PDA

View Full Version : infected HOSTS file


zephoid
2010-10-22, 08:33
it seems that, while S&D stopped most of the most recent malware from infecting my computer, it did not protect my hosts file. I cannot seem to remove the infected redirects no matter what i do. everything i try has an access denied message, even in safe mode.

hijack this printout

O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [WeatherClock] C:\Program Files (x86)\Weather Clock\WeatherClock.exe
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [VistaStartMenu] C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: DeskPins - Shortcut.lnk = C:\Program Files (x86)\DeskPins\DeskPins.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: uTorrent - Shortcut.lnk = C:\Program Files (x86)\uTorrent\uTorrent.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O23 - Service: Active@ Disk Monitor - LSoft Technologies Inc - C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)




DDS printout
_________________________________________________________________

DDS (Ver_10-10-21.02) - NTFS_AMD64 NETWORK
Run by Zephoid at 2:20:31.44 on 22/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6142.4887 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\PowerISO\PowerISO.exe
C:\ProgramData\Mozilla Firefox\firefox.exe
C:\ProgramData\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Zephoid\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
uRun: [WeatherClock] C:\Program Files (x86)\Weather Clock\WeatherClock.exe
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [VistaStartMenu] C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Zephoid\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DESKPI~1.LNK - C:\Program Files (x86)\DeskPins\DeskPins.exe
StartupFolder: C:\Users\Zephoid\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
StartupFolder: C:\Users\Zephoid\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\UTORRE~1.LNK - C:\Program Files (x86)\uTorrent\uTorrent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
IFEO: image file execution options - svchost.exe
IFEO: AdwarePrj.exe - svchost.exe
IFEO: agent.exe - svchost.exe
IFEO: AlphaAV - svchost.exe
IFEO: AlphaAV.exe - svchost.exe
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
mRun-x64: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
IFEO-X64: image file execution options - svchost.exe
IFEO-X64: AdwarePrj.exe - svchost.exe
IFEO-X64: agent.exe - svchost.exe
IFEO-X64: AlphaAV - svchost.exe
IFEO-X64: AlphaAV.exe - svchost.exe

Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Zephoid\AppData\Roaming\Mozilla\Firefox\Profiles\o0hre16z.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Users\Zephoid\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {C07B76EB-3416-46CD-AF8F-A11F3FA3300E} - C:\Users\Zephoid\AppData\Local\{C07B76EB-3416-46CD-AF8F-A11F3FA3300E}\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: search.clsid - {C5B59A29-1964-46C5-9537-C403D93A4390}
FF - user.js: search.sid - 15001053100
FF - user.js: extensions.newAddons - false
FF - user.js: search.clsid - {C5B59A29-1964-46C5-9537-C403D93A4390}
FF - user.js: search.sid - 15001053100
FF - user.js: extensions.newAddons - falseC:\ProgramData\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\ProgramData\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\ProgramData\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\ProgramData\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\ProgramData\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\ProgramData\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\ProgramData\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\ProgramData\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\ProgramData\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\ProgramData\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2010-7-19 20352]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-4 346144]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-9-6 18216]
S2 Active@ Disk Monitor;Active@ Disk Monitor;C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2010-8-21 1464328]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-8-16 108289]
S2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-8-16 185089]
S2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2009-8-16 74880]
S2 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-30 1030600]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-29 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 15928]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2009-9-21 72216]
S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]
S2 MSSQL$ONDSQL;SQL Server (ONDSQL);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-8-16 1153368]
S2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2009-10-25 142120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
S2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2010-3-4 1793976]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 FXDrv32;FXDrv32;C:\Program Files (x86)\FOXCONN\FOX LiveUpdate\FXDrv64.sys [2010-1-27 32024]
S3 mv2;mv2;C:\Windows\System32\drivers\mv2.sys [2010-3-4 12096]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-2-11 19544]
S3 radpms;Driver for RADPMS Device;C:\Windows\System32\drivers\radpms.sys [2010-5-18 14944]
S3 SaiHFFB5;SaiHFFB5;C:\Windows\System32\drivers\SaiHFFB5.sys [2008-4-4 178560]
S3 SaiIFFB5;Immersion's HID USB Driver (FFB5);C:\Windows\System32\drivers\SaiIFFB5.sys [2008-4-4 20864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-28 1255736]
S4 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-3-4 24645]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-8-15 79360]
S4 PuranDefrag;PuranDefrag;C:\Windows\System32\PuranDefragS.exe [2009-9-13 293376]
S4 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [2010-9-6 6245744]

