Whenever I try opening more than one tab in a browser, an error will show up stating that "BROWSER_NAME_HERE has stopped working". Restarting my computer usually alleviates the problem for about half an hour, but then it starts up again.

Before running ERUNT and DDS, I scanned my computer with AVG Free, and found several tracking cookies, but nothing else.

Here's my DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Hurley at 0:26:39.67 on 20/09/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.1015.248 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Hurley\Desktop\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\users\hurley\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &??????? ? Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 74.208.105.171 gs.apple.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-19 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-19 308136]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2008-10-16 29184]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-8-16 21504]
R3 netr28;D-Link 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\Dnetr28.sys [2010-8-16 611328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-9-19 431432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-20 03:43:05 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-20 03:43:01 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-20 03:42:41 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-20 03:42:22 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-20 03:42:17 0 d-----w- c:\programdata\AVG Security Toolbar
2010-09-19 22:56:05 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-09-19 22:56:05 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-09-19 22:56:05 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-09-19 22:56:05 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-09-19 22:56:05 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-09-19 22:56:05 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-09-19 22:56:05 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-09-19 22:56:05 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-09-19 22:56:05 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-09-19 22:56:05 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-09-19 22:56:05 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-09-19 22:56:05 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-09-19 22:19:21 0 d-----w- c:\program files\Feedback Tool
2010-09-17 23:55:11 0 d-----w- c:\program files\iPod
2010-09-17 03:37:29 0 d-----w- c:\users\hurley\appdata\roaming\Softland
2010-09-17 03:36:57 7549 ----a-w- c:\windows\system32\novap7.ctm
2010-09-17 03:36:57 23368 ----a-w- c:\windows\system32\novamnp7.dll
2010-09-17 03:36:57 20808 ----a-w- c:\windows\system32\novamip7.dll
2010-09-17 03:36:42 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-09-17 03:36:36 0 d-----w- c:\program files\Softland
2010-09-16 07:06:24 172 ----a-w- c:\windows\system32\MRT.INI
2010-09-16 05:20:48 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 05:20:25 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 05:19:12 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 05:18:32 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 16:13:20 0 d--h--w- C:\$AVG
2010-09-15 01:58:42 0 d-----w- c:\program files\iPod(76)
2010-09-15 01:58:37 0 d-----w- c:\program files\iTunes(77)
2010-09-15 01:28:59 0 d-----w- c:\program files\AVG
2010-09-15 01:28:42 0 d-----w- c:\programdata\avg9
2010-09-15 00:10:51 0 d-----w- c:\users\hurley\appdata\roaming\BitDefender
2010-09-15 00:10:50 0 d-----w- c:\programdata\BitDefender
2010-09-15 00:10:50 0 d-----w- c:\program files\BitDefender
2010-09-15 00:04:33 0 d-----w- c:\program files\common files\BitDefender
2010-09-11 20:59:25 0 d-----w- c:\program files\DAMN NFO Viewer
2010-09-11 20:32:30 0 d-----w- c:\users\hurley\appdata\roaming\Lionhead Studios
2010-09-11 18:53:46 0 d-----w- c:\program files\Amazon
2010-09-11 15:20:47 0 d-----w- c:\users\hurley\appdata\roaming\Mattel
2010-09-11 15:16:33 0 d-----w- c:\program files\Mattel
2010-09-11 05:29:52 0 d-sh--w- c:\windows\ftpcache
2010-09-11 05:06:55 0 d-----w- c:\programdata\Lionhead Studios
2010-09-11 05:06:55 0 d-----w- c:\program files\Lionhead Studios
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 08:26:44 0 d-----w- c:\users\hurley\appdata\roaming\blg
2010-09-07 08:26:44 0 d-----w- c:\programdata\blg
2010-09-07 03:45:46 0 d-----w- c:\users\hurley\appdata\roaming\Gamelab
2010-09-06 19:03:40 0 d-----w- c:\programdata\Trymedia
2010-09-06 19:03:40 0 d-----w- c:\programdata\Sandlot Games
2010-09-06 04:18:32 0 d-----w- c:\programdata\TEMP
2010-09-06 04:18:32 0 d-----w- c:\programdata\PlayFirst
2010-09-06 04:15:22 0 d-----w- c:\program files\Games
2010-09-05 06:34:10 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-05 06:34:10 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-05 06:33:24 0 d-----w- c:\program files\iTunes
2010-09-05 04:49:33 0 d-----w- c:\program files\Notepad2
2010-09-04 20:46:20 0 d-----w- c:\users\hurley\appdata\roaming\Foxit Software
2010-09-04 20:46:00 0 d-----w- c:\program files\Foxit Software
2010-09-02 04:11:40 0 d-----w- c:\users\hurley\appdata\roaming\Final Draft
2010-09-02 02:21:02 4169728 ----a-r- c:\windows\system32\cdintf400.dll
2010-09-02 02:20:26 0 d-----w- c:\program files\Final Draft Tagger
2010-09-02 02:20:25 0 d-----w- c:\programdata\Final Draft
2010-09-02 02:20:15 0 d-----w- c:\program files\Final Draft 8
2010-09-02 02:18:10 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-09-01 18:27:55 0 d-----w- c:\program files\MSECache
2010-09-01 18:12:34 0 d-----w- c:\windows\PCHEALTH
2010-09-01 18:08:39 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-01 18:07:26 0 d-----w- c:\windows\SHELLNEW
2010-09-01 07:05:35 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-01 06:49:31 0 d-----w- c:\program files\DAEMON Tools Lite
2010-09-01 06:10:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-01 06:09:12 0 d-----w- c:\users\hurley\appdata\roaming\DAEMON Tools Lite
2010-09-01 06:09:09 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-09-01 05:40:58 0 d-----w- c:\programdata\Microsoft Help
2010-08-27 01:52:15 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-26 22:48:54 884 ----a-w- c:\users\hurley\.recently-used.xbel
2010-08-26 22:48:45 0 d-----w- c:\users\hurley\.thumbnails
2010-08-26 22:41:46 0 d-----w- c:\users\hurley\.gimp-2.6
2010-08-26 22:39:28 0 d-----w- c:\program files\GIMP-2.0
2010-08-25 04:59:23 0 d-----w- c:\program files\CurrPorts
2010-08-24 23:30:13 0 d-----w- c:\programdata\RegInOut
2010-08-24 23:30:06 0 d-----w- c:\windows\RegInOut
2010-08-24 19:08:39 0 d-----w- c:\programdata\Adobe
2010-08-24 16:50:03 101564805 ----a-w- c:\windows\MEMORY.DMP
2010-08-24 16:03:28 0 d-----w- c:\programdata\WindowsSearch
2010-08-23 05:26:48 0 d-----w- c:\programdata\Electronic Arts
2010-08-23 05:09:25 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-08-21 23:52:03 0 d-----w- c:\program files\Fox
2010-08-21 23:51:53 306688 ----a-w- c:\windows\IsUninst.exe

==================== Find3M ====================

2010-09-20 03:25:08 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-09-20 03:25:08 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-20 03:25:08 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-16 21:41:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-09-16 05:49:59 68316 ----a-w- c:\windows\fonts\BauTF-Regular.otf
2010-09-16 05:48:59 90008 ----a-w- c:\windows\fonts\Airbrake-RoundedOblique.ttf
2010-09-16 05:47:52 12986 ----a-w- c:\windows\fonts\MorganSnPi-Bold.PFB
2010-09-16 05:46:58 33411 ----a-w- c:\windows\fonts\GINGER-L.PFB
2010-09-16 05:46:58 2120 ----a-w- c:\windows\fonts\GINGER-I.pfm
2010-09-16 05:46:53 4008 ----a-w- c:\windows\fonts\Parable-BoldItalic.pfm
2010-09-16 05:46:53 31891 ----a-w- c:\windows\fonts\Parable-BoldItalicExpert.PFB
2010-09-01 04:46:36 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-09-01 04:44:24 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-09-01 04:44:06 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-09-01 04:43:22 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 04:43:12 72704 ----a-w- c:\windows\system32\SetDepNx.exe
2010-09-01 04:43:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-01 04:43:12 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-01 04:43:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-09-01 04:43:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-09-01 04:42:58 51200 ----a-w- c:\windows\system32\admparse.dll
2010-09-01 04:42:54 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-09-01 04:42:48 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-09-01 04:42:42 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-09-01 04:42:42 149504 ----a-w- c:\windows\system32\wextract.exe
2010-09-01 04:42:20 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-09-01 04:42:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-09-01 04:42:12 11264 ----a-w- c:\windows\system32\mshta.exe
2010-09-01 04:41:46 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-24 16:43:54 108888 ----a-w- c:\windows\fonts\Miama.ttf
2010-08-18 23:10:20 76928 ----a-w- c:\windows\fonts\expressway rg.ttf
2010-08-18 05:21:39 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-18 05:20:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-17 22:55:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-17 22:37:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-08-17 16:55:56 87608 ----a-w- c:\users\hurley\appdata\roaming\inst.exe
2010-08-17 16:55:56 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-08-17 16:55:56 47360 ----a-w- c:\users\hurley\appdata\roaming\pcouffin.sys
2010-08-17 06:18:43 174 --sha-w- c:\program files\desktop.ini
2010-08-17 05:41:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-08-17 05:41:39 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-08-16 21:18:45 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-08-16 21:16:23 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-16 21:16:23 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-08-16 21:16:23 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-16 20:50:28 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-08-16 20:50:27 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-08-16 20:50:27 23552 ----a-w- c:\windows\system32\lpk.dll
2010-08-16 20:50:27 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-08-16 20:44:49 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-08-16 20:44:49 272896 ----a-w- c:\windows\system32\polstore.dll
2010-08-16 20:40:57 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-16 20:34:52 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-16 20:34:51 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-08-16 20:34:51 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-08-16 20:34:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-08-16 20:34:51 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-08-16 20:34:51 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-08-16 20:34:51 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-08-16 20:34:51 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-08-16 20:34:51 10240 ----a-w- c:\windows\system32\finger.exe
2010-08-16 20:28:01 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-08-16 20:27:59 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-08-16 20:27:59 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-08-16 20:27:59 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-08-16 20:27:59 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-08-16 20:27:59 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-08-16 20:27:56 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-08-16 20:26:13 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-08-16 20:26:12 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-08-16 20:26:11 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-08-16 20:24:36 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-16 20:22:47 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-16 20:22:47 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-16 20:22:46 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-16 20:19:12 98816 ----a-w- c:\windows\system32\mfps.dll
2010-08-16 20:19:12 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-08-16 20:19:12 2868224 ----a-w- c:\windows\system32\mf.dll
2010-08-16 20:19:11 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-08-16 20:19:11 2048 ----a-w- c:\windows\system32\mferror.dll
2010-08-16 20:10:29 71680 ----a-w- c:\windows\system32\atl.dll
2010-08-16 19:59:30 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-08-16 19:58:08 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-08-16 19:58:08 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-08-16 19:58:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-08-16 19:38:06 623616 ----a-w- c:\windows\system32\localspl.dll
2010-08-16 19:29:18 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-16 19:27:50 72704 ----a-w- c:\windows\system32\secur32.dll
2010-08-16 19:27:50 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-08-16 19:27:50 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-08-16 19:27:50 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-08-16 19:27:49 9728 ----a-w- c:\windows\system32\lsass.exe
2010-08-16 19:27:49 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-16 19:22:59 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2010-08-16 19:11:00 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-08-16 19:04:40 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-08-16 19:04:40 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-08-16 19:04:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-08-16 19:04:39 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-08-16 18:55:46 98304 ----a-w- c:\windows\system32\cabview.dll

============= FINISH: 0:29:15.22 ===============

The required file is also attached.

Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

I have read your post. Thank you for assessing my situation.
I have subscribed to the thread, and will be patient as you come up with a solution.

Oh, and just in case, I have uninstalled all P2P programs on my computer, which included uTorrent and jDownloader.

Hello Clinity :),

Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

Is this a business computer?

--------------------

Remove P2P software

IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


Please read the Guidelines for P2P Programs (http://forums.spybot.info/showthread.php?t=282) where we explain why it's not a good idea to have them.
Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
Please remove them before we continue with fixing your computer.

Please post a new Attach.txt.

--------------------

Validate Windows

Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here. (http://go.microsoft.com/fwlink/?linkid=52012)
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file and post it in your next reply.

--------------------

Check for additional security risks

Please download CKScanner© by askey127 and save to your desktop. Click here. (http://downloads.malwareremoval.com/CKScanner.exe)
Double click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
Post the contents of ckfiles.txt in your reply, it is located on your desktop.

--------------------

Please download Rootkit Unhooker and save it to your desktop. Click here. (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE)

Double click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Ensure the following are checked (ticked):

Drivers
Stealth Code
Files
Code Hooks
Uncheck the rest, then click OK. An initial scan will be performed.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
Save the report somewhere you can find it. Click Close to exit.
Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

Please post back:
1. the answer to my question about your computer
2. new Attach.txt (you need to rerun DDS)
3. MGADiag result
4. CKScanner log
5. Rookit Unhooker result

No, this is not a business computer. It's a home computer.

--------------------

A new Attach.txt is attached in zip format.

--------------------

MGADiag.txt is attached as well.

--------------------

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

--------------------

I wasn't able to get a result from the Rootkit Unhooker.

Every time I try to run a scan, it gives me the same error:

"Sorry, but unhandled exception has occured
Program will be terminated
Exception code : 0xC0000005
Instruction address : 0x77C82E47
Attempt to write at address : 0x032EFE78"

Hello Clinity :),

Please post the logs that I request by copy and pasting the contents here, not attach the files.

--------------------

The Microsoft Office Enterprise 2007 on your computer is a non-genuine copy. It was installed with an invalid Volume Licensing Key (VLK) generated by a pirating software. VLKs are only available to corporations, education entities and government agencies.
A VL Product Key is non-transferable to individuals. Here (http://social.microsoft.com/Forums/en-US/genuineoffice/thread/da48bbb3-bb0a-4e73-97fb-d65ecd6a1fe7) is some information about this situation.

Please read the fourth post of the Forum Rules (http://forums.spybot.info/showthread.php?t=288) .

Note:
We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.

If you still want help, please remove the illegal items from your computer, and if you still need the softwares, get legal ones from legitimate sources.
If you advised that the illegal softwares have been removed and I find it otherwise (the tools we use can and will detect them), then I will have no choice but to have this topic closed.
If there are more such new findings after this, the topic will also be closed.

You may return to the seller to demand for a replacement with a genuine copy or get a full refund. Have a read here (http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en#ID0EKNAC) to see if you qualify for Genuince Office Offer. As an alternative, you can also try OpenOffice (http://www.openoffice.org/).

Here's a new Attach.txt:

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 16/08/2010 12:15:07 PM
System Uptime: 22/09/2010 5:38:41 PM (48 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5GC-MX/1333
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | LGA 775 | 1800/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 59.982 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP121: 14/09/2010 7:03:04 PM - Installed Opera 10.62.
RP151: 16/09/2010 12:49:01 AM - Restore Operation

==== Installed Programs ======================

Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
ConvertXtoDVD 4.1.2.336
Cool & Quiet
Croc 2
EA Download Manager
ERUNT 1.1j
Feedback Tool
Final Draft
Foxit Reader
GIMP 2.6.10
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 15
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
novaPDF Professional Desktop 7.2 printer
Opera 10.62
QuickTime
Safari
Supple - Episode 2 (remove only)
The Sims™ 3
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 1.1.4
WinRAR archiver

==== Event Viewer Messages From Past Week ========

24/09/2010 6:13:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
24/09/2010 1:43:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
24/09/2010 1:43:34 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/09/2010 1:43:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/09/2010 5:35:37 PM, Error: EventLog [6008] - The previous system shutdown at 5:34:39 PM on 22/09/2010 was unexpected.
20/09/2010 12:21:57 AM, Error: EventLog [6008] - The previous system shutdown at 12:20:03 AM on 20/09/2010 was unexpected.
19/09/2010 6:03:17 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
18/09/2010 12:03:42 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
17/09/2010 7:52:50 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

--------------------

Here's the new MGADiag result:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-CYGXP-PXFXP-P4YM3
Windows Product Key Hash: PCDmI0G/xsCkD8JRfe/Vpk1EMr4=
Windows Product ID: 89572-OEM-7300972-96464
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6002.2.00010300.2.0.002
ID: {EAE275B0-EE4A-4165-A299-6161B3B874A1}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Basic
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.100608-0458
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Opera\opera.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\uxtheme.dll[6.0.6001.18000], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\browseui.dll[6.0.6000.16386], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{EAE275B0-EE4A-4165-A299-6161B3B874A1}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-P4YM3</PKey><PID>89572-OEM-7300972-96464</PID><PIDType>3</PIDType><SID>S-1-5-21-434098278-49066985-2103770490</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0310 </Version><SMBIOSVersion major="2" minor="4"/><Date>20071224000000.000000+000</Date></BIOS><HWID>23323507018400EA</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomeBasic edition
Description: Windows Operating System - Vista, OEM_COA_NSLP channel
Activation ID: bb4c2c10-dc0d-4ce6-8824-ee71ddb63c07
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89572-00146-009-796464-02-4105-6000.0000-2282010
Installation ID: 017553288272343306950972606651591762510573670171006663
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: P4YM3
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OgAAAAIABAABAAEAAgABAAAAAwABAAEAnJ8SrDYOU1GYk1r/qnZI5JKF4PmN7/L0XvEsYXKWrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC A_M_I_ OEMAPIC
FACP A_M_I_ OEMFACP
HPET A_M_I_ OEMHPET
MCFG A_M_I_ OEMMCFG
OEMB A_M_I_ AMI_OEM

Hello Clinity :),

I want you to retry Rootkit Unhooker but with the following steps prior to it. In fact from now onwards, you must run all the tools using this method.

For Windows Vista or Windows 7, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

If you get the log, please post back here and skip the following steps. Otherwise, please continue below.

--------------------

Please close all programs and do not run any others before and during the GMER scan. Do not use the computer for anything else until after the scan is completed.

Please download GMER and save it to your desktop. Click here. (http://www.gmer.net/download.php)

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
In the right panel, you will see several boxes that have been checked (ticked).
Uncheck IAT/EAT
Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
Uncheck Show All (don't miss this one)
Then click the Scan button and wait for it to finish.
Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
Enable back your security softwares as soon as you completed the GMER steps.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

If you are having problems running this version of GMER, please try running GMER in Safe Mode. You can get into Safe Mode using the F8 key during the startup of your computer after a reboot.

--------------------

Please post back:
1. the Rootkit Unhooker log, or
2. GMER result

Here's the GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-25 04:04:49
Windows 6.0.6002 Service Pack 2
Running: xrnbr3go.exe; Driver: C:\Users\Hurley\AppData\Local\Temp\uxryrpod.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 83940BF8
INT 0x62 ? 83940BF8
INT 0x72 ? 83940BF8
INT 0x82 ? 85581BF8
INT 0x93 ? 85581BF8
INT 0xA3 ? 85581BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spdg.sys The system cannot find the path specified. !
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x82A79024]
.text USBPORT.SYS!DllUnload 8AFBF41B 5 Bytes JMP 855811D8
.text auveq6cl.SYS 86398000 22 Bytes [82, 03, E1, 81, 6C, 02, E1, ...]
.text auveq6cl.SYS 86398017 181 Bytes [00, 32, 47, 99, 82, 3D, 45, ...]
.text auveq6cl.SYS 863980CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text auveq6cl.SYS 863980DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text auveq6cl.SYS 863980E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 847001F8
Device \Driver\volmgr \Device\VolMgrControl 839421F8
Device \Driver\sptd \Device\249176770 spdg.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{C64BE831-1E4C-44DB-9969-2256F41C8347} 85F3D1F8
Device \Driver\usbuhci \Device\USBPDO-0 843091F8
Device \Driver\PCI_PNP8762 \Device\00000045 spdg.sys
Device \Driver\usbuhci \Device\USBPDO-1 843091F8
Device \Driver\usbuhci \Device\USBPDO-2 843091F8
Device \Driver\usbuhci \Device\USBPDO-3 843091F8
Device \Driver\usbehci \Device\USBPDO-4 8557E1F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\volmgr \Device\HarddiskVolume1 839421F8
Device \Driver\cdrom \Device\CdRom0 8571B500
Device \Driver\cdrom \Device\CdRom1 8571B500
Device \Driver\atapi \Device\Ide\IdePort0 846FF1F8
Device \Driver\atapi \Device\Ide\IdePort1 846FF1F8
Device \Driver\atapi \Device\Ide\IdePort2 846FF1F8
Device \Driver\atapi \Device\Ide\IdePort3 846FF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 846FF1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 85F3D1F8
Device \Driver\Smb \Device\NetbiosSmb 85F391F8
Device \Driver\iScsiPrt \Device\RaidPort0 856ED1F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\netbt \Device\NetBT_Tcpip_{C8C21490-2519-4451-9F83-32A28D5317A6} 85F3D1F8
Device \Driver\usbuhci \Device\USBFDO-0 843091F8
Device \Driver\usbuhci \Device\USBFDO-1 843091F8
Device \Driver\usbuhci \Device\USBFDO-2 843091F8
Device \Driver\usbuhci \Device\USBFDO-3 843091F8
Device \Driver\usbehci \Device\USBFDO-4 8557E1F8
Device \Driver\auveq6cl \Device\Scsi\auveq6cl1Port5Path0Target0Lun0 858BA1F8
Device \Driver\auveq6cl \Device\Scsi\auveq6cl1 858BA1F8
Device \FileSystem\cdfs \Cdfs 857191F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 847BE618

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0xFC 0x2A 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x13 0x9E 0xFF 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0x18 0xC8 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x19 0xD3 0x59 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x13 0x9E 0xFF 0xB7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0x18 0xC8 0xCF ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Hello Clinity :),

For Windows Vista or Seven, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please download ComboFix© by sUBs from one of the links below and save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.

