stammberger13
2012-11-11, 09:10
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by stammberger at 21:27:07 on 2012-11-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.942 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Spybot - Search and Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Windows\system32\crypserv.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Norton\NUA.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD.exe
C:\Users\stammberger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N06BSSX2\aswMBR.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uLocal Page = about:blank
uWindow Title = Microsoft Internet Explorer
uSearch Bar = Preserve
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = about:blank
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll
BHO: {7000b6ca-4388-4d95-893d-6659c2d4d1ce} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Updater For Xfinity.com Toolbar 3.1: {e6d0b79e-ecac-411b-8bf6-7a574981af30} -
BHO: AVG Rewards: {EE8BD456-055B-40ce-8A17-9B7D4600264D} - C:\Program Files (x86)\AVG Rewards\AVGRewards.dll
TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [AdobeBridge] <no file>
mRun: [eRecoveryService] <no file>
StartupFolder: C:\Users\STAMMB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\2YOURF~1.LNK - C:\Users\stammberger\AppData\Roaming\2YourFace\Updater.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORV~1.LNK - C:\Program Files (x86)\ColorVision\ColorVisionStartup\ColorVisionStartup.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - C:\Program Files (x86)\AVG Rewards\AVGRewards.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2B4B5822-864C-449B-8364-535D89ED51C4} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Notify: SDWinLogon - SDWinLogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0AtCyEyDyBtB0DyDtAtAtN0D0Tzu0CtAtDyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=114689588
x64-BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll
x64-TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - LocalServer32 - <no file>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-31 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-31 221304]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2012-11-9 18768]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-11-5 1385632]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-31 593544]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20121109.001\IDSviA64.sys [2012-11-9 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-31 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-31 451704]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2012-11-9 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-8-23 686896]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2012-11-9 17232]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-4-6 50424]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-10 838136]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-10 166528]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-8 138912]
S2 0290821352460105mcinstcleanup;McAfee Application Installer Cleanup (0290821352460105);C:\Windows\TEMP\029082~1.EXE -cleanup -nolog --> C:\Windows\TEMP\029082~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-10 1122296]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-15 1038088]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Spyder2;ColorVision Spyder2;C:\Windows\System32\drivers\Spyder2.sys [2009-3-11 15360]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\System32\drivers\gtkdrv.sys [2012-1-4 16640]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-1-3 89920]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .js: jsfile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-01 18:54:24 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-01 18:54:24 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-10 10:03:53 65309168 ----a-w- C:\Windows\System32\mrt.exe
2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-21 20:05:36 17080 ----a-w- C:\Windows\System32\roboot64.exe
2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-29 11:40:01 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-24 16:07:02 218624 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 15:53:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 11:15:45 17810944 ----a-w- C:\Windows\System32\mshtml.dll
2012-08-24 10:39:42 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:22:46 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:18:46 237056 ----a-w- C:\Windows\System32\url.dll
2012-08-24 10:17:03 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:14:34 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:12:04 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-08-24 10:11:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-08-24 10:10:14 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 10:04:06 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-08-24 07:27:00 12319744 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-08-24 07:03:49 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:50 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:49:57 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-08-24 06:48:38 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-08-24 06:47:36 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:45:46 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-08-24 06:44:35 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-08-24 06:44:10 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-24 06:40:11 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-08-20 09:23:36 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2012-08-20 09:23:36 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2012-08-20 09:23:36 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
.
============= FINISH: 21:27:43.20 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-10 20:00:02
-----------------------------
20:00:02.200 OS Version: Windows x64 6.0.6002 Service Pack 2
20:00:02.200 Number of processors: 2 586 0x6B02
20:00:02.200 ComputerName: STAMMBERGER-PC UserName: stammberger
20:00:07.856 Initialize success
20:01:30.332 AVAST engine defs: 12111002
20:01:57.148 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
20:01:57.148 Disk 0 Vendor: Size: 0MB BusType: 0
20:01:57.164 Disk 0 MBR read successfully
20:01:57.180 Disk 0 MBR scan
20:01:57.195 Disk 0 unknown MBR code
20:01:57.195 Disk 0 MBR hidden
20:01:57.211 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18944 MB offset 2048
20:01:57.242 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143143 MB offset 38799360
20:01:57.273 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143156 MB offset 331956224
20:01:57.320 Disk 0 scanning C:\Windows\system32\drivers
20:02:11.078 Service scanning
20:02:37.438 Modules scanning
20:02:37.438 Disk 0 trace - called modules:
20:02:37.454 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll nvstor64.sys
20:02:37.454 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f081f0]
20:02:37.454 3 CLASSPNP.SYS[fffffa6000edec33] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8004b67060]
20:02:38.109 AVAST engine scan C:\Windows
20:02:41.806 AVAST engine scan C:\Windows\system32
20:07:12.998 AVAST engine scan C:\Windows\system32\drivers
20:07:39.156 AVAST engine scan C:\Users\stammberger
20:17:41.171 AVAST engine scan C:\ProgramData
20:31:57.938 Scan finished successfully
21:32:06.751 Disk 0 MBR has been saved successfully to "C:\Users\stammberger\Desktop\MBR.dat"
21:32:06.767 The log file has been saved successfully to "C:\Users\stammberger\Desktop\aswMBR.txt"
after downloading several hard drive recovery programs I got a very annoying FBI Moneypak/Trojan virus which I removed with my norton antivirus program in combination with Malwarebytes BUT I still seem to have some roots infected my search tabs discolor depending of the page which I never experienced before I got this virus, I get sometimes connected to BING and other weird search engines (some I blogged and restricted but others still enter my system) I used many good programs over the past 48h in normal and in safe mode like norton, malwarebytes, trojan killer, Anvi Smart Defender and now Spybot they all seem to detect something (except malwarebytes and anvi they don't detect anything anymore at least in the last 24h the 3-4 scans I performed with them were unsuccessful) but the BING issue and the discolored search tabs issue remains...any ideas how to KILL this entirely? help would be APPRECIATED!!