============== File Associations ===============

.txt=Notepad++_file

=============== Created Last 30 ================

2010-10-22 00:47:32 162120 ------w- C:\Program Files (x86)\Microsoft Games\Freelancer\EXE2\dw15.exe
2010-10-21 02:44:16 331776 ----a-r- C:\Program Files (x86)\Microsoft Games\Freelancer\CFNoHud.exe
2010-10-18 23:05:33 -------- d-----w- C:\Users\Zephoid\AppData\Roaming\Mumble(PR Edition)
2010-10-15 19:30:00 -------- d-----w- C:\Program Files (x86)\Mumble(PR Edition)
2010-10-15 18:36:49 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{27276B84-76DF-44BC-A2B9-6529552DB6CB}\mpengine.dll
2010-10-08 21:27:39 -------- d-----w- C:\Program Files (x86)\OxelonMedia
2010-10-08 02:58:17 -------- d-----w- C:\Users\Zephoid\AppData\Local\Mumble
2010-10-08 02:29:30 -------- d-----w- C:\Users\Zephoid\AppData\Roaming\Mumble
2010-10-08 02:29:10 -------- d-----w- C:\Program Files (x86)\Mumble
2010-10-03 22:11:01 -------- d-----w- C:\Program Files (x86)\StarCraft II
2010-10-03 20:04:48 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-10-03 20:04:48 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-10-03 20:04:48 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-10-03 20:04:21 -------- d-----w- C:\Program Files\iTunes
2010-10-03 20:04:21 -------- d-----w- C:\Program Files\iPod
2010-10-03 20:04:21 -------- d-----w- C:\Program Files (x86)\iTunes
2010-10-03 20:04:21 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-10-03 20:03:59 -------- d-----w- C:\Program Files\Bonjour
2010-10-03 20:03:59 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-09-28 01:27:37 -------- d-----w- C:\Program Files (x86)\Warhammer 40000 Dawn of War II - Chaos Rising

==================== Find3M ====================

2010-10-20 21:20:38 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2010-10-20 21:20:38 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-10-15 19:33:37 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2010-09-30 03:27:13 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-09-30 03:27:13 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-09-30 03:27:13 33152 ----a-w- C:\Windows\System32\LMIport.dll
2010-09-21 01:11:21 468480 ----a-w- C:\Windows\System32\deployJava1.dll
2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-08-04 01:02:33 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-08-04 01:02:33 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-08-04 01:02:32 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-08-04 01:02:32 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-07-27 22:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll
2010-07-27 22:55:50 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2010-07-27 22:55:50 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2010-07-27 22:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2010-07-27 22:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2010-07-27 22:44:10 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2010-07-27 22:44:10 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2010-07-27 22:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

============= FINISH: 2:21:21.67 ===============





DDS attach file


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/01/2010 00:25:40
System Uptime: 22/10/2010 01:57:01 (1 hours ago)

Motherboard: Foxconn | | MARS
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 3004/334mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 31.482 GiB free.
D: is FIXED (NTFS) - 1397 GiB total, 95.699 GiB free.
G: is FIXED (NTFS) - 1397 GiB total, 1248.879 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&319ACE36&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&319ACE36&0
Service: i8042prt

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: LAN-Express AS IEEE 802.11g miniPCI Adapter
Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_04061468&REV_01\4&EF53C10&0&10F0
Manufacturer: Atheros Communications Inc.
Name: LAN-Express AS IEEE 802.11g miniPCI Adapter #2
PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_04061468&REV_01\4&EF53C10&0&10F0
Service: athr

