Solved Alureon infection, BSODs on scans, AVG cannot detect

Status
Not open for further replies.
S

sweeneytodd94

Posts: 20   +0
Hi,

Windows Action Center has reported that I have the Alureon virus, and since it did, I've been getting BSODs left right and centre! I have run AVG 2011 scans, which don't pick up much, and a load of other anti-malware software, all with no success in detecting or removing Alureon. Attempting to run AVG Rootkit Scan causes immediate BSOD.

Please find my logs below, I've also attached the AVG normal scan log and the HijackThis log.

Many thanks in advance for you help.
 

Attachments

  • avgrep.txt
    34.7 KB · Views: 1
  • hijackthis.log
    13.1 KB · Views: 1
Logs

MBAM found nothing.

DDS:


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Mark at 13:15:26.09 on 12/02/2011
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6135.4356 [GMT 0:00]

AV: Emsisoft Anti-Malware *Disabled/Updated* {607A6E45-BE50-AFD5-4F70-7EAAEC5B715D}
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Emsisoft Anti-Malware *Disabled/Updated* {DB1B8FA1-986A-A05B-75C0-45D897DC3BE0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\explorer.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG10\avgui.exe
C:\Program Files (x86)\AVG\AVG10\avgcfgex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mark\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = about:Tabs
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r
mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [InstantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Mark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15114/CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2009-10-27 22568]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-1-17 62448]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-2-10 48216]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2011-2-10 14720]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2010-9-7 24560]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-1-5 50672]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-1-5 58864]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/29 18:15:36];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-8-28 146928]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-2-10 2853904]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2010-9-7 371696]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2011-2-10 84752]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-2-9 155752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-9 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-9 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-7 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S4 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-1-5 821048]

=============== Created Last 30 ================

2011-02-10 23:37:36 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
2011-02-10 23:31:49 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B7D062D9-1C6A-4E38-AD69-5A49B387AA8C}\mpengine.dll
2011-02-10 18:14:53 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2011-02-09 21:30:57 -------- d-----w- C:\Users\Mark\.dia
2011-02-09 21:30:49 -------- d-----w- C:\Program Files (x86)\Dia
2011-02-09 13:11:31 -------- d-----w- C:\NVIDIA
2011-02-09 11:37:05 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-09 11:37:05 2381824 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-09 11:37:05 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-02-09 11:37:05 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-01-31 19:57:36 -------- d-----w- C:\Program Files\iTunes
2011-01-31 19:57:36 -------- d-----w- C:\Program Files\iPod
2011-01-31 19:57:36 -------- d-----w- C:\Program Files (x86)\iTunes
2011-01-30 18:45:42 -------- d-----w- C:\Users\Mark\AppData\Roaming\TS3Client
2011-01-30 18:44:26 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2011-01-30 14:57:00 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-26 18:27:43 -------- d-----w- C:\Program Files (x86)\Egosoft
2011-01-26 13:43:26 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2011-01-26 13:43:26 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2011-01-26 13:43:26 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-01-26 13:43:26 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-01-26 13:43:26 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2011-01-26 13:43:26 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-01-17 13:14:59 -------- d-----w- C:\Users\Mark\AppData\Roaming\HTC
2011-01-17 13:14:18 -------- d-----w- C:\Program Files (x86)\HTC
2011-01-17 13:14:13 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-01-17 11:23:32 62448 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2011-01-17 11:23:30 -------- d-----w- C:\Users\Mark\AppData\Roaming\Trusteer
2011-01-17 11:23:28 -------- d-----w- C:\Program Files (x86)\Trusteer
2011-01-17 11:22:42 -------- d-----w- C:\PROGRA~3\Trusteer

==================== Find3M ====================

2011-02-08 23:24:21 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-02-08 23:24:21 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-02-08 23:19:36 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-02-02 17:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 20:50:14 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-01-07 20:50:08 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
2011-01-07 20:49:50 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-01-07 20:49:28 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-01-07 20:49:26 2558568 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-01-07 20:49:26 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 11:31:30 709456 ----a-w- C:\Windows\is-7EQCH.exe
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-20 18:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-19 18:12:00 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-08 04:12:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-12-02 09:12:08 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
2010-11-29 17:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-23 16:06:19 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys

============= FINISH: 13:15:46.79 ===============
 
Logs

DDS Attach:

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/09/2010 17:14:40
System Uptime: 12/02/2011 13:01:36 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P6X58D-E
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | LGA1366 | 2667/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 119 GiB total, 22.643 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 932 GiB total, 214.665 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&18ABAD59&0&00E2
Manufacturer: Marvell
Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&18ABAD59&0&00E2
Service: yukonw7