I was not able to send the attach.txt file to a compressed folder (it works with other files just not with this one)
attach.txt
.
DDS (Ver_2012-11-07.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/29/2009 5:32:09 PM
System Uptime: 11/11/2012 4:12:13 PM (3 hours ago)
.
Motherboard: Acer | | WMCP78M
Processor: Athlon 64 Dual Core 5000+ | Socket AM2 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 44.509 GiB free.
D: is FIXED (NTFS) - 140 GiB total, 96.635 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1045: 11/9/2012 11:23:26 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP1047: 11/9/2012 3:31:16 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP1048: 11/10/2012 10:56:29 AM - Norton Security Suite Registry
RP1050: 11/11/2012 12:17:15 AM - Norton Security Suite Registry
RP1051: 11/11/2012 1:02:02 AM - ARO 2012 - Before Installation
RP1052: 11/11/2012 1:31:39 AM - ARO 2012 Sun, Nov 11, 12 01:31
.
==== Installed Programs ======================
.
Acer Arcade Live Main Page
Acer Assist
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer eRecovery Management
Acer GameZone Console DTV 2.0.1.1
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer Registration
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Connect Add-in
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Fonts All x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems PCI-SV92EX Soft Modem
Alice Greenfingers
Anvi Smart Defender 1.6
Apple Application Support
Apple Software Update
ARO 2012
Ask Toolbar
Ask Toolbar Updater
ATT-RC Self Support Tool
AVG Rewards
Canon MOV Decoder
Canon MOV Encoder
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Comcast High-Speed Internet Install Wizard
Connect
Desktop Doctor
Driver Performer
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 26
kuler
LightScribe 1.4.142.1
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86_x64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Suite
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Photoshop Camera Raw_x64
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
SDK
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Spybot - Search & Destroy
Spyder2express
Suite Shared Configuration CS4
System Requirements Lab
Trojan Killer
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
vShare Plugin
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/9/2012 7:11:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP cdrom eeCtrl IDSVia64 NetworkX spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6
11/9/2012 7:10:00 PM, Error: EventLog [6008] - The previous system shutdown at 7:08:40 PM on 11/9/2012 was unexpected.
11/9/2012 7:01:59 PM, Error: EventLog [6008] - The previous system shutdown at 6:59:28 PM on 11/9/2012 was unexpected.
11/9/2012 6:53:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/9/2012 6:40:18 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.
11/9/2012 6:19:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
11/9/2012 10:31:20 PM, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
11/8/2012 9:08:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/8/2012 9:00:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
11/8/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/8/2012 5:17:07 PM, Error: EventLog [6008] - The previous system shutdown at 5:12:11 PM on 11/8/2012 was unexpected.
11/8/2012 10:37:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/7/2012 12:39:32 AM, Error: Service Control Manager [7030] - The SProtection service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/6/2012 8:03:01 PM, Error: nvstor64 [5] - A parity error was detected on \Device\RaidPort0.
11/11/2012 12:18:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
11/11/2012 1:48:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
11/10/2012 9:53:33 AM, Error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
11/10/2012 6:29:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
11/10/2012 6:29:06 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/10/2012 4:32:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: asdrm BHDrvx64 ccHP cdrom eeCtrl IDSVia64 NetworkX spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6
11/10/2012 4:32:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2012 4:31:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/10/2012 4:31:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/10/2012 4:31:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/10/2012 4:31:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/10/2012 10:22:34 AM, Error: EventLog [6008] - The previous system shutdown at 10:19:49 AM on 11/10/2012 was unexpected.
.