Run ComboFix

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on ComboFix.exe and follow the prompts.
When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.

A detailed step by step tutorial to run ComboFix can be found here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) if you need help.

--------------------

Please post back:
1. the ComboFix log

ComboFix log:

ComboFix 10-09-25.01 - Hurley 25/09/2010 14:32:29.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.1015.375 [GMT -4:00]
Running from: c:\users\Hurley\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Hurley\AppData\Roaming\inst.exe

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-08-25 to 2010-09-25 )))))))))))))))))))))))))))))))
.

2010-09-25 18:42 . 2010-09-25 18:42 -------- d-----w- c:\users\Hurley\AppData\Local\temp
2010-09-25 18:42 . 2010-09-25 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-25 03:41 . 2010-09-25 03:43 775 ----a-w- C:\cleanup.bat
2010-09-25 03:12 . 2010-09-25 03:12 -------- d-----w- c:\users\Hurley\AppData\Local\iH8sn0w
2010-09-24 03:29 . 2010-09-24 03:35 -------- d-----w- c:\users\Hurley\AppData\Roaming\Trillian
2010-09-24 03:25 . 2010-09-24 03:29 -------- d-----w- c:\program files\Trillian
2010-09-23 23:36 . 2010-09-23 23:36 6656 ----a-w- c:\windows\system32\F1E0ACD5.exe
2010-09-23 22:57 . 2010-09-24 21:29 -------- d-----w- C:\MGADiagToolOutput
2010-09-23 22:56 . 2010-09-23 22:56 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-09-23 13:52 . 2010-09-23 13:52 4093792 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-09-23 13:52 . 2010-09-23 13:52 3586912 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-09-23 13:52 . 2010-09-23 13:52 620896 ----a-w- c:\programdata\avg9\update\backup\avgnsx.exe
2010-09-23 13:52 . 2010-09-23 13:52 1619296 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-09-23 13:52 . 2010-09-23 13:52 942432 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-09-23 13:52 . 2010-09-23 13:52 598368 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-09-23 13:52 . 2010-09-23 13:52 4371296 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-09-23 13:52 . 2010-09-23 13:52 300896 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-09-23 13:51 . 2010-09-23 13:51 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-09-22 04:49 . 2010-09-23 17:04 -------- d-----w- c:\program files\Supple - Episode 2
2010-09-22 04:10 . 2010-09-22 04:10 -------- d-----w- c:\program files\RunAsDate
2010-09-20 03:43 . 2010-09-20 03:43 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-20 03:43 . 2010-09-20 03:43 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-20 03:42 . 2010-09-20 03:42 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-20 03:42 . 2010-09-20 03:42 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-20 03:42 . 2010-09-25 17:38 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-20 03:42 . 2010-09-20 03:45 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-09-20 03:05 . 2010-09-20 03:05 -------- d-----w- c:\program files\ERUNT
2010-09-19 22:56 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-09-19 22:56 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-09-19 22:56 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-09-19 22:56 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-09-19 22:56 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-09-19 22:56 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-09-19 22:56 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-09-19 22:56 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-09-19 22:56 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-09-19 22:56 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-09-19 22:56 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-09-19 22:56 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-09-19 22:19 . 2010-09-19 22:19 -------- d-----w- c:\program files\Feedback Tool
2010-09-19 03:15 . 2010-09-19 03:15 -------- d-----w- c:\program files\QuickTime
2010-09-17 23:58 . 2010-09-17 23:58 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-17 23:55 . 2010-09-17 23:55 -------- d-----w- c:\program files\iPod
2010-09-17 23:46 . 2010-09-17 23:46 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-17 03:37 . 2010-09-17 03:37 -------- d-----w- c:\users\Hurley\AppData\Roaming\Softland
2010-09-17 03:36 . 2010-09-03 20:01 23368 ----a-w- c:\windows\system32\novamnp7.dll
2010-09-17 03:36 . 2010-09-03 20:01 20808 ----a-w- c:\windows\system32\novamip7.dll
2010-09-17 03:36 . 2010-02-05 19:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-09-17 03:36 . 2010-09-17 03:36 -------- d-----w- c:\program files\Softland
2010-09-16 05:20 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 05:20 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 05:19 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 05:18 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 16:13 . 2010-09-19 21:40 -------- d-----w- C:\$AVG
2010-09-15 01:58 . 2010-09-16 05:05 -------- d-----w- c:\program files\iPod(76)
2010-09-15 01:58 . 2010-09-15 01:59 -------- d-----w- c:\program files\iTunes(77)
2010-09-15 01:28 . 2010-09-15 01:28 -------- d-----w- c:\program files\AVG
2010-09-15 01:28 . 2010-09-20 03:39 -------- d-----w- c:\programdata\avg9
2010-09-15 00:10 . 2010-09-15 00:11 -------- d-----w- c:\users\Hurley\AppData\Roaming\BitDefender
2010-09-15 00:10 . 2010-09-15 00:30 -------- d-----w- c:\programdata\BitDefender
2010-09-15 00:10 . 2010-09-15 00:10 -------- d-----w- c:\program files\BitDefender
2010-09-15 00:04 . 2010-09-15 00:30 -------- d-----w- c:\program files\Common Files\BitDefender
2010-09-14 05:27 . 2010-09-14 05:27 -------- d-----w- c:\users\Hurley\AppData\Local\Opera
2010-09-14 05:27 . 2010-09-16 05:22 -------- d-----w- c:\program files\Opera
2010-09-14 04:17 . 2010-09-14 05:20 -------- d-----w- c:\users\Hurley\AppData\Local\Google
2010-09-11 20:59 . 2010-09-11 20:59 -------- d-----w- c:\program files\DAMN NFO Viewer
2010-09-11 20:32 . 2010-09-11 20:32 -------- d-----w- c:\users\Hurley\AppData\Roaming\Lionhead Studios
2010-09-11 18:53 . 2010-09-11 18:53 -------- d-----w- c:\program files\Amazon
2010-09-11 15:20 . 2010-09-11 15:20 -------- d-----w- c:\users\Hurley\AppData\Roaming\Mattel
2010-09-11 15:16 . 2010-09-11 15:16 -------- d-----w- c:\program files\Mattel
2010-09-11 05:29 . 2010-09-11 05:29 -------- d-sh--w- c:\windows\ftpcache
2010-09-11 05:06 . 2010-09-11 05:06 -------- d-----w- c:\programdata\Lionhead Studios
2010-09-11 05:06 . 2010-09-11 05:06 -------- d-----w- c:\program files\Lionhead Studios
2010-09-10 05:20 . 2010-09-10 05:20 -------- d-----w- c:\windows\Sun
2010-09-07 08:26 . 2010-09-07 08:26 -------- d-----w- c:\users\Hurley\AppData\Roaming\blg
2010-09-07 08:26 . 2010-09-07 08:26 -------- d-----w- c:\programdata\blg
2010-09-07 03:45 . 2010-09-07 03:45 -------- d-----w- c:\users\Hurley\AppData\Roaming\Gamelab
2010-09-06 19:03 . 2010-09-06 19:03 -------- d-----w- c:\programdata\Trymedia
2010-09-06 19:03 . 2010-09-06 19:03 -------- d-----w- c:\programdata\Sandlot Games
2010-09-06 04:18 . 2010-09-07 08:18 -------- d-----w- c:\users\Hurley\AppData\Roaming\PlayFirst
2010-09-06 04:18 . 2010-09-07 08:18 -------- d-----w- c:\programdata\PlayFirst
2010-09-06 04:15 . 2010-09-20 03:21 -------- d-----w- c:\program files\Games
2010-09-05 06:34 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-05 06:34 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-05 06:33 . 2010-09-17 23:55 -------- d-----w- c:\program files\iTunes
2010-09-05 04:49 . 2010-09-16 05:00 -------- d-----w- c:\program files\Notepad2
2010-09-04 20:46 . 2010-09-04 20:46 -------- d-----w- c:\users\Hurley\AppData\Roaming\Foxit Software
2010-09-04 20:46 . 2010-09-16 04:58 -------- d-----w- c:\program files\Foxit Software
2010-09-02 16:05 . 2010-09-19 03:01 -------- d-----w- c:\users\Hurley\AppData\Roaming\vlc
2010-09-02 07:13 . 2010-09-02 07:13 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-09-02 04:11 . 2010-09-02 04:11 -------- d-----w- c:\users\Hurley\AppData\Roaming\Final Draft
2010-09-02 02:21 . 2009-05-14 14:32 4169728 ----a-r- c:\windows\system32\cdintf400.dll
2010-09-02 02:20 . 2010-09-02 02:20 -------- d-----w- c:\program files\Final Draft Tagger
2010-09-02 02:20 . 2010-09-16 04:58 -------- d-----w- c:\programdata\Final Draft
2010-09-02 02:20 . 2010-09-16 04:58 -------- d-----w- c:\program files\Final Draft 8
2010-09-02 02:18 . 2010-09-02 02:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-01 18:27 . 2010-09-16 04:58 -------- d-----w- c:\program files\MSECache
2010-09-01 18:04 . 2010-09-16 04:58 -------- d-----r- C:\MSOCache
2010-09-01 07:05 . 2008-11-10 15:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-01 07:05 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-09-01 06:49 . 2010-09-16 05:00 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-09-01 06:10 . 2010-09-01 06:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-01 06:09 . 2010-09-01 06:55 -------- d-----w- c:\users\Hurley\AppData\Roaming\DAEMON Tools Lite
2010-09-01 06:09 . 2010-09-01 06:09 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-09-01 05:41 . 2010-09-01 05:41 -------- d-----w- c:\users\Hurley\AppData\Local\Microsoft Help
2010-09-01 05:40 . 2010-09-24 17:42 -------- d-----w- c:\programdata\Microsoft Help
2010-08-28 22:25 . 2010-09-18 00:01 -------- d-----w- c:\program files\Safari
2010-08-28 22:21 . 2010-08-28 22:21 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-27 01:52 . 2010-09-02 06:36 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-27 01:43 . 2010-08-27 01:43 -------- d-----w- c:\program files\Adobe Media Player
2010-08-27 01:35 . 2010-09-24 17:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-26 22:48 . 2010-08-26 22:48 -------- d-----w- c:\users\Hurley\AppData\Roaming\gtk-2.0
2010-08-26 22:48 . 2010-08-26 22:48 -------- d-----w- c:\users\Hurley\.thumbnails
2010-08-26 22:41 . 2010-08-27 01:53 -------- d-----w- c:\users\Hurley\.gimp-2.6
2010-08-26 22:39 . 2010-09-16 04:59 -------- d-----w- c:\program files\GIMP-2.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 03:54 . 2010-08-18 05:38 -------- d-----w- c:\users\Hurley\AppData\Roaming\Apple Computer
2010-09-25 03:00 . 2010-08-16 16:21 196000 ----a-w- c:\users\Hurley\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-24 17:40 . 2010-08-17 06:49 -------- d-----w- c:\program files\Microsoft.NET
2010-09-24 17:39 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2010-09-22 03:03 . 2010-08-17 19:18 -------- d-----w- c:\users\Hurley\AppData\Roaming\uTorrent
2010-09-20 02:46 . 2010-08-18 05:07 -------- d-----w- c:\program files\7-Zip
2010-09-20 02:38 . 2010-08-18 00:07 -------- d-----w- c:\program files\iColorFolder
2010-09-19 21:00 . 2010-08-17 16:55 -------- d-----w- c:\users\Hurley\AppData\Roaming\Vso
2010-09-17 23:55 . 2010-08-18 04:13 -------- d-----w- c:\program files\Common Files\Apple
2010-09-16 21:41 . 2010-08-17 10:15 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-09-16 07:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-16 05:50 . 2010-09-16 06:03 782 ----a-w- c:\windows\Fonts\MorganSnCaps-BoldOblique.pfm
2010-09-16 05:50 . 2010-09-16 05:59 756 ----a-w- c:\windows\Fonts\GINGERRE.pfm
2010-09-16 05:50 . 2010-09-16 05:58 1048 ----a-w- c:\windows\Fonts\Imbalance.pfm
2010-09-16 05:50 . 2010-09-16 06:02 1207 ----a-w- c:\windows\Fonts\MorganSnExpert-Bold.pfm
2010-09-16 05:48 . 2010-09-16 05:57 1840 ----a-w- c:\windows\Fonts\VERVE_RG.PFM
2010-09-16 05:47 . 2010-09-16 06:02 692 ----a-w- c:\windows\Fonts\MorganSnPi-BoldOblique.pfm
2010-09-16 05:47 . 2010-09-16 06:02 685 ----a-w- c:\windows\Fonts\MorganSnPi-Bold.pfm
2010-09-16 05:47 . 2010-09-16 06:00 768 ----a-w- c:\windows\Fonts\Parable-RegularSCItalicExp.pfm
2010-09-16 05:47 . 2010-09-16 06:00 762 ----a-w- c:\windows\Fonts\Parable-RegularSCExpert.pfm
2010-09-16 05:47 . 2010-09-16 06:00 768 ----a-w- c:\windows\Fonts\Parable-BoldSCItalicExpert.pfm
2010-09-16 05:47 . 2010-09-16 05:57 1896 ----a-w- c:\windows\Fonts\VRVALTBD.PFM
2010-09-16 05:47 . 2010-09-16 06:02 930 ----a-w- c:\windows\Fonts\MorganSnLining-BoldOblique.pfm
2010-09-16 05:47 . 2010-09-16 06:02 858 ----a-w- c:\windows\Fonts\MorganSnLining-Oblique.pfm
2010-09-16 05:47 . 2010-09-16 05:57 961 ----a-w- c:\windows\Fonts\CHEVRON.PFM
2010-09-16 05:47 . 2010-09-16 06:00 756 ----a-w- c:\windows\Fonts\Parable-BoldSCExpert.pfm
2010-09-16 05:47 . 2010-09-16 05:57 1902 ----a-w- c:\windows\Fonts\VRVALTRG.PFM
2010-09-16 05:46 . 2010-09-16 05:59 740 ----a-w- c:\windows\Fonts\GINGER-L.pfm
2010-09-16 05:46 . 2010-09-16 06:00 764 ----a-w- c:\windows\Fonts\Parable-BoldItalicExpert.pfm
2010-09-16 05:05 . 2010-08-18 04:12 -------- d-----w- c:\program files\Bonjour
2010-09-16 04:59 . 2010-08-24 19:08 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-16 04:59 . 2010-08-23 05:26 -------- d-----w- c:\programdata\Electronic Arts
2010-09-16 04:59 . 2010-08-21 23:52 -------- d-----w- c:\program files\Fox
2010-09-16 04:59 . 2010-08-23 04:55 -------- d-----w- c:\program files\Electronic Arts
2010-09-16 04:59 . 2010-08-18 04:16 -------- d-----w- c:\program files\Apple Software Update
2010-09-16 04:59 . 2010-08-17 16:55 -------- d-----w- c:\program files\VSO
2010-09-16 04:58 . 2010-08-16 16:36 -------- d-----w- c:\program files\Minefield
2010-09-16 04:58 . 2010-08-16 16:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 04:58 . 2010-08-16 16:44 -------- d-----w- c:\program files\ASUS
2010-09-16 04:58 . 2010-08-16 16:44 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Reference Assemblies
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2010-09-04 08:51 . 2010-08-18 04:12 -------- d-----w- c:\programdata\Apple
2010-09-01 04:46 . 2010-09-19 23:09 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-09-01 04:44 . 2010-09-19 23:09 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-09-01 04:44 . 2010-09-19 23:09 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-09-01 04:43 . 2010-09-19 23:09 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 04:43 . 2010-09-19 23:09 72704 ----a-w- c:\windows\system32\SetDepNx.exe
2010-09-01 04:43 . 2010-09-19 23:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-01 04:43 . 2010-09-19 23:09 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-01 04:43 . 2010-09-19 23:09 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-09-01 04:43 . 2010-09-19 23:09 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-09-01 04:42 . 2010-09-19 23:09 51200 ----a-w- c:\windows\system32\admparse.dll
2010-09-01 04:42 . 2010-09-19 23:09 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-09-01 04:42 . 2010-09-19 23:09 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-09-01 04:42 . 2010-09-19 23:09 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-09-01 04:42 . 2010-09-19 23:09 149504 ----a-w- c:\windows\system32\wextract.exe
2010-09-01 04:42 . 2010-09-19 23:09 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-09-01 04:42 . 2010-09-19 23:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-09-01 04:42 . 2010-09-19 23:09 11264 ----a-w- c:\windows\system32\mshta.exe
2010-09-01 04:41 . 2010-09-19 23:09 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-25 04:59 . 2010-08-25 04:59 -------- d-----w- c:\program files\CurrPorts
2010-08-24 23:30 . 2010-08-24 23:30 -------- d-----w- c:\programdata\RegInOut
2010-08-24 19:14 . 2010-08-24 19:15 53632 ----a-w- c:\users\Hurley\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-24 19:14 . 2010-08-24 19:08 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-24 16:03 . 2010-08-24 16:03 -------- d-----w- c:\programdata\WindowsSearch
2010-08-18 05:36 . 2010-08-18 04:17 -------- d-----w- c:\programdata\Apple Computer
2010-08-18 05:21 . 2010-08-18 05:21 -------- d-----w- c:\program files\Windows Portable Devices
2010-08-18 05:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-18 05:20 . 2010-08-18 05:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-18 04:23 . 2010-08-18 04:22 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-18 00:04 . 2010-08-18 00:04 -------- d-----w- c:\program files\DExposE2 .Expose
2010-08-17 23:56 . 2010-08-17 23:56 -------- d-----w- c:\program files\Y'z Shadow
2010-08-17 22:55 . 2010-08-17 22:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-17 20:39 . 2010-08-17 20:39 -------- d-----w- c:\programdata\vsosdk
2010-08-17 17:18 . 2010-08-17 17:18 -------- d-----w- c:\program files\VideoLAN
2010-08-17 16:55 . 2010-08-17 16:55 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-08-17 16:55 . 2010-08-17 16:55 47360 ----a-w- c:\users\Hurley\AppData\Roaming\pcouffin.sys
2010-08-17 16:55 . 2010-08-17 16:55 47360 ----a-w- c:\users\Hurley\AppData\Roaming\pcouffin.sys
2010-08-17 05:41 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-08-17 05:41 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-08-16 21:18 . 2010-08-16 21:18 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-08-16 21:16 . 2010-08-16 21:16 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-16 21:16 . 2010-08-16 21:16 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-08-16 21:16 . 2010-08-16 21:16 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-16 20:50 . 2010-08-16 20:50 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-08-16 20:50 . 2010-08-16 20:50 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-08-16 20:50 . 2010-08-16 20:50 23552 ----a-w- c:\windows\system32\lpk.dll
2010-08-16 20:50 . 2010-08-16 20:50 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-08-16 20:44 . 2010-08-16 20:44 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-08-16 20:44 . 2010-08-16 20:44 272896 ----a-w- c:\windows\system32\polstore.dll
2010-08-16 20:40 . 2010-08-16 20:40 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-16 20:34 . 2010-08-16 20:34 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-16 20:34 . 2010-08-16 20:34 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-08-16 20:34 . 2010-08-16 20:34 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
.