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva

==== System Restore Points ===================

RP140: 26/01/2011 13:42:14 - Installed DirectX
RP141: 26/01/2011 13:43:10 - Installed DirectX
RP142: 07/02/2011 20:47:49 - Installed DirectX
RP143: 09/02/2011 11:36:59 - Windows Update
RP144: 10/02/2011 23:31:44 - Windows Update
RP145: 10/02/2011 23:48:50 - Removed Feedback Tool

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Anno 1404
Apple Application Support
Apple Software Update
Assassin's Creed
Assassin's Creed II
Audacity 1.3.12 (Unicode)
Audiosurf
AVG PC Tuneup 2011
Batman: Arkham Asylum Game of the Year Edition
Battlefield: Bad Company™ 2
Cisco AnyConnect VPN Client
Command & Conquer 3
Creative ALchemy
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Crysis(R)
Crystal Reports for Visual Studio
CyberLink Blu-ray Disc Suite
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDVD 8
CyberLink PowerProducer
D3DX10
DARK VOID
Definition update for Microsoft Office 2010 (KB982726)
Dia (remove only)
EA Download Manager
EA Download Manager UI
Emsisoft Anti-Malware 5.1
eReg
Feedback Tool
FW LiveUpdate
Google Update Helper
GPL Ghostscript Lite 8.70
Hearts of Iron III
HTC BMP USB Driver
Impulse
IronPython 2.7
Java Auto Updater
Java(TM) 6 Update 23
King Arthur - The Role-playing Wargame
LightScribe System Software
Malwarebytes' Anti-Malware
marvell 91xx driver
Marvell Miniport Driver
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Method Workshop
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio Macro Tools
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio Platform Tools
Mirror's Edge™
MSI Afterburner 2.0.0
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NEC Electronics USB 3.0 Host Controller Driver
NVIDIA PhysX
NVIDIA PhysX Unreal Tournament 3 Mods
NVIDIA Stereoscopic 3D Driver
OpenAL
PC Probe II
Portal
PunkBuster Services
QuickTime
R.U.S.E
Rapport
redist
Rhythm Zone - Demo
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Semper Fi 2.03
Sibelius 6.2.0.88
Sibelius Scorch (all browsers)
Sibelius Sounds Essentials for Sibelius 6
Sins of a Solar Empire - Trinity
Sophos Anti-Rootkit 1.5.0
SpeechRedist
Steam
System Requirements Lab
The Polynomial - Demo
The Witcher: Enhanced Edition
Third Age - Total War 2.0 (Part1of2)
Third Age - Total War 2.0 (Part2of2)
Ubisoft Game Launcher
Unigine Heaven Benchmark v2.1
Unreal Tournament 2004
Unreal Tournament 3
Unreal Tournament 3 - Community Bonus Pack 3 - Volume 2
Unreal Tournament 3 - Community Bonus Pack 3 - Volume 3
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (KB982305)
UT3 Domination (CBP Edition)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
X3 Bonus Package 3.1.04
X3 Reunion
X3: Terran Conflict

==== Event Viewer Messages From Past Week ========

12/02/2011 13:04:01, Error: Microsoft-Windows-WMPNSS-Service [14319] - Service 'WMPNetworkSvc' did not start because Group Policy is preventing Windows Media Player from sharing media with other devices.
12/02/2011 13:01:54, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRKBootTasks
12/02/2011 12:42:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/02/2011 12:31:45, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/02/2011 12:31:45, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/02/2011 12:31:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/02/2011 12:31:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/02/2011 12:31:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/02/2011 12:31:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/02/2011 12:31:34, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a2injectiondriver AsIO Avgldx64 Avgmfx64 discache SAVRKBootTasks spldr Wanarpv6
12/02/2011 12:31:34, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e82664, 0x0000000000000000, 0x0000000000000008). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021211-5054-01.
12/02/2011 12:31:33, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
12/02/2011 12:29:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e82664, 0x0000000000000000, 0x0000000000000008). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021211-9235-01.
12/02/2011 12:14:53, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/02/2011 12:14:53, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
12/02/2011 12:14:53, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
12/02/2011 12:14:53, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
12/02/2011 12:13:53, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
12/02/2011 12:12:53, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/02/2011 12:12:53, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/02/2011 12:09:37, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000020a000000, 0x0000000000000002, 0x0000000000000001, 0xfffff80002e16330). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021211-9204-01.
10/02/2011 23:36:58, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
10/02/2011 23:36:58, Error: Application Popup [1060] - \??\C:\Windows\system32\3B81.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/02/2011 23:34:10, Error: Application Popup [1060] - \??\C:\Windows\system32\8D85.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/02/2011 17:50:21, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ead7e7, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021011-9188-01.
10/02/2011 17:32:38, Error: nvlddmkm [14] -
09/02/2011 16:34:20, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Internal Timer Error Processor ID: 0 The details view of this entry contains further information.
09/02/2011 16:34:16, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8006f8d8f8, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\020911-9313-01.dmp. Report Id: 020911-9313-01.