==== End Of File ===========================
p.s. I cannot se my compressed folder anymore, sorry
Internet Explorer: 9.0.8112.16450
Run by stammberger at 21:27:07 on 2012-11-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.942 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Spybot - Search and Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Windows\system32\crypserv.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Norton\NUA.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD.exe
C:\Users\stammberger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N06BSSX2\aswMBR.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uLocal Page = about:blank
uWindow Title = Microsoft Internet Explorer
uSearch Bar = Preserve
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = about:blank
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll
BHO: {7000b6ca-4388-4d95-893d-6659c2d4d1ce} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Updater For Xfinity.com Toolbar 3.1: {e6d0b79e-ecac-411b-8bf6-7a574981af30} -
BHO: AVG Rewards: {EE8BD456-055B-40ce-8A17-9B7D4600264D} - C:\Program Files (x86)\AVG Rewards\AVGRewards.dll
TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [AdobeBridge] <no file>
mRun: [eRecoveryService] <no file>
StartupFolder: C:\Users\STAMMB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\2YOURF~1.LNK - C:\Users\stammberger\AppData\Roaming\2YourFace\Updater.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORV~1.LNK - C:\Program Files (x86)\ColorVision\ColorVisionStartup\ColorVisionStartup.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - C:\Program Files (x86)\AVG Rewards\AVGRewards.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2B4B5822-864C-449B-8364-535D89ED51C4} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Notify: SDWinLogon - SDWinLogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0AtCyEyDyBtB0DyDtAtAtN0D0Tzu0CtAtDyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=114689588
x64-BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll
x64-TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - LocalServer32 - <no file>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-31 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-31 221304]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2012-11-9 18768]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-11-5 1385632]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-31 593544]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20121109.001\IDSviA64.sys [2012-11-9 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-31 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-31 451704]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2012-11-9 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-8-23 686896]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2012-11-9 17232]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-4-6 50424]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-10 838136]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-10 166528]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-8 138912]
S2 0290821352460105mcinstcleanup;McAfee Application Installer Cleanup (0290821352460105);C:\Windows\TEMP\029082~1.EXE -cleanup -nolog --> C:\Windows\TEMP\029082~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-10 1122296]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-15 1038088]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Spyder2;ColorVision Spyder2;C:\Windows\System32\drivers\Spyder2.sys [2009-3-11 15360]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\System32\drivers\gtkdrv.sys [2012-1-4 16640]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-1-3 89920]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .js: jsfile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-01 18:54:24 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-01 18:54:24 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-10 10:03:53 65309168 ----a-w- C:\Windows\System32\mrt.exe
2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-21 20:05:36 17080 ----a-w- C:\Windows\System32\roboot64.exe
2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-29 11:40:01 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-24 16:07:02 218624 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 15:53:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 11:15:45 17810944 ----a-w- C:\Windows\System32\mshtml.dll
2012-08-24 10:39:42 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:22:46 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:18:46 237056 ----a-w- C:\Windows\System32\url.dll
2012-08-24 10:17:03 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:14:34 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:12:04 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-08-24 10:11:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-08-24 10:10:14 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 10:04:06 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-08-24 07:27:00 12319744 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-08-24 07:03:49 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:50 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:49:57 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-08-24 06:48:38 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-08-24 06:47:36 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:45:46 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-08-24 06:44:35 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-08-24 06:44:10 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-24 06:40:11 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-08-20 09:23:36 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2012-08-20 09:23:36 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2012-08-20 09:23:36 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
.
============= FINISH: 21:27:43.20 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-10 20:00:02
-----------------------------
20:00:02.200 OS Version: Windows x64 6.0.6002 Service Pack 2
20:00:02.200 Number of processors: 2 586 0x6B02
20:00:02.200 ComputerName: STAMMBERGER-PC UserName: stammberger
20:00:07.856 Initialize success
20:01:30.332 AVAST engine defs: 12111002
20:01:57.148 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
20:01:57.148 Disk 0 Vendor: Size: 0MB BusType: 0
20:01:57.164 Disk 0 MBR read successfully
20:01:57.180 Disk 0 MBR scan
20:01:57.195 Disk 0 unknown MBR code
20:01:57.195 Disk 0 MBR hidden
20:01:57.211 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18944 MB offset 2048
20:01:57.242 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143143 MB offset 38799360
20:01:57.273 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143156 MB offset 331956224
20:01:57.320 Disk 0 scanning C:\Windows\system32\drivers
20:02:11.078 Service scanning
20:02:37.438 Modules scanning
20:02:37.438 Disk 0 trace - called modules:
20:02:37.454 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll nvstor64.sys
20:02:37.454 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f081f0]
20:02:37.454 3 CLASSPNP.SYS[fffffa6000edec33] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8004b67060]
20:02:38.109 AVAST engine scan C:\Windows
20:02:41.806 AVAST engine scan C:\Windows\system32
20:07:12.998 AVAST engine scan C:\Windows\system32\drivers
20:07:39.156 AVAST engine scan C:\Users\stammberger
20:17:41.171 AVAST engine scan C:\ProgramData
20:31:57.938 Scan finished successfully
21:32:06.751 Disk 0 MBR has been saved successfully to "C:\Users\stammberger\Desktop\MBR.dat"
21:32:06.767 The log file has been saved successfully to "C:\Users\stammberger\Desktop\aswMBR.txt"
after downloading several hard drive recovery programs I got a very annoying FBI Moneypak/Trojan virus which I removed with my norton antivirus program in combination with Malwarebytes BUT I still seem to have some roots infected my search tabs discolor depending of the page which I never experienced before I got this virus, I get sometimes connected to BING and other weird search engines (some I blogged and restricted but others still enter my system) I used many good programs over the past 48h in normal and in safe mode like norton, malwarebytes, trojan killer, Anvi Smart Defender and now Spybot they all seem to detect something (except malwarebytes and anvi they don't detect anything anymore at least in the last 24h the 3-4 scans I performed with them were unsuccessful) but the BING issue and the discolored search tabs issue remains...any ideas how to KILL this entirely? help would be APPRECIATED!!