------- Sigcheck -------

[-] 2008-10-24 . E042398ADDA05FFE10BD8637996E01B1 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-06-30 18:22 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-20 2065760]

c:\users\Hurley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2010-8-23 2068832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-06-30 431432]
R3 F1E0ACD5;F1E0ACD5;c:\windows\system32\F1E0ACD5.exe [2010-09-23 6656]
R3 Normandy;Normandy SR2; [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-09-01 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-20 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-20 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-20 308136]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2008-10-16 29184]
S3 netr28;D-Link 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\Dnetr28.sys [2009-11-09 611328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &??????? ? Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2010-09-25 14:46:59
ComboFix-quarantined-files.txt 2010-09-25 18:46

Pre-Run: 84,723,539,968 bytes free
Post-Run: 86,018,179,072 bytes free

- - End Of File - - 214C8319B5167261032AA64578786671

Hello Clinity :),

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. the ESET online scan result
2. how is your computer now?

ESET online scan result:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a19ac8b635995146a9332e9610c997d2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-26 10:01:18
# local_time=2010-09-26 06:01:18 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 55277 55277 0 0
# compatibility_mode=5892 16776574 100 100 0 122098588 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=109460
# found=3
# cleaned=0
# scan_time=4259
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\atapi.sys.vir Win32/Olmarik.RF trojan 00000000000000000000000000000000 I
C:\Users\Hurley\AppData\Roaming\Microsoft\a1.7z Win32/FakeMSN.J trojan 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7a12e24d-55d9d0bb a variant of Java/Mugademel.A trojan 00000000000000000000000000000000 I

--------------------

My browsers have been responding for about a whole day now, but that's happened before and it stopped responding again. So, I'm not sure how it's doing as of yet.

Hello Clinity :),

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Do not mouse click on ComboFix while it is running. That may cause it to stall.