==== End Of File ===========================
 
Logs

GMER:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-12 13:15:17
Windows 6.1.7600
Running: 48b1k0ec.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE2 0x31 0x28 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0x34 0x97 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0x92 0x6C 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE2 0x31 0x28 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0x34 0x97 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0x92 0x6C 0x4C ...

---- EOF - GMER 1.0.15 ----
 
Welcome_crash.gif

(Image courtesy animationplayhouse.com)

Welcome to TechSpot!
'Ill help with the problem- when I find it! Your scans will take a while as will my checking of your logs> it appears that you have everything on your system running in the background!!

An FYI for you: Some security program will report out malware that is no longer active in the system- such as if malware is in a System Restore point. Then is becomes difficult to find if any malware if currently active.

It appears that you may have some overlapping security programs, so please run this: Security Check

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
====================================
Then Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

I will determine he next step after I see those logs.
 
Logs

Hi Bobbye--thanks for your help!
I normally just have AVG and MBAM, but have been trying a few other things to try and sort this.

Security Check log:

Results of screen317's Security Check version 0.99.8
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG PC Tuneup 2011
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
AVG PC Tuneup 2011
Java(TM) 6 Update 23
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
Emsisoft Anti-Malware a2service.exe
``````````End of Log````````````



The Eset scanner reported no threats, and the log (in C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt) only had this:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 
Logs

Hi, I got impatient and successfully ran the AVG root-kit scan this morning. That's the first time it hasn't thrown a STOP error instantly. I decided not to remove any of the infections yet, and see if the log would help though (See below).

Also, the original Windows Action Center message about Alureon has gone completely, and there is nothing in archived messages. I did not do anything to 'okay it' or remove it. Not sure whether this is good or bad, clearly if there is something still there it is hiding fairly well!

Wondering whether to update Adobe Reader (noticed in previous thread) and disable&/remove the Emsisoft Anti-Malware/A2 Anti-virus program... but trying to resist the urge and hold off until I get futher instructions from you!


"Scan ""Anti-Rootkit scan"" completed."
"Rootkits";"28";"0";"28"
""
"Scan started:";"13 February 2011, 12:55:42"
"Scan finished:";"13 February 2011, 12:57:59 (2 minute(s) 16 second(s))"
"Total object scanned:";"419034"
"User who launched the scan:";"SYSTEM"

"Rootkits"
"";"File";"Infection";"Result"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_CREATE -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_CREATE_NAMED_PIPE -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_CLOSE -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_READ -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_WRITE -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_QUERY_INFORMATION -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_SET_INFORMATION -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_QUERY_EA -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_SET_EA -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_FLUSH_BUFFERS -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_QUERY_VOLUME_INFORMATION -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_SET_VOLUME_INFORMATION -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_DIRECTORY_CONTROL -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_FILE_SYSTEM_CONTROL -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_DEVICE_CONTROL -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_SHUTDOWN -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_LOCK_CONTROL -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_CLEANUP -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_CREATE_MAILSLOT -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_QUERY_SECURITY -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_SET_SECURITY -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_POWER -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_SYSTEM_CONTROL -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_DEVICE_CHANGE -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_QUERY_QUOTA -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_SET_QUOTA -> 0xFFFFFA8005DA18DD";"Object is hidden"
"";"<unknown>";"IRP hook, \Driver\mv91xx IRP_MJ_PNP -> 0xFFFFFA8005DA18DD";"Object is hidden"
 
Logs

The normal AVG scan picked up a few tracking cookies (nothing too unusual as far as I understand), I allowed it to heal/remove them. Log:


"Scan ""Scan specific files or folders"" completed."
"Warnings";"207";"207";"0"
"Information";"2"
"Folders selected for scanning:";"C:\;C:\Program Files;C:\Program Files (x86);C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files;C:\Users\Mark\AppData\Local\Temp;C:\Users\Mark\Documents;C:\Windows;C:\Windows\SysWOW64;C:\Windows\System32;"
"Scan started:";"13 February 2011, 13:02:47"
"Scan finished:";"13 February 2011, 13:09:40 (6 minute(s) 53 second(s))"
"Total object scanned:";"1839185"
"User who launched the scan:";"Mark"

"Warnings"