==== System Restore Points ===================

RP322: 20/10/2010 22:23:58 - a

==== Image File Execution Options =============

IFEO: image file execution options - svchost.exe
IFEO: AdwarePrj.exe - svchost.exe
IFEO: agent.exe - svchost.exe
IFEO: AlphaAV - svchost.exe
IFEO: AlphaAV.exe - svchost.exe
IFEO: Anti-Virus Professional.exe - svchost.exe
IFEO: AntispywarXP2009.exe - svchost.exe
IFEO: AntivirusPlus - svchost.exe
IFEO: AntivirusPlus.exe - svchost.exe
IFEO: AntivirusPro_2010.exe - svchost.exe
IFEO: AntivirusXP - svchost.exe
IFEO: AntivirusXP.exe - svchost.exe
IFEO: antivirusxppro2009.exe - svchost.exe
IFEO: AntiVirus_Pro.exe - svchost.exe
IFEO: av360.exe - svchost.exe
IFEO: AVCare.exe - svchost.exe
IFEO: brastk.exe - svchost.exe
IFEO: Cl.exe - svchost.exe
IFEO: csc.exe - svchost.exe
IFEO: dop.exe - svchost.exe
IFEO: frmwrk32.exe - svchost.exe
IFEO: gav.exe - svchost.exe
IFEO: gbn976rl.exe - svchost.exe
IFEO: homeav2010.exe - svchost.exe
IFEO: init32.exe - svchost.exe
IFEO: MalwareRemoval.exe - svchost.exe
IFEO: ozn695m5.exe - svchost.exe
IFEO: pav.exe - svchost.exe
IFEO: pc.exe - svchost.exe
IFEO: pctsAuxs.exe - svchost.exe
IFEO: pctsGui.exe - svchost.exe
IFEO: pctsSvc.exe - svchost.exe
IFEO: pctsTray.exe - svchost.exe
IFEO: PC_Antispyware2010.exe - svchost.exe
IFEO: pdfndr.exe - svchost.exe
IFEO: PerAvir.exe - svchost.exe
IFEO: personalguard - svchost.exe
IFEO: personalguard.exe - svchost.exe
IFEO: protector.exe - svchost.exe
IFEO: qh.exe - svchost.exe
IFEO: Quick Heal.exe - svchost.exe
IFEO: QuickHealCleaner.exe - svchost.exe
IFEO: rwg - svchost.exe
IFEO: rwg.exe - svchost.exe
IFEO: SafetyKeeper.exe - svchost.exe
IFEO: Save.exe - svchost.exe
IFEO: SaveArmor.exe - svchost.exe
IFEO: SaveDefense.exe - svchost.exe
IFEO: SaveKeep.exe - svchost.exe
IFEO: Secure Veteran.exe - svchost.exe
IFEO: secureveteran.exe - svchost.exe
IFEO: Security Center.exe - svchost.exe
IFEO: SecurityFighter.exe - svchost.exe
IFEO: securitysoldier.exe - svchost.exe
IFEO: smart.exe - svchost.exe
IFEO: smartprotector.exe - svchost.exe
IFEO: smrtdefp.exe - svchost.exe
IFEO: SoftSafeness.exe - svchost.exe
IFEO: spywarexpguard.exe - svchost.exe
IFEO: tapinstall.exe - svchost.exe
IFEO: TrustWarrior.exe - svchost.exe
IFEO: tsc.exe - svchost.exe
IFEO: W3asbas.exe - svchost.exe
IFEO: winav.exe - svchost.exe
IFEO: windll32.exe - svchost.exe
IFEO: windows Police Pro.exe - svchost.exe
IFEO: xpdeluxe.exe - svchost.exe
IFEO: xp_antispyware.exe - svchost.exe
IFEO: ~1.exe - svchost.exe
IFEO: ~2.exe - svchost.exe
IFEO-X64: image file execution options - svchost.exe
IFEO-X64: AdwarePrj.exe - svchost.exe