Run ComboFix script

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Open Notepad. Copy and paste the following text into it:

File::
C:\Users\Hurley\AppData\Roaming\Microsoft\a1.7z
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7a12e24d-55d9d0bb

DDS::
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

Folder::
c:\program files\utorrent
c:\users\Hurley\AppData\Roaming\uTorrent


Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update, please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, a log will be produced as C:\ComboFix.txt. Copy and paste the contents of the log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.

--------------------

Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Java(TM) 6 Update 15


Go to the Java SE download page. Click here. (http://java.sun.com/javase/downloads/index.jsp)
Look for JDK 6 Update 21 (JDK or JRE). Click the Download JRE button to the right.
Select Windows from the drop-down list for Platform.
Check I agree to the Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement after reading it, and click Continue >>. The page will refresh.
Under the Windows Offline Installation title, click on the link which says jre-6u21-windows-i586.exe and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Then, from your desktop, double click on the download to install the newest version. Reboot your computer.

--------------------

The remainder of the online scan's findings include backups that were created during the course of this fix of which we shall be taking care of during the final cleanup.

--------------------

Please post back:
1. the ComboFix log
2. any more problems?

The first ComboFix scan got interrupted, but this is the second one and it still shows the previous scan results.

ComboFix 10-09-27.05 - Hurley 28/09/2010 4:08.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.1015.372 [GMT -4:00]
Running from: c:\users\Hurley\Desktop\ComboFix.exe
Command switches used :: c:\users\Hurley\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Hurley\AppData\Roaming\Microsoft\a1.7z"
"c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7a12e24d-55d9d0bb"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Hurley\AppData\Roaming\Microsoft\a1.7z
c:\users\Hurley\AppData\Roaming\uTorrent
c:\users\Hurley\AppData\Roaming\uTorrent\Degrassi S10E17 Webrip Xvid-P2Pftw.avi.torrent
c:\users\Hurley\AppData\Roaming\uTorrent\Degrassi S10E18 Webrip MP4 480p.torrent
c:\users\Hurley\AppData\Roaming\uTorrent\Degrassi S10E19 MP4 480p.torrent
c:\users\Hurley\AppData\Roaming\uTorrent\Degrassi S10E20 Webrip FLV 480p.torrent
c:\users\Hurley\AppData\Roaming\uTorrent\Degrassi S10E21 webrip FLV 480p-P2Pftw.torrent
c:\users\Hurley\AppData\Roaming\uTorrent\Degrassi S10E22 FLV 480p.torrent
c:\users\Hurley\AppData\Roaming\uTorrent\Degrassi S10E23 webrip FLV 480p-P2Pftw.torrent
c:\users\Hurley\AppData\Roaming\uTorrent\Degrassi S10E24 Webrip FLV 480p-P2Pftw.torrent
c:\users\Hurley\AppData\Roaming\uTorrent\dht.dat
c:\users\Hurley\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Hurley\AppData\Roaming\uTorrent\MTV.Video.Music.Awards.2010.HDTV.XviD-aAF.avi.torrent
c:\users\Hurley\AppData\Roaming\uTorrent\resume.dat
c:\users\Hurley\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Hurley\AppData\Roaming\uTorrent\rss.dat
c:\users\Hurley\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Hurley\AppData\Roaming\uTorrent\settings.dat
c:\users\Hurley\AppData\Roaming\uTorrent\utorrent.lng
c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7a12e24d-55d9d0bb

.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-28 )))))))))))))))))))))))))))))))
.