"";"File";"Infection";"Result"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@247realmedia[2].txt";"Found Tracking cookie.247realmedia";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@247realmedia[2].txt:\247realmedia.com.125a868c";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@247realmedia[2].txt:\247realmedia.com.6b039dbe";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@247realmedia[2].txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@247realmedia[2].txt:\247realmedia.com.e14be39e";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@247realmedia[2].txt:\247realmedia.com.fb81a031";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@2o7[2].txt";"Found Tracking cookie.2o7";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@2o7[2].txt:\2o7.net.c7b585e6";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@7search[2].txt";"Found Tracking cookie.7search";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@7search[2].txt:\7search.com.5bc4302d";"Found Tracking cookie.7search";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@7search[2].txt:\7search.com.f2cc2494";"Found Tracking cookie.7search";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adbrite[1].txt";"Found Tracking cookie.Adbrite";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adbrite[1].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adbrite[1].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adbrite[1].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adbrite[1].txt:\adbrite.com.f796fd05";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt";"Found Tracking cookie.Adtech";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.2a854701";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.4cb5048b";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.5180539e";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.53b93bb1";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.91568bb6";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.9cbd4eca";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.9d5db0f5";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.a5279f16";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.afa56ad1";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.ce2ad846";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.d32f3c9e";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.dd5bb7e";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.e2531618";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.ef259a5e";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adtech[2].txt:\adtech.de.fa8d0d40";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@advertising[1].txt";"Found Tracking cookie.Advertising";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@advertising[1].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@advertising[1].txt:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@advertising[1].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@advertising[1].txt:\advertising.com.893d35c2";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@advertising[1].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adviva[1].txt";"Found Tracking cookie.Adviva";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adviva[1].txt:\adviva.net.39ec90c";"Found Tracking cookie.Adviva";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@adviva[1].txt:\adviva.net.85256b16";"Found Tracking cookie.Adviva";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@atdmt[1].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@atdmt[1].txt:\atdmt.com.74c5668";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@atdmt[1].txt:\atdmt.com.9e6d7fd3";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@bs.serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@casalemedia[2].txt";"Found Tracking cookie.Casalemedia";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@casalemedia[2].txt:\casalemedia.com.156cbc67";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@casalemedia[2].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@casalemedia[2].txt:\casalemedia.com.2d37ad26";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@casalemedia[2].txt:\casalemedia.com.350339d4";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@casalemedia[2].txt:\casalemedia.com.3a28db8d";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@casalemedia[2].txt:\casalemedia.com.650648e8";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@casalemedia[2].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@casalemedia[2].txt:\casalemedia.com.8c65eddd";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@casalemedia[2].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@casalemedia[2].txt:\casalemedia.com.e1f88397";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@fastclick[1].txt";"Found Tracking cookie.Fastclick";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@fastclick[1].txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@fastclick[1].txt:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@fastclick[1].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@fastclick[1].txt:\fastclick.net.8dd1284a";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@fastclick[1].txt:\fastclick.net.94ca190b";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@fastclick[1].txt:\fastclick.net.9b41aa53";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@gamershell[1].txt";"Found Tracking cookie.Gamershell";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@gamershell[1].txt:\gamershell.com.13a6979d";"Found Tracking cookie.Gamershell";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@gamershell[1].txt:\gamershell.com.8aafc627";"Found Tracking cookie.Gamershell";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@gamershell[1].txt:\gamershell.com.99c35e71";"Found Tracking cookie.Gamershell";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@gamershell[1].txt:\gamershell.com.ce59db3e";"Found Tracking cookie.Gamershell";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@liveperson[1].txt";"Found Tracking cookie.Liveperson";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@liveperson[1].txt:\liveperson.net.8db0737c";"Found Tracking cookie.Liveperson";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@m.webtrends[1].txt";"Found Tracking cookie.Webtrends";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@m.webtrends[1].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@mediaplex[1].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@pro-market[2].txt";"Found Tracking cookie.Pro-market";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@pro-market[2].txt:\pro-market.net.bbf67f2d";"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@questionmarket[2].txt";"Found Tracking cookie.Questionmarket";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@questionmarket[2].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@questionmarket[2].