-26 09:20:07 285034 ----a-w- c:\windows\inf\perflib\041f\perfi.dat
2009-08-26 09:20:07 285034 ----a-w- c:\windows\inf\perflib\041f\perfh.dat
2009-08-26 08:56:28 39446 ----a-w- c:\windows\inf\perflib\0419\perfd.dat
2009-08-26 08:56:28 39446 ----a-w- c:\windows\inf\perflib\0419\perfc.dat
2009-08-26 08:56:28 336704 ----a-w- c:\windows\inf\perflib\0419\perfi.dat
2009-08-26 08:56:28 336704 ----a-w- c:\windows\inf\perflib\0419\perfh.dat
2009-08-26 08:33:15 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat
2009-08-26 08:33:15 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat
2009-08-26 08:33:15 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat
2009-08-26 08:33:15 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 23:46:10.82 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/5/2010 10:12:31 PM
System Uptime: 4/25/2010 1:06:47 PM (34 hours ago)
Motherboard: ASUSTeK Computer Inc. | | K40IJ
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | Socket 478 | 2100/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 113.662 GiB free.
D: is FIXED (NTFS) - 137 GiB total, 111.781 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&0&01
Service: vwifimp
==== System Restore Points ===================
RP61: 4/14/2010 9:37:21 AM - Scheduled Checkpoint
RP62: 4/15/2010 11:05:44 AM - Windows Update
RP64: 4/15/2010 4:30:53 PM - Revo Uninstaller's restore point - NB Probe
RP66: 4/15/2010 4:31:53 PM - Removed NB Probe
RP68: 4/15/2010 4:34:50 PM - Revo Uninstaller's restore point - ASUS Data Security Manager
RP69: 4/15/2010 4:35:25 PM - Removed ASUS Data Security Manager
RP71: 4/15/2010 4:37:01 PM - Revo Uninstaller's restore point - ASUS LifeFrame3
RP72: 4/15/2010 4:37:39 PM - Removed ASUS LifeFrame3
RP74: 4/15/2010 4:39:30 PM - Revo Uninstaller's restore point - ASUS LifeFrame3
RP76: 4/15/2010 4:40:53 PM - Revo Uninstaller's restore point - ASUS FancyStart
RP77: 4/15/2010 4:41:30 PM - Removed ASUS FancyStart
RP79: 4/15/2010 4:43:41 PM - Revo Uninstaller's restore point - ASUS SmartLogon
RP80: 4/15/2010 4:46:09 PM - Removed ASUS SmartLogon
RP82: 4/15/2010 4:47:25 PM - Revo Uninstaller's restore point - ASUS MultiFrame
RP84: 4/15/2010 4:48:04 PM - Removed ASUS MultiFrame
RP86: 4/15/2010 4:55:18 PM - Revo Uninstaller's restore point - Spring 1944 Lyuban (1.07)
RP88: 4/15/2010 4:58:01 PM - Revo Uninstaller's restore point - Player
RP90: 4/15/2010 5:01:03 PM - Revo Uninstaller's restore point - Cisco EAP-FAST Module
RP91: 4/15/2010 5:01:41 PM - Removed Cisco EAP-FAST Module
RP93: 4/15/2010 5:04:43 PM - Revo Uninstaller's restore point - Cisco LEAP Module
RP94: 4/15/2010 5:05:23 PM - Removed Cisco LEAP Module
RP96: 4/15/2010 5:06:32 PM - Revo Uninstaller's restore point - Cisco PEAP Module
RP97: 4/15/2010 5:07:07 PM - Removed Cisco PEAP Module
RP99: 4/15/2010 5:41:28 PM - Revo Uninstaller's restore point - Adobe AIR
RP101: 4/15/2010 5:42:51 PM - Revo Uninstaller's restore point - Asus_Camera_ScreenSaver
RP102: 4/15/2010 6:33:40 PM - Device Driver Package Install: Bandwidth Controller Network Service
RP103: 4/15/2010 6:34:18 PM - Device Driver Package Install: Bandwidth Controller Network adapters
RP105: 4/16/2010 8:40:54 AM - Revo Uninstaller's restore point - Traffic Shaper XP Server
RP106: 4/18/2010 8:36:00 AM - Language Pack Removal
RP108: 4/18/2010 5:30:45 PM - Revo Uninstaller's restore point - WebEx Support Manager for Internet Explorer
RP111: 4/22/2010 9:38:54 AM - Avg Update
RP112: 4/22/2010 10:52:35 AM - Installed Java(TM) 6 Update 20
RP113: 4/22/2010 12:44:30 PM - Installed HiJackThis
RP114: 4/24/2010 12:14:18 PM - Device Driver Package Install: Microsoft Network adapters
==== Installed Programs ======================
µTorrent
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Agent Ransack Version 1.7.3
Alcor Micro USB Card Reader
Allway Sync version 10.0.5
ASUS AI Recovery
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
Atheros Client Installation Program
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
AVG Free 9.0
Big Fish Games: Game Manager
BurnAware Free 2.4.2
Canon iP1900 series Printer Driver
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
CyberLink LabelPrint
CyberLink Power2Go
EasyBCD 1.7.2
EPSON Printer Software
EPSON Scan
Eraser 6.0.6.1376
Escape From Paradise
Escape From Paradise 2: A Kingdom's Quest
ETDWare PS/2-x86 7.0.5.7_WHQL
Everything 1.2.1.371
Exact Audio Copy 0.99pb5
Firefox Preloader
foobar2000 v1.0.1
Foto-Mosaik-Edda 5.5.0
Globe Broadband
Graph paper printer
HiJackThis
HijackThis 2.0.2
ImgBurn
Inrumor.com ScreenSaver V.2
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 20
JkDefragGUI 1.04
Junk Mail filter update
KC Softwares SUMo
Kelly Green Garden Queen
LightBox Free Image Editor
LightScribe System Software 1.14.17.1
Little Folk of Faery
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Fix it Center
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSVCRT
My Tribe
MyDefrag v4.2.7
Net4Switch
OpenAL
OpenOffice.org 3.1
Paint.NET v3.5.4
Picasa 3
Plants vs. Zombies
Platform
Revo Uninstaller 1.87
Roadkil's Unstoppable Copier Version 4.2
Secunia PSI
Skype web features
Skype 4.1
Smart Bro
SmartDraw 2010
Sony Ericsson PC Companion 1.50.52
SUPERAntiSpyware Free Edition
TeraCopy 2.01
Unlocker 1.8.8
USB 2.0 1.3M UVC WebCam
VIA Platform Device Manager
Virtual Villagers: The Secret City
VLC media player 1.0.5
Warzone 2100