2010-09-28 08:20 . 2010-09-28 08:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-28 08:20 . 2010-09-28 08:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-28 07:50 . 2010-09-28 08:20 -------- d-----w- c:\users\Hurley\AppData\Local\temp
2010-09-28 07:35 . 2010-09-28 07:35 -------- d-----w- c:\program files\Common Files\Java
2010-09-28 07:33 . 2010-09-28 07:32 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-28 01:33 . 2010-09-28 06:00 -------- d-----w- c:\users\Hurley\AppData\Local\Adobe
2010-09-26 06:20 . 2010-09-28 03:35 -------- d-----w- c:\program files\JDownloader
2010-09-26 06:16 . 2010-09-26 06:16 -------- d-----w- c:\program files\iPod
2010-09-26 06:16 . 2010-09-26 06:17 -------- d-----w- c:\program files\iTunes
2010-09-26 06:12 . 2010-09-26 06:12 -------- d-----w- c:\program files\Bonjour
2010-09-26 06:07 . 2010-09-26 06:07 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-25 03:41 . 2010-09-25 03:43 775 ----a-w- C:\cleanup.bat
2010-09-24 03:29 . 2010-09-24 03:35 -------- d-----w- c:\users\Hurley\AppData\Roaming\Trillian
2010-09-24 03:25 . 2010-09-25 18:47 -------- d-----w- c:\program files\Trillian
2010-09-23 23:36 . 2010-09-23 23:36 6656 ----a-w- c:\windows\system32\F1E0ACD5.exe
2010-09-23 22:57 . 2010-09-24 21:29 -------- d-----w- C:\MGADiagToolOutput
2010-09-23 22:56 . 2010-09-23 22:56 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-09-23 13:52 . 2010-09-23 13:52 4093792 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-09-23 13:52 . 2010-09-23 13:52 3586912 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-09-23 13:52 . 2010-09-23 13:52 620896 ----a-w- c:\programdata\avg9\update\backup\avgnsx.exe
2010-09-23 13:52 . 2010-09-23 13:52 1619296 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-09-23 13:52 . 2010-09-23 13:52 942432 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-09-23 13:52 . 2010-09-23 13:52 598368 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-09-23 13:52 . 2010-09-23 13:52 4371296 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-09-23 13:52 . 2010-09-23 13:52 300896 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-09-23 13:51 . 2010-09-23 13:51 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-09-22 04:49 . 2010-09-23 17:04 -------- d-----w- c:\program files\Supple - Episode 2
2010-09-22 04:10 . 2010-09-22 04:10 -------- d-----w- c:\program files\RunAsDate
2010-09-20 03:43 . 2010-09-20 03:43 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-20 03:43 . 2010-09-20 03:43 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-20 03:42 . 2010-09-20 03:42 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-20 03:42 . 2010-09-20 03:42 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-20 03:42 . 2010-09-27 21:42 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-20 03:42 . 2010-09-20 03:45 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-09-20 03:05 . 2010-09-20 03:05 -------- d-----w- c:\program files\ERUNT
2010-09-19 22:56 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-09-19 22:56 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-09-19 22:56 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-09-19 22:56 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-09-19 22:56 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-09-19 22:56 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-09-19 22:56 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-09-19 22:56 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-09-19 22:56 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-09-19 22:56 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-09-19 22:56 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-09-19 22:56 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-09-19 22:19 . 2010-09-19 22:19 -------- d-----w- c:\program files\Feedback Tool
2010-09-19 03:15 . 2010-09-19 03:15 -------- d-----w- c:\program files\QuickTime
2010-09-17 23:58 . 2010-09-17 23:58 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-17 03:37 . 2010-09-17 03:37 -------- d-----w- c:\users\Hurley\AppData\Roaming\Softland
2010-09-17 03:36 . 2010-09-03 20:01 23368 ----a-w- c:\windows\system32\novamnp7.dll
2010-09-17 03:36 . 2010-09-03 20:01 20808 ----a-w- c:\windows\system32\novamip7.dll
2010-09-17 03:36 . 2010-02-05 19:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-09-17 03:36 . 2010-09-17 03:36 -------- d-----w- c:\program files\Softland
2010-09-16 05:20 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 05:20 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 05:19 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 05:18 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 16:13 . 2010-09-19 21:40 -------- d-----w- C:\$AVG
2010-09-15 01:58 . 2010-09-16 05:05 -------- d-----w- c:\program files\iPod(76)
2010-09-15 01:58 . 2010-09-15 01:59 -------- d-----w- c:\program files\iTunes(77)
2010-09-15 01:28 . 2010-09-15 01:28 -------- d-----w- c:\program files\AVG
2010-09-15 01:28 . 2010-09-20 03:39 -------- d-----w- c:\programdata\avg9
2010-09-15 00:10 . 2010-09-15 00:11 -------- d-----w- c:\users\Hurley\AppData\Roaming\BitDefender
2010-09-15 00:10 . 2010-09-15 00:30 -------- d-----w- c:\programdata\BitDefender
2010-09-15 00:04 . 2010-09-15 00:30 -------- d-----w- c:\program files\Common Files\BitDefender
2010-09-14 05:27 . 2010-09-14 05:27 -------- d-----w- c:\users\Hurley\AppData\Local\Opera
2010-09-14 05:27 . 2010-09-16 05:22 -------- d-----w- c:\program files\Opera
2010-09-14 04:17 . 2010-09-14 05:20 -------- d-----w- c:\users\Hurley\AppData\Local\Google
2010-09-11 20:59 . 2010-09-11 20:59 -------- d-----w- c:\program files\DAMN NFO Viewer
2010-09-11 20:32 . 2010-09-11 20:32 -------- d-----w- c:\users\Hurley\AppData\Roaming\Lionhead Studios
2010-09-11 18:53 . 2010-09-11 18:53 -------- d-----w- c:\program files\Amazon
2010-09-11 15:20 . 2010-09-11 15:20 -------- d-----w- c:\users\Hurley\AppData\Roaming\Mattel
2010-09-11 15:16 . 2010-09-11 15:16 -------- d-----w- c:\program files\Mattel
2010-09-11 05:29 . 2010-09-11 05:29 -------- d-sh--w- c:\windows\ftpcache
2010-09-11 05:06 . 2010-09-11 05:06 -------- d-----w- c:\programdata\Lionhead Studios
2010-09-11 05:06 . 2010-09-11 05:06 -------- d-----w- c:\program files\Lionhead Studios
2010-09-10 05:20 . 2010-09-10 05:20 -------- d-----w- c:\windows\Sun
2010-09-07 08:26 . 2010-09-07 08:26 -------- d-----w- c:\users\Hurley\AppData\Roaming\blg
2010-09-07 08:26 . 2010-09-07 08:26 -------- d-----w- c:\programdata\blg
2010-09-07 03:45 . 2010-09-07 03:45 -------- d-----w- c:\users\Hurley\AppData\Roaming\Gamelab
2010-09-06 19:03 . 2010-09-06 19:03 -------- d-----w- c:\programdata\Trymedia
2010-09-06 19:03 . 2010-09-06 19:03 -------- d-----w- c:\programdata\Sandlot Games
2010-09-06 04:18 . 2010-09-07 08:18 -------- d-----w- c:\users\Hurley\AppData\Roaming\PlayFirst
2010-09-06 04:18 . 2010-09-07 08:18 -------- d-----w- c:\programdata\PlayFirst
2010-09-06 04:15 . 2010-09-20 03:21 -------- d-----w- c:\program files\Games
2010-09-05 06:34 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-05 06:34 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-05 04:49 . 2010-09-16 05:00 -------- d-----w- c:\program files\Notepad2
2010-09-04 20:46 . 2010-09-04 20:46 -------- d-----w- c:\users\Hurley\AppData\Roaming\Foxit Software
2010-09-04 20:46 . 2010-09-16 04:58 -------- d-----w- c:\program files\Foxit Software
2010-09-02 16:05 . 2010-09-26 06:52 -------- d-----w- c:\users\Hurley\AppData\Roaming\vlc
2010-09-02 07:13 . 2010-09-02 07:13 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-09-02 04:11 . 2010-09-02 04:11 -------- d-----w- c:\users\Hurley\AppData\Roaming\Final Draft
2010-09-02 02:21 . 2009-05-14 14:32 4169728 ----a-r- c:\windows\system32\cdintf400.dll
2010-09-02 02:20 . 2010-09-02 02:20 -------- d-----w- c:\program files\Final Draft Tagger
2010-09-02 02:20 . 2010-09-16 04:58 -------- d-----w- c:\programdata\Final Draft
2010-09-02 02:20 . 2010-09-16 04:58 -------- d-----w- c:\program files\Final Draft 8
2010-09-02 02:18 . 2010-09-02 02:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-01 18:27 . 2010-09-16 04:58 -------- d-----w- c:\program files\MSECache
2010-09-01 18:04 . 2010-09-16 04:58 -------- d-----r- C:\MSOCache
2010-09-01 07:05 . 2008-11-10 15:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-01 07:05 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-09-01 06:49 . 2010-09-16 05:00 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-09-01 06:10 . 2010-09-01 06:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-01 06:09 . 2010-09-01 06:55 -------- d-----w- c:\users\Hurley\AppData\Roaming\DAEMON Tools Lite
2010-09-01 06:09 . 2010-09-01 06:09 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-09-01 05:41 . 2010-09-01 05:41 -------- d-----w- c:\users\Hurley\AppData\Local\Microsoft Help
2010-09-01 05:40 . 2010-09-24 17:42 -------- d-----w- c:\programdata\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-27 00:15 . 2010-08-26 22:48 -------- d-----w- c:\users\Hurley\AppData\Roaming\gtk-2.0
2010-09-26 06:16 . 2010-08-18 04:13 -------- d-----w- c:\program files\Common Files\Apple
2010-09-25 03:54 . 2010-08-18 05:38 -------- d-----w- c:\users\Hurley\AppData\Roaming\Apple Computer
2010-09-25 03:00 . 2010-08-16 16:21 196000 ----a-w- c:\users\Hurley\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-24 17:47 . 2010-08-27 01:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-24 17:40 . 2010-08-17 06:49 -------- d-----w- c:\program files\Microsoft.NET
2010-09-24 17:39 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2010-09-20 02:46 . 2010-08-18 05:07 -------- d-----w- c:\program files\7-Zip
2010-09-20 02:38 . 2010-08-18 00:07 -------- d-----w- c:\program files\iColorFolder
2010-09-19 21:00 . 2010-08-17 16:55 -------- d-----w- c:\users\Hurley\AppData\Roaming\Vso
2010-09-18 00:01 . 2010-08-28 22:25 -------- d-----w- c:\program files\Safari
2010-09-16 21:41 . 2010-08-17 10:15 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-09-16 07:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-16 05:50 . 2010-09-16 06:03 782 ----a-w- c:\windows\Fonts\MorganSnCaps-BoldOblique.pfm
2010-09-16 05:50 . 2010-09-16 05:59 756 ----a-w- c:\windows\Fonts\GINGERRE.pfm
2010-09-16 05:50 . 2010-09-16 05:58 1048 ----a-w- c:\windows\Fonts\Imbalance.pfm
2010-09-16 05:50 . 2010-09-16 06:02 1207 ----a-w- c:\windows\Fonts\MorganSnExpert-Bold.pfm
2010-09-16 05:48 . 2010-09-16 05:57 1840 ----a-w- c:\windows\Fonts\VERVE_RG.PFM
2010-09-16 05:47 . 2010-09-16 06:02 692 ----a-w- c:\windows\Fonts\MorganSnPi-BoldOblique.pfm
2010-09-16 05:47 . 2010-09-16 06:02 685 ----a-w- c:\windows\Fonts\MorganSnPi-Bold.pfm
2010-09-16 05:47 . 2010-09-16 06:00 768 ----a-w- c:\windows\Fonts\Parable-RegularSCItalicExp.pfm
2010-09-16 05:47 . 2010-09-16 06:00 762 ----a-w- c:\windows\Fonts\Parable-RegularSCExpert.pfm
2010-09-16 05:47 . 2010-09-16 06:00 768 ----a-w- c:\windows\Fonts\Parable-BoldSCItalicExpert.pfm
2010-09-16 05:47 . 2010-09-16 05:57 1896 ----a-w- c:\windows\Fonts\VRVALTBD.PFM
2010-09-16 05:47 . 2010-09-16 06:02 930 ----a-w- c:\windows\Fonts\MorganSnLining-BoldOblique.pfm
2010-09-16 05:47 . 2010-09-16 06:02 858 ----a-w- c:\windows\Fonts\MorganSnLining-Oblique.pfm
2010-09-16 05:47 . 2010-09-16 05:57 961 ----a-w- c:\windows\Fonts\CHEVRON.PFM
2010-09-16 05:47 . 2010-09-16 06:00 756 ----a-w- c:\windows\Fonts\Parable-BoldSCExpert.pfm
2010-09-16 05:47 . 2010-09-16 05:57 1902 ----a-w- c:\windows\Fonts\VRVALTRG.PFM
2010-09-16 05:46 . 2010-09-16 05:59 740 ----a-w- c:\windows\Fonts\GINGER-L.pfm
2010-09-16 05:46 . 2010-09-16 06:00 764 ----a-w- c:\windows\Fonts\Parable-BoldItalicExpert.pfm
2010-09-16 04:59 . 2010-08-26 22:39 -------- d-----w- c:\program files\GIMP-2.0
2010-09-16 04:59 . 2010-08-24 19:08 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-16 04:59 . 2010-08-23 05:26 -------- d-----w- c:\programdata\Electronic Arts
2010-09-16 04:59 . 2010-08-21 23:52 -------- d-----w- c:\program files\Fox
2010-09-16 04:59 . 2010-08-23 04:55 -------- d-----w- c:\program files\Electronic Arts
2010-09-16 04:59 . 2010-08-18 04:16 -------- d-----w- c:\program files\Apple Software Update
2010-09-16 04:59 . 2010-08-17 16:55 -------- d-----w- c:\program files\VSO
2010-09-16 04:58 . 2010-08-16 16:36 -------- d-----w- c:\program files\Minefield
2010-09-16 04:58 . 2010-08-16 16:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 04:58 . 2010-08-16 16:44 -------- d-----w- c:\program files\ASUS
2010-09-16 04:58 . 2010-08-16 16:44 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Reference Assemblies
2010-09-16 04:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2010-09-04 08:51 . 2010-08-18 04:12 -------- d-----w- c:\programdata\Apple
2010-09-02 06:36 . 2010-08-27 01:52 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-09-01 04:46 . 2010-09-19 23:09 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-09-01 04:44 . 2010-09-19 23:09 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-09-01 04:44 . 2010-09-19 23:09 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-09-01 04:43 . 2010-09-19 23:09 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 04:43 . 2010-09-19 23:09 72704 ----a-w- c:\windows\system32\SetDepNx.exe
2010-09-01 04:43 . 2010-09-19 23:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-01 04:43 . 2010-09-19 23:09 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-01 04:43 . 2010-09-19 23:09 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-09-01 04:43 . 2010-09-19 23:09 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-09-01 04:42 . 2010-09-19 23:09 51200 ----a-w- c:\windows\system32\admparse.dll
2010-09-01 04:42 . 2010-09-19 23:09 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-09-01 04:42 . 2010-09-19 23:09 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-09-01 04:42 . 2010-09-19 23:09 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-09-01 04:42 . 2010-09-19 23:09 149504 ----a-w- c:\windows\system32\wextract.exe
2010-09-01 04:42 . 2010-09-19 23:09 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-09-01 04:42 . 2010-09-19 23:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-09-01 04:42 . 2010-09-19 23:09 11264 ----a-w- c:\windows\system32\mshta.exe
2010-09-01 04:41 . 2010-09-19 23:09 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-28 22:21 . 2010-08-28 22:21 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-27 01:43 . 2010-08-27 01:43 -------- d-----w- c:\program files\Adobe Media Player
2010-08-25 04:59 . 2010-08-25 04:59 -------- d-----w- c:\program files\CurrPorts
2010-08-24 23:30 . 2010-08-24 23:30 -------- d-----w- c:\programdata\RegInOut
2010-08-24 19:14 . 2010-08-24 19:15 53632 ----a-w- c:\users\Hurley\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-24 19:14 . 2010-08-24 19:08 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-24 16:03 . 2010-08-24 16:03 -------- d-----w- c:\programdata\WindowsSearch
2010-08-18 05:36 . 2010-08-18 04:17 -------- d-----w- c:\programdata\Apple Computer
2010-08-18 05:21 . 2010-08-18 05:21 -------- d-----w- c:\program files\Windows Portable Devices
2010-08-18 05:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-18 05:20 . 2010-08-18 05:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-18 04:23 . 2010-08-18 04:22 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-18 00:04 . 2010-08-18 00:04 -------- d-----w- c:\program files\DExposE2 .Expose
2010-08-17 23:56 . 2010-08-17 23:56 -------- d-----w- c:\program files\Y'z Shadow
2010-08-17 22:55 . 2010-08-17 22:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-17 20:39 . 2010-08-17 20:39 -------- d-----w- c:\programdata\vsosdk
2010-08-17 17:18 . 2010-08-17 17:18 -------- d-----w- c:\program files\VideoLAN
2010-08-17 16:55 . 2010-08-17 16:55 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-08-17 16:55 . 2010-08-17 16:55 47360 ----a-w- c:\users\Hurley\AppData\Roaming\pcouffin.sys
2010-08-17 16:55 . 2010-08-17 16:55 47360 ----a-w- c:\users\Hurley\AppData\Roaming\pcouffin.sys
2010-08-17 05:41 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-08-17 05:41 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-08-16 21:18 . 2010-08-16 21:18 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-08-16 21:16 . 2010-08-16 21:16 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-16 21:16 . 2010-08-16 21:16 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-08-16 21:16 . 2010-08-16 21:16 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-16 20:50 . 2010-08-16 20:50 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-08-16 20:50 . 2010-08-16 20:50 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-08-16 20:50 . 2010-08-16 20:50 23552 ----a-w- c:\windows\system32\lpk.dll
2010-08-16 20:50 . 2010-08-16 20:50 10240 ----a-w- c:\windows\system32\dciman32.dll
.