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@questionmarket[2].txt:\questionmarket.com.767e4302";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt";"Found Tracking cookie.Revsci";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.18a1d1b2";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.265d6617";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.26b016c3";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.4260287e";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.4fdfee8f";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.50e13b1b";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.5d94181c";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.6ac59ebd";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.8d22fa22";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.8edf9499";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.b9b08de6";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.e936b9b1";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.f0067737";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.f3475212";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.f7ac007f";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@revsci[1].txt:\revsci.net.fb487293";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@ru4[1].txt";"Found Tracking cookie.Ru4";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@ru4[1].txt:\ru4.com.5a5e0633";"Found Tracking cookie.Ru4";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@ru4[1].txt:\ru4.com.82a499d7";"Found Tracking cookie.Ru4";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@ru4[1].txt:\ru4.com.83b89ffa";"Found Tracking cookie.Ru4";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@serving-sys[1].txt:\serving-sys.com.176b0dad";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@serving-sys[1].txt:\serving-sys.com.3c465e6e";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@serving-sys[1].txt:\serving-sys.com.bb39fa8c";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@serving-sys[1].txt:\serving-sys.com.db46cecc";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@smartadserver[2].txt";"Found Tracking cookie.Smartadserver";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@smartadserver[2].txt:\smartadserver.com.321a5cf8";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@smartadserver[2].txt:\smartadserver.com.5550c4ed";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@smartadserver[2].txt:\smartadserver.com.bf8b766";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@smartadserver[2].txt:\smartadserver.com.c5827141";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@stat.dealtime[2].txt";"Found Tracking cookie.Dealtime";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@stat.dealtime[2].txt:\stat.dealtime.com.f58c396a";"Found Tracking cookie.Dealtime";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@statse.webtrendslive[2].txt";"Found Tracking cookie.Webtrendslive";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@statse.webtrendslive[2].txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@tradedoubler[1].txt";"Found Tracking cookie.Tradedoubler";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@tradedoubler[1].txt:\tradedoubler.com.a0d950bb";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@tradedoubler[1].txt:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@tradedoubler[1].txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@tradedoubler[1].txt:\tradedoubler.com.ef90aa95";"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@trafficmp[1].txt";"Found Tracking cookie.Trafficmp";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@trafficmp[1].txt:\trafficmp.com.4a13119";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@trafficmp[1].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@trafficmp[1].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@tribalfusion[1].txt";"Found Tracking cookie.Tribalfusion";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@tribalfusion[1].txt:\tribalfusion.com.5eef93d0";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@tribalfusion[1].txt:\tribalfusion.com.7610f0e0";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@tribalfusion[1].txt:\tribalfusion.com.8b22ad8c";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@tribalfusion[1].txt:\tribalfusion.com.9bc3e98f";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@tribalfusion[1].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@tribalfusion[1].txt:\tribalfusion.com.ff8546b9";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@yadro[2].txt";"Found Tracking cookie.Yadro";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@yadro[2].txt:\yadro.ru.c77afad5";"Found Tracking cookie.Yadro";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@zedo[1].txt";"Found Tracking cookie.Zedo";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@zedo[1].txt:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@zedo[1].txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@zedo[1].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@zedo[1].txt:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@zedo[1].txt:\zedo.com.dab23eee";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\Low\mark@zedo[1].txt:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@2o7[2].txt";"Found Tracking cookie.2o7";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@2o7[2].txt:\2o7.net.87f47d84";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@ad.yieldmanager[2].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@ad.yieldmanager[2].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@ad.yieldmanager[2].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@adbrite[1].txt";"Found Tracking cookie.Adbrite";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@adbrite[1].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@adbrite[1].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@adbrite[1].txt:\adbrite.com.f796fd05";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@advertising[2].txt";"Found Tracking cookie.Advertising";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@advertising[2].txt:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@atdmt[1].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@atdmt[2].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@atdmt[2].txt:\atdmt.com.74c5668";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@atdmt[2].txt:\atdmt.com.9e6d7fd3";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@bs.serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@m.webtrends[2].txt";"Found Tracking cookie.Webtrends";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@mediaplex[1].