IFEO-X64: agent.exe - svchost.exe
IFEO-X64: AlphaAV - svchost.exe
IFEO-X64: AlphaAV.exe - svchost.exe
IFEO-X64: Anti-Virus Professional.exe - svchost.exe
IFEO-X64: AntispywarXP2009.exe - svchost.exe
IFEO-X64: AntivirusPlus - svchost.exe
IFEO-X64: AntivirusPlus.exe - svchost.exe
IFEO-X64: AntivirusPro_2010.exe - svchost.exe
IFEO-X64: AntivirusXP - svchost.exe
IFEO-X64: AntivirusXP.exe - svchost.exe
IFEO-X64: antivirusxppro2009.exe - svchost.exe
IFEO-X64: AntiVirus_Pro.exe - svchost.exe
IFEO-X64: av360.exe - svchost.exe
IFEO-X64: AVCare.exe - svchost.exe
IFEO-X64: brastk.exe - svchost.exe
IFEO-X64: Cl.exe - svchost.exe
IFEO-X64: csc.exe - svchost.exe
IFEO-X64: dop.exe - svchost.exe
IFEO-X64: frmwrk32.exe - svchost.exe
IFEO-X64: gav.exe - svchost.exe
IFEO-X64: gbn976rl.exe - svchost.exe
IFEO-X64: homeav2010.exe - svchost.exe
IFEO-X64: init32.exe - svchost.exe
IFEO-X64: MalwareRemoval.exe - svchost.exe
IFEO-X64: ozn695m5.exe - svchost.exe
IFEO-X64: pav.exe - svchost.exe
IFEO-X64: pc.exe - svchost.exe
IFEO-X64: pctsAuxs.exe - svchost.exe
IFEO-X64: pctsGui.exe - svchost.exe
IFEO-X64: pctsSvc.exe - svchost.exe
IFEO-X64: pctsTray.exe - svchost.exe
IFEO-X64: PC_Antispyware2010.exe - svchost.exe
IFEO-X64: pdfndr.exe - svchost.exe
IFEO-X64: PerAvir.exe - svchost.exe
IFEO-X64: personalguard - svchost.exe
IFEO-X64: personalguard.exe - svchost.exe
IFEO-X64: protector.exe - svchost.exe
IFEO-X64: qh.exe - svchost.exe
IFEO-X64: Quick Heal.exe - svchost.exe
IFEO-X64: QuickHealCleaner.exe - svchost.exe
IFEO-X64: rwg - svchost.exe
IFEO-X64: rwg.exe - svchost.exe
IFEO-X64: SafetyKeeper.exe - svchost.exe
IFEO-X64: Save.exe - svchost.exe
IFEO-X64: SaveArmor.exe - svchost.exe
IFEO-X64: SaveDefense.exe - svchost.exe
IFEO-X64: SaveKeep.exe - svchost.exe
IFEO-X64: Secure Veteran.exe - svchost.exe
IFEO-X64: secureveteran.exe - svchost.exe
IFEO-X64: Security Center.exe - svchost.exe
IFEO-X64: SecurityFighter.exe - svchost.exe
IFEO-X64: securitysoldier.exe - svchost.exe
IFEO-X64: smart.exe - svchost.exe
IFEO-X64: smartprotector.exe - svchost.exe
IFEO-X64: smrtdefp.exe - svchost.exe
IFEO-X64: SoftSafeness.exe - svchost.exe
IFEO-X64: spywarexpguard.exe - svchost.exe
IFEO-X64: tapinstall.exe - svchost.exe
IFEO-X64: TrustWarrior.exe - svchost.exe
IFEO-X64: tsc.exe - svchost.exe
IFEO-X64: W3asbas.exe - svchost.exe
IFEO-X64: winav.exe - svchost.exe
IFEO-X64: windll32.exe - svchost.exe
IFEO-X64: windows Police Pro.exe - svchost.exe
IFEO-X64: xpdeluxe.exe - svchost.exe
IFEO-X64: xp_antispyware.exe - svchost.exe
IFEO-X64: ~1.exe - svchost.exe
IFEO-X64: ~2.exe - svchost.exe

