Any program or process that tries to run generates a "Bad Image" error with that process. I can click the x and it goes away. The error says "c:\windows\system32\ShellTrayDll.dllis either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."
Here is the MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5679
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
2/4/2011 3:14:18 PM
mbam-log-2011-02-04 (15-14-18).txt
Scan type: Quick scan
Objects scanned: 141904
Time elapsed: 5 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here is the GMER log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-04 12:57:09
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SanDisk_pSSD-P2_32GB rev.SSD_5.20
Running: gmer.exe; Driver: C:\Users\Randy\AppData\Local\Temp\fxrorpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8CDED780]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8CDED830]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8CDED8D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8CDED970]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81E54599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E78F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 81E809F8 4 Bytes [80, D7, DE, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 81E80CC8 8 Bytes [30, D8, DE, 8C, D0, D8, DE, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 81E80D3C 4 Bytes [70, D9, DE, 8C]
PAGE peauth.sys 9F422BEC 111 Bytes JMP 624C14F3
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[200] ntdll.dll!LdrLoadDll 77B8F625 5 Bytes JMP 00D913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{65FF9129-9BC4-445C-A076-840836221D97}\Connection@Name isatap.{669E80C3-10E2-457B-AA08-7E7AEDBDB400}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{A8864E56-C89E-454F-BE5A-6FD4CDEE9832}?\Device\{4D097F36-1049-4C10-B182-2771F8EF8C72}?\Device\{65FF9129-9BC4-445C-A076-840836221D97}?\Device\{0ED27B33-9407-441F-8A42-8FC6941D4F9E}?\Device\{0CEAC66A-DE66-41BC-B450-1E1FD42F31BC}?\Device\{BB6B9D04-A956-4DDD-A08B-A53F84B753A4}?\Device\{16FC2673-AD1E-4C6D-8F03-AB988E601766}?\Device\{88B92B34-014B-4907-9C10-7263C8DFF4BA}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{A8864E56-C89E-454F-BE5A-6FD4CDEE9832}"?"{4D097F36-1049-4C10-B182-2771F8EF8C72}"?"{65FF9129-9BC4-445C-A076-840836221D97}"?"{0ED27B33-9407-441F-8A42-8FC6941D4F9E}"?"{0CEAC66A-DE66-41BC-B450-1E1FD42F31BC}"?"{BB6B9D04-A956-4DDD-A08B-A53F84B753A4}"?"{16FC2673-AD1E-4C6D-8F03-AB988E601766}"?"{88B92B34-014B-4907-9C10-7263C8DFF4BA}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{A8864E56-C89E-454F-BE5A-6FD4CDEE9832}?\Device\TCPIP6TUNNEL_{4D097F36-1049-4C10-B182-2771F8EF8C72}?\Device\TCPIP6TUNNEL_{65FF9129-9BC4-445C-A076-840836221D97}?\Device\TCPIP6TUNNEL_{0ED27B33-9407-441F-8A42-8FC6941D4F9E}?\Device\TCPIP6TUNNEL_{0CEAC66A-DE66-41BC-B450-1E1FD42F31BC}?\Device\TCPIP6TUNNEL_{BB6B9D04-A956-4DDD-A08B-A53F84B753A4}?\Device\TCPIP6TUNNEL_{16FC2673-AD1E-4C6D-8F03-AB988E601766}?\Device\TCPIP6TUNNEL_{88B92B34-014B-4907-9C10-7263C8DFF4BA}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243f5293a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a4384d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a4384d@001f6b9b1fc9 0xD7 0x42 0x7D 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a4384d@0026e29ec75a 0x4A 0x6C 0xA1 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a4384d@444e1aa57ce1 0xE4 0xE3 0x44 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a4384d@6cd68ae18e81 0x26 0xB7 0xA9 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{65FF9129-9BC4-445C-A076-840836221D97}@InterfaceName isatap.{669E80C3-10E2-457B-AA08-7E7AEDBDB400}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{65FF9129-9BC4-445C-A076-840836221D97}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243f5293a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a4384d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a4384d@001f6b9b1fc9 0xD7 0x42 0x7D 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a4384d@0026e29ec75a 0x4A 0x6C 0xA1 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a4384d@444e1aa57ce1 0xE4 0xE3 0x44 0x79 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a4384d@6cd68ae18e81 0x26 0xB7 0xA9 0x3F ...