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@revsci[2].txt";"Found Tracking cookie.Revsci";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@revsci[2].txt:\revsci.net.18a1d1b2";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@revsci[2].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@revsci[2].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@revsci[2].txt:\revsci.net.50e13b1b";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@revsci[2].txt:\revsci.net.5d94181c";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@revsci[2].txt:\revsci.net.730f4d3f";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@revsci[2].txt:\revsci.net.f0067737";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@revsci[2].txt:\revsci.net.f7ac007f";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@ru4[1].txt";"Found Tracking cookie.Ru4";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@ru4[1].txt:\ru4.com.5a5e0633";"Found Tracking cookie.Ru4";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@serving-sys[1].txt:\serving-sys.com.176b0dad";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@serving-sys[1].txt:\serving-sys.com.3c465e6e";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@serving-sys[1].txt:\serving-sys.com.db46cecc";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@smartadserver[2].txt";"Found Tracking cookie.Smartadserver";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@smartadserver[2].txt:\smartadserver.com.321a5cf8";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@smartadserver[2].txt:\smartadserver.com.3632541c";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@smartadserver[2].txt:\smartadserver.com.5550c4ed";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@smartadserver[2].txt:\smartadserver.com.bf8b766";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@smartadserver[2].txt:\smartadserver.com.c5827141";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@tribalfusion[2].txt";"Found Tracking cookie.Tribalfusion";"Healed"
"";"C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies\mark@tribalfusion[2].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"

"Information"
"";"File";"Information";"Result"
"";"C:\Users\Mark\Downloads\Game Files\x3\X3Update1.4_to_2.5.exe";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""
"";"C:\Users\Mark\Downloads\Game Files\x3\X3Update1.4_to_2.5.exe:\{tmp}\wmfdist_xp32.exe";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""
 
Logs

I've also run Microsoft's Malicious Software Removal Tool (Feb 2011) which says it checks for DOS and Win32 variants of Alureon. Seeing as these were the only guys who identified it in the first place (assuming it was correct)...

Results were clean, but I'm still a bit nervous, as I haven't done anything to remove it yet!
 
Normally I would take you to task for running another scan, but I see I didn't include this:
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

The reason for this is because programs are going to change the log entries I have to work with so please stop running scans and removing entries unless I instruct you to. AVG scans are useless. Usually most of what they show is tracking Cookies. You can prevent the be resetting Cookies in the browser not to accept 3rd party Cookies.
==========================================
And your files are all locked and cannot be accessed. I'm going to have you run Combofix and to do it, you will need to uninstall AVG:
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
================================================
You have several programs that are not compatible with the Win 7 OS> one may be this:
Product name: Sophos Anti-Rootkit
Description: Sophos boot tasks for Windows 2000
You need to look into these errors from the Event Viewer:
10/02/2011 23:36:58, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
10/02/2011 23:36:58, Error: Application Popup [1060] - \??\C:\Windows\system32\3B81.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/02/2011 23:34:10, Error: Application Popup [1060] - \??\C:\Windows\system32\8D85.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

I see a lot of bug checks and mini dumps. I don't handle those here- there is a forum especially for the BSODs
 
ComboFix

Hi,
I attempted to run Combo Fix, exactly as you said, after removing AVG. The AVG uninstall process asked to restart, which gave a BSOD, but after that it appears to be removed properly (I used their removal tool to be certain.)

Ran Combo Fix, and saw it take a couple of actions but before the log came up it asked to restart, and as it did so, I had yet another BSOD.

I ran it a second time, and although it didn't seem to disconnect me from the internet (there was no notification and my sidebar gadget seemed to be normal) it worked, with another restart. Here is the log:




ComboFix 11-02-13.04 - Mark 14/02/2011 15:56:03.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6135.4945 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
.

2011-02-13 13:19 . 2011-02-13 13:19 388096 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-12 16:22 . 2011-02-12 16:22 -------- d-----w- c:\program files (x86)\ESET
2011-02-12 13:26 . 2011-02-12 13:26 -------- d-----w- c:\program files (x86)\Trend Micro
2011-02-10 23:37 . 2009-06-18 12:55 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2011-02-10 23:31 . 2011-02-02 17:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7D062D9-1C6A-4E38-AD69-5A49B387AA8C}\mpengine.dll
2011-02-10 18:14 . 2011-02-14 15:48 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2011-02-09 21:59 . 2011-02-09 22:00 -------- d-----w- c:\users\Mark\AppData\Roaming\gtk-2.0
2011-02-09 21:30 . 2011-02-09 22:02 -------- d-----w- c:\users\Mark\.dia
2011-02-09 21:30 . 2011-02-09 21:30 -------- d-----w- c:\program files (x86)\Dia
2011-02-09 13:11 . 2011-02-09 13:11 -------- d-----w- C:\NVIDIA
2011-02-09 11:37 . 2010-12-18 03:39 1502208 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-09 11:37 . 2010-12-18 03:35 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-09 11:37 . 2010-12-18 03:19 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-02-09 11:37 . 2010-12-18 03:15 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-01-31 19:57 . 2011-01-31 19:57 -------- d-----w- c:\program files\iTunes
2011-01-31 19:57 . 2011-01-31 19:57 -------- d-----w- c:\program files (x86)\iTunes
2011-01-31 19:57 . 2011-01-31 19:57 -------- d-----w- c:\program files\iPod