------- Sigcheck -------

[-] 2008-10-24 . E042398ADDA05FFE10BD8637996E01B1 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-25_18.43.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-27 16:50 . 2010-09-27 16:50 55818 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-08-16 16:31 . 2010-09-28 08:00 31590 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2010-09-28 08:00 51604 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-27 22:44 . 2010-07-27 22:44 75040 c:\windows\System32\jdns_sd.dll
- 2010-05-18 20:35 . 2010-05-18 20:35 75040 c:\windows\System32\jdns_sd.dll
- 2010-05-18 20:35 . 2010-05-18 20:35 91424 c:\windows\System32\dnssd.dll
+ 2010-07-27 22:44 . 2010-07-27 22:44 91424 c:\windows\System32\dnssd.dll
- 2006-11-02 10:25 . 2010-09-20 03:25 86016 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2010-09-26 17:32 86016 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2010-09-20 03:25 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2010-09-26 17:32 51200 c:\windows\inf\infpub.dat
+ 2010-08-16 16:23 . 2010-09-28 08:00 8418 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-434098278-49066985-2103770490-1000_UserData.bin
- 2010-09-25 18:30 . 2010-09-25 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-28 07:58 . 2010-09-28 07:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-25 18:30 . 2010-09-25 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-28 07:58 . 2010-09-28 07:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2010-09-25 18:38 608760 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-09-28 08:03 608760 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-09-28 08:03 108268 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-09-25 18:38 108268 c:\windows\System32\perfc009.dat
+ 2010-09-28 07:33 . 2010-09-28 07:32 153376 c:\windows\System32\javaws.exe
+ 2010-09-28 07:33 . 2010-09-28 07:32 145184 c:\windows\System32\javaw.exe
- 2010-08-16 17:52 . 2010-08-16 17:51 145184 c:\windows\System32\javaw.exe
- 2010-08-16 17:52 . 2010-08-16 17:51 145184 c:\windows\System32\java.exe
+ 2010-09-28 07:33 . 2010-09-28 07:32 145184 c:\windows\System32\java.exe
- 2010-05-18 20:35 . 2010-05-18 20:35 197920 c:\windows\System32\dnssdX.dll
+ 2010-07-27 22:44 . 2010-07-27 22:44 197920 c:\windows\System32\dnssdX.dll
+ 2010-07-27 22:44 . 2010-07-27 22:44 107808 c:\windows\System32\dns-sd.exe
- 2010-05-18 20:35 . 2010-05-18 20:35 107808 c:\windows\System32\dns-sd.exe
+ 2010-09-16 00:09 . 2010-09-28 07:57 685620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-09-16 00:09 . 2010-09-25 18:21 685620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-28 07:35 . 2010-09-28 07:35 180224 c:\windows\Installer\277518.msi
+ 2010-09-28 07:32 . 2010-09-28 07:32 677376 c:\windows\Installer\277513.msi
+ 2010-09-26 06:18 . 2010-09-26 06:18 380928 c:\windows\Installer\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}\iTunesIco.exe
+ 2010-09-25 18:47 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\25-09-2010\ERDNT.EXE
+ 2010-09-16 03:28 . 2010-09-28 07:57 2345412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-434098278-49066985-2103770490-1000-8192.dat
- 2010-09-16 03:28 . 2010-09-25 18:21 2345412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-434098278-49066985-2103770490-1000-8192.dat
+ 2010-09-16 04:36 . 2010-09-25 19:31 1954348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-434098278-49066985-2103770490-1000-12288.dat
+ 2010-09-26 06:18 . 2010-09-26 06:18 6333440 c:\windows\Installer\1398e4.msi
+ 2010-09-26 06:12 . 2010-09-26 06:12 1984000 c:\windows\Installer\139042.msi
+ 2010-09-25 18:47 . 2010-09-25 18:47 1667072 c:\windows\ERDNT\AutoBackup\25-09-2010\Users\00000002\UsrClass.dat
+ 2010-09-25 18:47 . 2010-09-25 18:47 1187840 c:\windows\ERDNT\AutoBackup\25-09-2010\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-06-30 18:22 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-20 2065760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Hurley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2010-8-23 2068832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-06-30 431432]
R3 F1E0ACD5;F1E0ACD5;c:\windows\system32\F1E0ACD5.exe [2010-09-23 6656]
R3 Normandy;Normandy SR2; [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-09-01 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-20 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-20 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-20 308136]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2008-10-16 29184]
S3 netr28;D-Link 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\Dnetr28.sys [2009-11-09 611328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &??????? ? Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-28 04:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-28 04:24:41
ComboFix-quarantined-files.txt 2010-09-28 08:24
ComboFix2.txt 2010-09-25 18:47

Pre-Run: 82,473,259,008 bytes free
Post-Run: 82,440,351,744 bytes free

- - End Of File - - 88306A6B867505D22D65CCF53F0BB383

--------------------

My computer seems to be doing better.
Is there anything else I should be doing?

Hello Clinity :),

We are almost done.

I need you to upload a suspicious file to Jotti for an online scan. Click here. (http://virusscan.jotti.org/)

Click the white box beside the Browse box.
Copy and paste the following file and its path to upload:

c:\windows\system32\F1E0ACD5.exe
Press Submit. The file will be submitted for testing.
If there is any indication or prompt that the file has been scanned before, please proceed to have the file rescanned or reanalyzed.
Please wait for all the scanners to finish, then copy and paste the result into Notepad and save it to a convenient place.
Post the result in your next response.

Alternatively, if Jotti is busy or inaccessible, you may try VirusTotal (http://www.virustotal.com/en/indexf.html) or VirScan (http://virscan.org/) with similar steps.

A result from either one of the above scanners would be sufficient.

--------------------

Please post back:
1. Jotti result
2. new DDS logs (DDS.txt and Attach.txt)

Jotti result:

2010-09-09 Found nothing 2010-09-09 Found nothing
2010-09-09 Found nothing 2010-09-09 Found nothing
2010-09-09 Found nothing 2010-09-09 Found nothing
2010-09-09 Found nothing 2010-09-09 Found nothing
2010-09-09 Found nothing 2010-09-09 Found nothing
2010-09-09 Found nothing 2010-09-09 Found nothing
2010-09-09 Found nothing 2010-09-09 Found nothing
2010-09-09 Found nothing 2010-09-08 Found nothing
2010-09-09 Found nothing 2010-09-09 Found nothing

--------------------

DDS:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Hurley at 23:43:01.98 on 29/09/2010
Internet Explorer: 9.0.7930.16406
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.1015.249 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Hurley\Desktop\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Google Update] "c:\users\hurley\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\hurley\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\hurley\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &??????? ? Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-19 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-19 308136]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2008-10-16 29184]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-8-16 21504]
R3 netr28;D-Link 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\Dnetr28.sys [2010-8-16 611328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-9-19 431432]
S3 F1E0ACD5;F1E0ACD5;c:\windows\system32\F1E0ACD5.exe [2010-9-23 6656]

=============== Created Last 30 ================

2010-09-28 17:57:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 08:24:09 0 d-sh--w- C:\$RECYCLE.BIN
2010-09-28 08:05:53 0 d-----w- C:\ComboFix
2010-09-28 07:35:15 0 d-----w- c:\programdata\Sun
2010-09-28 07:33:27 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-27 00:15:57 889 ----a-w- c:\users\hurley\.recently-used.xbel
2010-09-26 06:16:48 0 d-----w- c:\program files\iPod
2010-09-26 06:16:33 0 d-----w- c:\program files\iTunes
2010-09-26 06:12:34 0 d-----w- c:\program files\Bonjour
2010-09-25 18:23:56 98816 ----a-w- c:\windows\sed.exe
2010-09-25 18:23:56 77312 ----a-w- c:\windows\MBR.exe
2010-09-25 18:23:56 256512 ----a-w- c:\windows\PEV.exe
2010-09-25 18:23:56 161792 ----a-w- c:\windows\SWREG.exe
2010-09-25 03:41:42 775 ----a-w- C:\cleanup.bat
2010-09-24 03:29:12 0 d-----w- c:\users\hurley\appdata\roaming\Trillian
2010-09-23 23:36:52 6656 ----a-w- c:\windows\system32\F1E0ACD5.exe
2010-09-23 22:57:52 0 d-----w- C:\MGADiagToolOutput
2010-09-23 22:56:28 0 d-----w- c:\programdata\Office Genuine Advantage
2010-09-22 04:49:41 0 d-----w- c:\program files\Supple - Episode 2
2010-09-22 04:10:09 0 d-----w- c:\program files\RunAsDate
2010-09-20 03:43:05 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-20 03:43:01 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-20 03:42:41 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-20 03:42:22 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-20 03:42:17 0 d-----w- c:\programdata\AVG Security Toolbar
2010-09-19 22:56:05 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-09-19 22:56:05 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-09-19 22:56:05 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-09-19 22:56:05 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-09-19 22:56:05 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-09-19 22:56:05 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-09-19 22:56:05 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-09-19 22:56:05 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-09-19 22:56:05 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-09-19 22:56:05 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-09-19 22:56:05 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-09-19 22:56:05 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-09-19 22:19:21 0 d-----w- c:\program files\Feedback Tool
2010-09-17 03:37:29 0 d-----w- c:\users\hurley\appdata\roaming\Softland
2010-09-17 03:36:57 7549 ----a-w- c:\windows\system32\novap7.ctm
2010-09-17 03:36:57 23368 ----a-w- c:\windows\system32\novamnp7.dll
2010-09-17 03:36:57 20808 ----a-w- c:\windows\system32\novamip7.dll
2010-09-17 03:36:42 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-09-17 03:36:36 0 d-----w- c:\program files\Softland
2010-09-16 07:06:24 172 ----a-w- c:\windows\system32\MRT.INI
2010-09-16 05:20:48 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 05:20:25 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 05:19:12 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 05:18:32 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 16:13:20 0 d-----w- C:\$AVG
2010-09-15 01:58:42 0 d-----w- c:\program files\iPod(76)
2010-09-15 01:58:37 0 d-----w- c:\program files\iTunes(77)
2010-09-15 01:28:59 0 d-----w- c:\program files\AVG
2010-09-15 01:28:42 0 d-----w- c:\programdata\avg9
2010-09-15 00:10:51 0 d-----w- c:\users\hurley\appdata\roaming\BitDefender
2010-09-15 00:10:50 0 d-----w- c:\programdata\BitDefender
2010-09-15 00:04:33 0 d-----w- c:\program files\common files\BitDefender
2010-09-11 20:59:25 0 d-----w- c:\program files\DAMN NFO Viewer
2010-09-11 20:32:30 0 d-----w- c:\users\hurley\appdata\roaming\Lionhead Studios
2010-09-11 18:53:46 0 d-----w- c:\program files\Amazon
2010-09-11 15:20:47 0 d-----w- c:\users\hurley\appdata\roaming\Mattel
2010-09-11 15:16:33 0 d-----w- c:\program files\Mattel
2010-09-11 05:29:52 0 d-sh--w- c:\windows\ftpcache
2010-09-11 05:06:55 0 d-----w- c:\programdata\Lionhead Studios
2010-09-11 05:06:55 0 d-----w- c:\program files\Lionhead Studios
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 08:26:44 0 d-----w- c:\users\hurley\appdata\roaming\blg
2010-09-07 08:26:44 0 d-----w- c:\programdata\blg
2010-09-07 03:45:46 0 d-----w- c:\users\hurley\appdata\roaming\Gamelab
2010-09-06 19:03:40 0 d-----w- c:\programdata\Trymedia
2010-09-06 19:03:40 0 d-----w- c:\programdata\Sandlot Games
2010-09-06 04:18:32 0 d-----w- c:\programdata\TEMP
2010-09-06 04:18:32 0 d-----w- c:\programdata\PlayFirst
2010-09-06 04:15:22 0 d-----w- c:\program files\Games
2010-09-05 06:34:10 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-05 06:34:10 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-05 04:49:33 0 d-----w- c:\program files\Notepad2
2010-09-04 20:46:20 0 d-----w- c:\users\hurley\appdata\roaming\Foxit Software
2010-09-04 20:46:00 0 d-----w- c:\program files\Foxit Software
2010-09-02 04:11:40 0 d-----w- c:\users\hurley\appdata\roaming\Final Draft
2010-09-02 02:21:02 4169728 ----a-r- c:\windows\system32\cdintf400.dll
2010-09-02 02:20:26 0 d-----w- c:\program files\Final Draft Tagger
2010-09-02 02:20:25 0 d-----w- c:\programdata\Final Draft
2010-09-02 02:20:15 0 d-----w- c:\program files\Final Draft 8
2010-09-02 02:18:10 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-09-01 18:27:55 0 d-----w- c:\program files\MSECache
2010-09-01 07:05:35 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-01 06:49:31 0 d-----w- c:\program files\DAEMON Tools Lite
2010-09-01 06:10:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-01 06:09:12 0 d-----w- c:\users\hurley\appdata\roaming\DAEMON Tools Lite
2010-09-01 06:09:09 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-09-01 05:40:58 0 d-----w- c:\programdata\Microsoft Help