I was not able to send the attach.txt file to a compressed folder (it works with other files just not with this one)
attach.txt
.
DDS (Ver_2012-11-07.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/29/2009 5:32:09 PM
System Uptime: 11/11/2012 4:12:13 PM (3 hours ago)
.
Motherboard: Acer | | WMCP78M
Processor: Athlon 64 Dual Core 5000+ | Socket AM2 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 44.509 GiB free.
D: is FIXED (NTFS) - 140 GiB total, 96.635 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1045: 11/9/2012 11:23:26 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP1047: 11/9/2012 3:31:16 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP1048: 11/10/2012 10:56:29 AM - Norton Security Suite Registry
RP1050: 11/11/2012 12:17:15 AM - Norton Security Suite Registry
RP1051: 11/11/2012 1:02:02 AM - ARO 2012 - Before Installation
RP1052: 11/11/2012 1:31:39 AM - ARO 2012 Sun, Nov 11, 12 01:31
.
==== Installed Programs ======================
.
Acer Arcade Live Main Page
Acer Assist
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer eRecovery Management
Acer GameZone Console DTV 2.0.1.1
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer Registration
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Connect Add-in
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Fonts All x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems PCI-SV92EX Soft Modem
Alice Greenfingers
Anvi Smart Defender 1.6
Apple Application Support
Apple Software Update
ARO 2012
Ask Toolbar
Ask Toolbar Updater
ATT-RC Self Support Tool
AVG Rewards
Canon MOV Decoder
Canon MOV Encoder
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Comcast High-Speed Internet Install Wizard
Connect
Desktop Doctor
Driver Performer
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 26
kuler
LightScribe 1.4.142.1
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86_x64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Suite
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Photoshop Camera Raw_x64
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
SDK
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Spybot - Search & Destroy
Spyder2express
Suite Shared Configuration CS4
System Requirements Lab
Trojan Killer
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
vShare Plugin
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/9/2012 7:11:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP cdrom eeCtrl IDSVia64 NetworkX spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6
11/9/2012 7:10:00 PM, Error: EventLog [6008] - The previous system shutdown at 7:08:40 PM on 11/9/2012 was unexpected.
11/9/2012 7:01:59 PM, Error: EventLog [6008] - The previous system shutdown at 6:59:28 PM on 11/9/2012 was unexpected.
11/9/2012 6:53:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/9/2012 6:40:18 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.
11/9/2012 6:19:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
11/9/2012 10:31:20 PM, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
11/8/2012 9:08:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/8/2012 9:00:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
11/8/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/8/2012 5:17:07 PM, Error: EventLog [6008] - The previous system shutdown at 5:12:11 PM on 11/8/2012 was unexpected.
11/8/2012 10:37:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/7/2012 12:39:32 AM, Error: Service Control Manager [7030] - The SProtection service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/6/2012 8:03:01 PM, Error: nvstor64 [5] - A parity error was detected on \Device\RaidPort0.
11/11/2012 12:18:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
11/11/2012 1:48:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
11/10/2012 9:53:33 AM, Error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
11/10/2012 6:29:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
11/10/2012 6:29:06 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/10/2012 4:32:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: asdrm BHDrvx64 ccHP cdrom eeCtrl IDSVia64 NetworkX spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6
11/10/2012 4:32:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2012 4:31:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/10/2012 4:31:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/10/2012 4:31:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/10/2012 4:31:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/10/2012 10:22:34 AM, Error: EventLog [6008] - The previous system shutdown at 10:19:49 AM on 11/10/2012 was unexpected.
.
==== End Of File ===========================
p.s. I cannot se my compressed folder anymore, sorry