2011-01-30 18:45 . 2011-02-01 20:57 -------- d-----w- c:\users\Mark\AppData\Roaming\TS3Client
2011-01-30 18:44 . 2011-01-30 18:44 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-01-30 14:57 . 2011-01-30 14:57 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-26 18:27 . 2011-01-26 18:27 -------- d-----w- c:\program files (x86)\Egosoft
2011-01-26 13:43 . 2008-07-12 08:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-01-26 13:43 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-01-26 13:43 . 2008-07-12 08:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-01-26 13:43 . 2008-07-12 08:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-01-26 13:43 . 2008-07-12 08:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-01-26 13:43 . 2008-07-12 08:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-01-17 13:14 . 2011-01-17 13:15 -------- d-----w- c:\users\Mark\AppData\Roaming\HTC
2011-01-17 13:14 . 2011-01-25 10:42 -------- d-----w- c:\program files (x86)\HTC
2011-01-17 13:14 . 2011-01-17 13:14 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-01-17 11:23 . 2011-01-05 19:03 62448 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2011-01-17 11:23 . 2011-01-17 11:23 -------- d-----w- c:\users\Mark\AppData\Roaming\Trusteer
2011-01-17 11:23 . 2011-01-17 11:23 -------- d-----w- c:\program files (x86)\Trusteer
2011-01-17 11:22 . 2011-01-17 11:22 -------- d-----w- c:\programdata\Trusteer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-08 23:24 . 2010-09-27 18:15 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-02-08 23:24 . 2010-09-08 21:27 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-02-08 23:19 . 2010-09-08 21:27 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-02-02 17:11 . 2010-09-07 16:24 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 03:27 . 2010-10-29 18:20 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-01-08 03:27 . 2010-10-29 18:20 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-01-08 03:27 . 2010-10-29 18:20 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-01-08 03:27 . 2010-10-29 18:20 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-01-07 20:50 . 2011-01-07 20:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-07 20:50 . 2011-01-07 20:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:49 . 2011-01-07 20:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-07 20:49 . 2011-01-07 20:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 20:49 . 2011-01-07 20:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:49 . 2011-01-07 20:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
2010-12-20 18:09 . 2010-11-15 18:43 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-11-15 18:43 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 18:12 . 2010-09-08 21:27 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-12-06 13:46 . 2010-12-06 13:43 2142976 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-23 16:06 . 2010-11-23 16:06 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-05-25 210216]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"InstantBurn"="c:\progra~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2008-10-17 681256]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-04-30 103720]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-09 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\3B81.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-07 1255736]
R4 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-01-05 821048]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-11-23 834544]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-27 22568]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-01-05 62448]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2008-10-14 24560]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-01-05 50672]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-01-05 58864]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/10/29 18:15];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-28 17:36 146928]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-11 155752]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 21:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-Google Update - c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe
Wow6432Node-HKLM-Run-Name of App - c:\program files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe
Wow6432Node-HKLM-Run-CTxfiHlp - CTXFIHLP.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3B81.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3968718095-3507211263-3057274292-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:6e,3b,93,1a,ee,70,98,b3,a5,8d,4c,e9,8d,e4,fa,b9,f9,8f,ee,f0,48,57,af,
a8,5c,89,35,a7,62,df,dd,f3,05,d3,60,d4,94,3a,ef,58,01,1d,de,75,03,ca,ab,b1,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

[HKEY_USERS\S-1-5-21-3968718095-3507211263-3057274292-1001\Software\SecuROM\License information*]
"datasecu"=hex:3d,80,b5,5f,55,34,3d,3c,ea,05,33,8f,a3,b9,a9,54,00,b5,be,a4,b5,
e4,df,c7,65,c5,a0,ee,d7,2d,95,10,7b,6c,1e,64,ca,ec,a9,10,e3,37,88,02,25,d1,\
"rkeysecu"=hex:da,69,69,92,06,8f,39,9e,b4,53,bf,d3,ff,f8,83,ad

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
.
**************************************************************************
.
Completion time: 2011-02-14 15:59:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-14 15:59

Pre-Run: 26,261,516,288 bytes free
Post-Run: 25,471,942,656 bytes free

- - End Of File - - FB6E75E3E450D27377A481F60A81A9C5
 
...

I will remove the Sophos software, and look into the BSODs on the other forum once this is sorted, although I assumed they were related, as I only had them very rarely before.

The MEMSWEEP event details are as follows:

- System

- Provider

[ Name] Service Control Manager
[ Guid] {555908d1-a6d7-4695-8e1e-26931d2012f4}
[ EventSourceName] Service Control Manager

- EventID 7000

[ Qualifiers] 49152

Version 0

Level 2

Task 0

Opcode 0

Keywords 0x8080000000000000

- TimeCreated

[ SystemTime] 2011-02-10T23:36:58.825107400Z

EventRecordID 62419

Correlation

- Execution

[ ProcessID] 864
[ ThreadID] 1816

Channel System

Computer Mark-PC

Security


- EventData

param1 MEMSWEEP2
param2 %%1275



I could not glean anything else from event viewer.

The details for the next one you mentioned are:

- System

- Provider

[ Name] Application Popup

- EventID 26

[ Qualifiers] 16384

Level 4

Task 0

Keywords 0x80000000000000

- TimeCreated

[ SystemTime] 2011-02-10T23:36:56.859503900Z