==================== Find3M ====================

2010-09-26 17:32:07 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-09-26 17:32:07 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-20 03:25:08 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-16 21:41:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-09-16 05:49:59 68316 ----a-w- c:\windows\fonts\BauTF-Regular.otf
2010-09-16 05:48:59 90008 ----a-w- c:\windows\fonts\Airbrake-RoundedOblique.ttf
2010-09-16 05:47:52 12986 ----a-w- c:\windows\fonts\MorganSnPi-Bold.PFB
2010-09-16 05:46:58 33411 ----a-w- c:\windows\fonts\GINGER-L.PFB
2010-09-16 05:46:58 2120 ----a-w- c:\windows\fonts\GINGER-I.pfm
2010-09-16 05:46:53 4008 ----a-w- c:\windows\fonts\Parable-BoldItalic.pfm
2010-09-16 05:46:53 31891 ----a-w- c:\windows\fonts\Parable-BoldItalicExpert.PFB
2010-09-01 04:46:36 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-09-01 04:44:24 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-09-01 04:44:06 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-09-01 04:43:22 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 04:43:12 72704 ----a-w- c:\windows\system32\SetDepNx.exe
2010-09-01 04:43:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-01 04:43:12 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-01 04:43:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-09-01 04:43:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-09-01 04:42:58 51200 ----a-w- c:\windows\system32\admparse.dll
2010-09-01 04:42:54 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-09-01 04:42:48 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-09-01 04:42:42 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-09-01 04:42:42 149504 ----a-w- c:\windows\system32\wextract.exe
2010-09-01 04:42:20 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-09-01 04:42:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-09-01 04:42:12 11264 ----a-w- c:\windows\system32\mshta.exe
2010-09-01 04:41:46 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-24 16:43:54 108888 ----a-w- c:\windows\fonts\Miama.ttf
2010-08-18 23:10:20 76928 ----a-w- c:\windows\fonts\expressway rg.ttf
2010-08-18 05:21:39 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-18 05:20:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-17 22:55:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-17 22:37:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-08-17 16:55:56 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-08-17 16:55:56 47360 ----a-w- c:\users\hurley\appdata\roaming\pcouffin.sys
2010-08-17 06:18:43 174 --sha-w- c:\program files\desktop.ini
2010-08-17 05:41:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-08-17 05:41:39 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-08-16 21:18:45 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-08-16 21:16:23 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-16 21:16:23 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-08-16 21:16:23 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-16 20:50:28 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-08-16 20:50:27 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-08-16 20:50:27 23552 ----a-w- c:\windows\system32\lpk.dll
2010-08-16 20:50:27 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-08-16 20:44:49 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-08-16 20:44:49 272896 ----a-w- c:\windows\system32\polstore.dll
2010-08-16 20:40:57 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-16 20:34:52 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-16 20:34:51 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-08-16 20:34:51 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-08-16 20:34:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-08-16 20:34:51 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-08-16 20:34:51 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-08-16 20:34:51 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-08-16 20:34:51 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-08-16 20:34:51 10240 ----a-w- c:\windows\system32\finger.exe
2010-08-16 20:28:01 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-08-16 20:27:59 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-08-16 20:27:59 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-08-16 20:27:59 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-08-16 20:27:59 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-08-16 20:27:59 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-08-16 20:27:56 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-08-16 20:26:13 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-08-16 20:26:12 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-08-16 20:26:11 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-08-16 20:24:36 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-16 20:22:47 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-16 20:22:47 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-16 20:22:46 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-16 20:19:12 98816 ----a-w- c:\windows\system32\mfps.dll
2010-08-16 20:19:12 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-08-16 20:19:12 2868224 ----a-w- c:\windows\system32\mf.dll
2010-08-16 20:19:11 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-08-16 20:19:11 2048 ----a-w- c:\windows\system32\mferror.dll
2010-08-16 20:10:29 71680 ----a-w- c:\windows\system32\atl.dll
2010-08-16 19:59:30 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-08-16 19:58:08 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-08-16 19:58:08 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-08-16 19:58:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-08-16 19:38:06 623616 ----a-w- c:\windows\system32\localspl.dll
2010-08-16 19:29:18 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-16 19:27:50 72704 ----a-w- c:\windows\system32\secur32.dll
2010-08-16 19:27:50 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-08-16 19:27:50 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-08-16 19:27:50 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-08-16 19:27:49 9728 ----a-w- c:\windows\system32\lsass.exe
2010-08-16 19:27:49 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-16 19:22:59 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2010-08-16 19:11:00 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-08-16 19:04:40 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-08-16 19:04:40 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-08-16 19:04:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-08-16 19:04:39 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-08-16 18:55:46 98304 ----a-w- c:\windows\system32\cabview.dll
2010-08-16 18:51:38 37888 ----a-w- c:\windows\system32\printcom.dll

============= FINISH: 23:45:05.26 ===============

--------------------

Attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 16/08/2010 12:15:07 PM
System Uptime: 28/09/2010 6:07:04 PM (29 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5GC-MX/1333
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | LGA 775 | 1800/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 69.353 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP201: 27/09/2010 4:11:32 AM - Scheduled Checkpoint
RP202: 28/09/2010 2:59:42 AM - Removed Java(TM) 6 Update 15
RP203: 28/09/2010 3:31:59 AM - Installed Java(TM) 6 Update 21
RP204: 28/09/2010 8:32:07 PM - Scheduled Checkpoint
RP205: 29/09/2010 3:00:20 AM - Windows Update
RP206: 29/09/2010 11:39:31 PM - Removed Opera 10.62.

==== Installed Programs ======================

Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
ConvertXtoDVD 4.1.2.336
Cool & Quiet
Croc 2
EA Download Manager
ERUNT 1.1j
Feedback Tool
Final Draft
Foxit Reader
GIMP 2.6.10
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
novaPDF Professional Desktop 7.2 printer
Opera 10.62
QuickTime
Safari
Supple - Episode 2 (remove only)
The Sims™ 3
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 1.1.4
WinRAR archiver

==== Event Viewer Messages From Past Week ========

29/09/2010 12:30:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
28/09/2010 4:20:07 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
28/09/2010 2:49:40 AM, Error: EventLog [6008] - The previous system shutdown at 2:47:12 AM on 28/09/2010 was unexpected.
27/09/2010 8:12:16 PM, Error: EventLog [6008] - The previous system shutdown at 8:10:52 PM on 27/09/2010 was unexpected.
26/09/2010 5:02:31 PM, Error: EventLog [6008] - The previous system shutdown at 5:00:35 PM on 26/09/2010 was unexpected.
26/09/2010 2:12:45 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/09/2010 2:52:25 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
25/09/2010 2:36:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
25/09/2010 2:08:26 PM, Error: EventLog [6008] - The previous system shutdown at 2:06:41 PM on 25/09/2010 was unexpected.
25/09/2010 2:00:54 PM, Error: EventLog [6008] - The previous system shutdown at 1:59:25 PM on 25/09/2010 was unexpected.
25/09/2010 1:54:48 AM, Error: EventLog [6008] - The previous system shutdown at 1:52:29 AM on 25/09/2010 was unexpected.
25/09/2010 1:30:37 PM, Error: EventLog [6008] - The previous system shutdown at 4:21:26 AM on 25/09/2010 was unexpected.
24/09/2010 1:43:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
24/09/2010 1:43:34 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/09/2010 1:43:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/09/2010 5:35:37 PM, Error: EventLog [6008] - The previous system shutdown at 5:34:39 PM on 22/09/2010 was unexpected.

==== End Of File ===========================

Hello Clinity :),

Please download SystemLook© by jpshortstuff from one of the links below and save it to your desktop.

Link 1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link 2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)


Double click on SystemLook.exe to run it.
Copy and paste the following text into the main textfield:

:file
c:\windows\system32\F1E0ACD5.exe

:service
F1E0ACD5

:filefind
shsvcs.dll

Click the Look button to start the scan. This might take a while.
When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your desktop as SystemLook.txt.

--------------------

Please post back:
1. the SystemLook log

Hello Clinity :),

I usually close the topic after 3 days without any reply, and it has already been 2 days since my last post. We are still not finished yet. Do you still need help? Any problems following my instructions? Need more time?

If I do not get any response within the next 24 hours, this topic will be closed.

Due to lack of response, this topic is now closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log. (http://forums.spybot.info/showpost.php?p=1150&postcount=2)

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.