==== Hosts File Hijack ======================

Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com

==== Installed Programs ======================

µTorrent
7-Zip 4.65
7LogonChanger
AC2 server emulator 0.41 by Dormine
AC3Filter 1.62b
Acrobat.com
Active@ Hard Disk Monitor
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Reader 9.4.0
AfterBurn 4.0b R2010 32-bit
Age Of Empires 2 & The Conquerors Expansion - Full Game
Apache HTTP Server 2.2.15
Apple Application Support
Apple Software Update
Assassin's Creed II
Atheros Driver Installation Program
Autodesk 3ds Max 2010 Tutorials Files
Autodesk Backburner 2008.1
Autodesk FBX Plugin 2009.4 - 3ds Max 2010
Avira AntiVir Personal - Free Antivirus
Battlefield 2(TM)
Battlefield: Bad Company™ 2
Battlestations: Pacific
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCleaner
Civilization III
Civilization III: Conquests
Clan 'Mech Pak
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.0.3.313
Creative Audio Control Panel
Creative Console Launcher
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creeper World DEMO
Crossfire 1.82
Crossfire1.82 (remove only)
Crysis(R)
Dawn of War - Soulstorm
DeskPins (remove only)
Digimation Suite for 3ds Max 2008 FREE
DivX Setup
EA Download Manager
EA Download Manager UI
Earth 2150 - Lost Souls
EASEUS Data Recovery Wizard Professional 4.3.6
erLT
EVEREST Ultimate Edition v5.50
FEAR
Fences
foobar2000 v1.0.3
FOX LiveUpdate
Fraps
FumeFX 1.2 R2010 64-bit
gBurner
Google Chrome
Heroes of Might and Magic V - Collectors Edition
HijackThis 2.0.2
HP USB Disk Storage Format Tool
Impulse
Inner Sphere 'Mech Pak
Java(TM) 6 Update 17
League of Legends
Left 4 Dead 2
Legend of Zelda, The Ocarina of Time 1.11
Livebrush Lite
Logitech SetPoint
LogMeIn
LPL Software 2.7
Machines at War Mobile
MechWarrior Black Knight
MechWarrior Vengeance
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Express Edition (ONDSQL)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft XML Parser
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox (3.6.11)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mumble and Murmur
Mumble(PR edition) and Murmur(PR edition)
MWLL Actionmapper v0.2
Net Meter v3.6 build 437
NetBeans IDE 6.7.1
Neverwinter Nights 2
Notepad++
NVIDIA nTune
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ObjectDock Plus
OpenAL
Oxelon Media Converter 1.1
Pcsx2 0.9.6
PHP 5.2.13
Picasa 3
Portal
PowerISO
Project Reality
PunkBuster Services
QuickTime
Ralink Wireless LAN Card
Razer Lycosa
RealFlow
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006]
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Sid Meier's Civilization 4
Sins of a Solar Empire
Sins of a Solar Empire - Entrenchment
SoundFont Bank Manager
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Stalker Complete 2009 v1.4.1
Starcraft
StarCraft II
Steam
Team Fortress 2
TweakNow RegCleaner
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Vista Start Menu
Vista Start Menu 3.67
VisualRoute
VLC media player 1.0.1
VMware Workstation
Volume Panel
Vue 8 xStream 64bit
VueToolsManager
Wacom Tablet
Warcraft III
Warcraft III: All Products
Weather Clock 4.2
WebTablet IE Plugin
WebTablet Netscape Plugin
WinDirStat 1.1.2
Windows 7 Manager
WinRAR
World in Conflict
Worms for Pocket PC
ZBrush3

==== Event Viewer Messages From Past Week ========

22/10/2010 02:21:12, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
22/10/2010 01:58:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
22/10/2010 01:58:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/10/2010 01:58:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
22/10/2010 01:57:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
22/10/2010 01:57:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache SCDEmu spldr sptd Wanarpv6
22/10/2010 01:57:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
22/10/2010 01:57:38, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
22/10/2010 01:57:05, Error: sptd [4] - Driver detected an internal error in its data structures for .
22/10/2010 01:36:56, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1057] - The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Key not valid for use in specified state. .
22/10/2010 01:35:10, Error: Service Control Manager [7000] - The Sentinel64 service failed to start due to the following error: The system cannot find the device specified.
21/10/2010 21:01:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff880082bd928, 0x0000000000000000, 0xfffffa8006687012, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102110-34959-01.
20/10/2010 22:23:24, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
20/10/2010 20:47:58, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000096 (0xfffff880069d18d0, 0xfffff8000325f5f8, 0xfffff8000325f5a0, 0xfffffa8000020001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102010-38813-01.
20/10/2010 20:38:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
20/10/2010 20:37:37, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800030b000a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102010-39156-01.
20/10/2010 20:35:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
20/10/2010 20:35:02, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/10/2010 20:33:37, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000096 (0xfffff880093fa8d0, 0xfffff8000325f5f8, 0xfffff8000325f5a0, 0x0000000000001000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102010-26364-01.
20/10/2010 20:17:07, Error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
20/10/2010 20:17:05, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Active@ Disk Monitor service.
20/10/2010 20:16:40, Error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
20/10/2010 20:16:40, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira AntiVir Guard service to connect.
20/10/2010 20:16:40, Error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/10/2010 20:16:39, Error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
20/10/2010 20:16:39, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
20/10/2010 16:57:14, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
18/10/2010 21:03:30, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.

==== End Of File ===========================


I deleted the hosts file to try to fix this problem but apparently the file still exists though i cannot see it in explorer.



PS. is there a way to get the old, annoying tea timer back? i prefered to have total control about what is affecting my system. I never tea timer do anything anymore, even when i install things, which is not reassuring.

nothing guys? I tried to do everything i can think of down to deleting the whole folder. I cannot delete the folder, but i deleted the contents. even though i have show hiden folders enabled, there are no files in the folder. but virus scans pick up something there and svchost still functions.
Blade81
2010-10-29, 20:33
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).


After that:


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Blade81
2010-11-04, 06:32
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.