EventRecordID 62414

Channel System

Computer Mark-PC

Security


- EventData


\??\C:\Windows\system32\3B81.tmp failed to load
0000000002003000000000001A000040280400C06C0200C000000000000000000000000000000000


--------------------------------------------------------------------------------

Binary data:


In Words

0000: 00000000 00300002 00000000 4000001A
0008: C0000428 C000026C 00000000 00000000
0010: 00000000 00000000


In Bytes

0000: 00 00 00 00 02 00 30 00 ......0.
0008: 00 00 00 00 1A 00 00 40 .......@
0010: 28 04 00 C0 6C 02 00 C0 (..Àl..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........


and the third one is pretty similar:

- System

- Provider

[ Name] Application Popup

- EventID 26

[ Qualifiers] 16384

Level 4

Task 0

Keywords 0x80000000000000

- TimeCreated

[ SystemTime] 2011-02-10T23:34:10.025213800Z

EventRecordID 62406

Channel System

Computer Mark-PC

Security


- EventData


\??\C:\Windows\system32\8D85.tmp failed to load
0000000002003000000000001A000040280400C06C0200C000000000000000000000000000000000


--------------------------------------------------------------------------------

Binary data:


In Words

0000: 00000000 00300002 00000000 4000001A
0008: C0000428 C000026C 00000000 00000000
0010: 00000000 00000000


In Bytes

0000: 00 00 00 00 02 00 30 00 ......0.
0008: 00 00 00 00 1A 00 00 40 .......@
0010: 28 04 00 C0 6C 02 00 C0 (..Àl..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........




I have no idea what they are, except that MEMSWEEP may be part of the Sophos anti-rootkit software. Shall I uninstall it now?
 
Combo Fix

Just noticed that in C:\Qoobox\ComboFix-quarantined-files.txt the log is slightly different to what I posted before (see below). The file 6363.tmp.vir could have been what it dealt with the first time I ran it but lost the log due to the crash... Hope its useful.

2011-02-14 15:59:24 . 2011-02-14 15:59:24 2,966 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-PunkBusterSvc.reg.dat
2011-02-14 15:59:09 . 2011-02-14 15:59:09 119 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-CTxfiHlp.reg.dat
2011-02-14 15:59:09 . 2011-02-14 15:59:09 174 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-Name of App.reg.dat
2011-02-14 15:59:08 . 2011-02-14 15:59:08 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Google Update.reg.dat
2011-02-14 15:52:19 . 2011-02-14 15:57:19 5,249 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-02-14 15:50:37 . 2011-02-14 15:55:40 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-02-14 15:50:06 . 2011-02-14 15:50:06 349,648 ----a-w- C:\Qoobox\Quarantine\C\Users\Mark\AppData\Local\Temp\6363.tmp.vir
 
Ok having major issues now! Had BSOD related to rapport driver, restarted, but couldn't boot Windows. Eventually booted recovery console from windows disc and let it auto repair. It found the master boot record was corrupt and did disk metadata repairs.

Restart failed with new Bsod just as Windows starts to boot. Stop error is 0X0000007B, which according to Microsoft article is either due to new hardware issue, or is due to a boot sector virus. This is why I'm still posting here, and desperately need help! The MS article is http://support.microsoft.com/kb/324103.

I tried a system file integrity check but repair failed.

I have files on the system I really need to keep, so if there is any way...
 
Somehow, I've managed to repair the MBR, (exported it to delete it and create a new one), then couldn't boot due to BSOD on RapportPG64.sys.

Got into Safe Mode, and manually uninstalled Rapport (following instructions from Trusteer's website).

Now I can boot again! But system doesn't feel entirely stable, a few slow ups etc. I await further instructions/condemnation! Expect you'll have to start again with fresh scans after all that activity?!
 
Another detection

Sorry to post again before you've had a chance to take a look through, but figured I should keep the thread up-to-date!

Booted today to find Avira has detected the trojan TR/Mooplids.A.4 (mhkvqgwm.dll) and has automatically moved it into quarantine.

Haven't scanned or produced any more logs as of yet--learnt my lesson :p
 
I'm not sure what you are wanting to do. In this forum, we look for malware and hopefully remove it. You continue to give problems that are 'system' in nature, not 'malware'. If you have an antivirus program and it finds a bad entry and puts it in Quarantine, that's what you have it for and that's what it's suppose to do.

Once you did the repair, the previous logs were no longer applicable.

You're having Memory dumps, Bug Checks and creating mini-dump files. These are what are most likely the cause of the BSOD. But I don't handle this- there is a forum especially for this. You need to get the system stabilized so a scan can be run without producing a BSOD or making you do a repair.

I am going to close this thread. Please let the members in the BSOD forum help you find and resolve the drivers causing the errors. After that has been done, if you still think you have a malware issue, return here and start a new thread with references to the URL for this thread and also the thread in the BSOD forum. Run Mbam, GMER and DDS again and leave the new logs.

In the meantime, Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
(I m not having you remove the old restore points yet because I'm not sure if the system is clean yet.)
==============================================
When I left the following, I did not mean for you to give me the details from the Event Viewer- I meant for you to see what the incompatible programs were and either uninstall them or update them, whichever is the most appropriate:
You need to look into these errors from the Event Viewer:
10/02/2011 23:36:58, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
10/02/2011 23:36:58, Error: Application Popup [1060] - \??\C:\Windows\system32\3B81.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/02/2011 23:34:10, Error: Application Popup [1060] - \??\C:\Windows\system32\8D85.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Click to expand...
 
Status
Not open for further replies.

Similar threads

O
Inactive Unknown Rootkit infection Explorer modified
2
Replies
29
Views
8K
Broni
Broni
T
  • Locked
Inactive AVG popups at start and other issues, multiple computers meltdown.
Replies
1
Views
3K
Broni
Broni
A
Solved Infection reinfects after disinfection
Replies
21
Views
6K
Broni
Broni

Latest posts

Back