Windows 7 Upgrade Advisor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinFlash
WinHTTrack Website Copier 3.43-9C
WinZip 12.1
Wireless Console 3
xVideoServiceThief
Yahoo! Software Update
YoWindow
==== Event Viewer Messages From Past Week ========
4/24/2010 6:01:49 PM, Error: Service Control Manager [7000] - The rpcnetp service failed to start due to the following error: rpcnetp is not a valid Win32 application.
4/24/2010 6:01:49 PM, Error: Service Control Manager [7000] - The Remote Procedure Call (RPC) Net service failed to start due to the following error: Remote Procedure Call (RPC) Net is not a valid Win32 application.
4/22/2010 9:24:51 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
4/20/2010 9:32:57 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
4/19/2010 2:30:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
4/19/2010 2:30:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
==== End Of File ===========================
And the GMER results:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-27 00:17:36
Windows 6.1.7600
Running: ctwrklvl.exe; Driver: C:\Users\JOHNHO~1\AppData\Local\Temp\uxkdypog.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83036AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83036104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830363F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8301E898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830361DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83036958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830366F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83036F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830371A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C4F599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C73F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 99548C9D 28 Bytes [9E, 72, 8E, 15, 21, 40, 6E, ...]
.text peauth.sys 99548CC1 28 Bytes [9E, 72, 8E, 15, 21, 40, 6E, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[4632] ntdll.dll!LdrLoadDll 7767F585 5 Bytes JMP 00ED13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74432494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74415624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7443250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74428573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74424D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74428819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7442907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7442E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74424C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[5292] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[5292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[5292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[5292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[5292] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[5292] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[5292] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [756C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Plants vs. Zombies\PlantsVsZombies.exe[5908] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 0020BAD6
IAT C:\Program Files\Plants vs. Zombies\PlantsVsZombies.exe[5908] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 0020BB08
IAT C:\Program Files\Plants vs. Zombies\PlantsVsZombies.exe[5908] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0020BC2B
IAT C:\Program Files\Plants vs. Zombies\PlantsVsZombies.exe[5908] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0020BC87
IAT C:\Program Files\Plants vs. Zombies\PlantsVsZombies.exe[5908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0020AE34
IAT C:\Program Files\Plants vs. Zombies\PlantsVsZombies.exe[5908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0020AE04
IAT C:\Program Files\Plants vs. Zombies\PlantsVsZombies.exe[5908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00207D59
IAT C:\Program Files\Plants vs. Zombies\PlantsVsZombies.exe[5908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00207B74
IAT C:\Program Files\Plants vs. Zombies\PlantsVsZombies.exe[5908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 0020B971
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74432494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74415624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [744156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [7443250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74428573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74424D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [744250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [744251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [744282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74428819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7442907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7442E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[6100] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74424C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Thank you very much....
Hi,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).
After that:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Hi,
Do you still need help with this?
Due to inactivity, this thread will now be closed.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.