---- EOF - GMER 1.0.15 ----
Here is the DDS log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Randy at 23:56:32.56 on Thu 02/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.692 [GMT -5:00]
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\asus\2DoorWayTouchSuite\AsusUacSvc.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\ezSharedSvcHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\windows\Explorer.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\ASUS\TouchHomeKey\TouchHomeKey.exe
C:\Program Files\ASUS\Eee Docking Touch\Eee Docking Touch.exe
C:\Windows\AsScrPro.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Randy\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\iRotate\iRotate.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ASUS\PenWrite\PenWriteMain.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Randy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Randy\Downloads\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Randy\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [googletalk] c:\users\randy\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Google Update] "c:\users\randy\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [HotKeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [Eee Docking Control for Inspirus] c:\program files\easybits for kids\EEEDockCtl.exe
mRun: [TouchHomeKey] c:\program files\asus\touchhomekey\TouchHomeKey.exe
mRun: [Eee Docking Touch] c:\program files\asus\eee docking touch\Eee Docking Touch.exe autorun
mRun: [Start PenWrite] c:\program files\asus\penwrite\PenWrite.exe startup
mRun: [Tutorial] c:\program files\asus\t91mttutorial\T91MTTutorial.exe autorun
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxExt] c:\windows\system32\IgfxExt.exe /RegServer
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\users\randy\appdata\roaming\micros~1\windows\startm~1\programs\startup\irotate.lnk - c:\program files\irotate\iRotate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\radial~1.lnk - c:\users\randy\downloads\radial menu v3.18_touch_mod\radial menu v3.18\Radial menu v3.18.ahk
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: {B5123A63-DBDD-4C85-A009-7681167DB825} = 209.183.35.23 209.183.33.23
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\windows\system32\ShellTrayDll.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\randy\appdata\roaming\mozilla\firefox\profiles\k0rokc6q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|http://news.google.com/
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\randy\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\randy\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\randy\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-10-20 11448]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2009-10-20 219136]
R2 AsusUacSvc;Asus process privilege adjust service;c:\program files\asus\2doorwaytouchsuite\AsusUacSvc.exe [2009-10-20 28848]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-3 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2009-10-6 635168]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-6 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R4 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\ezSharedSvcHost.exe [2009-10-20 512112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-10 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-15 517448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-20 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 GTNDIS62;GT62 Zero Config Driver;c:\windows\system32\drivers\gtuhs62.sys [2009-8-28 157696]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-8-12 67840]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-8-12 8064]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [2009-10-6 32800]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
=============== Created Last 30 ================
2011-02-04 02:56:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-04 02:56:12 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-04 02:43:29 -------- d-----w- c:\users\randy\appdata\local\Evernote
2011-02-04 01:55:34 57344 ----a-r- c:\users\randy\appdata\roaming\microsoft\installer\{d1fc56fe-c12f-437c-a80f-13f18080845d}\RitePen.exe_D1FC56FEC12F437CA80F13F18080845D.exe
2011-02-04 01:55:34 57344 ----a-r- c:\users\randy\appdata\roaming\microsoft\installer\{d1fc56fe-c12f-437c-a80f-13f18080845d}\NewShortcut1_D1FC56FEC12F437CA80F13F18080845D.exe
2011-02-04 01:55:33 57344 ----a-r- c:\users\randy\appdata\roaming\microsoft\installer\{d1fc56fe-c12f-437c-a80f-13f18080845d}\ritepenhelp.html_D1FC56FEC12F437CA80F13F18080845D.exe
2011-02-04 01:55:19 -------- d-----w- c:\program files\Evernote
2011-02-04 00:21:53 20 ----a-w- c:\windows\system32\SHELLTRAYDLL.DLL
2011-01-29 04:23:47 -------- d-----w- c:\program files\E-Cam
2011-01-29 04:23:31 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-01-29 04:23:30 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-01-29 04:23:30 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-01-29 04:23:30 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-01-29 04:23:29 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-01-29 04:23:25 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-01-29 04:23:24 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-01-29 04:22:49 -------- d-----w- c:\users\randy\appdata\roaming\E-Cam
==================== Find3M ====================
============= FINISH: 0:03:40.91 ===============
Finally - here is the attach log:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/17/2010 10:03:50 PM
System Uptime: 2/3/2011 11:15:52 PM (1 hours ago)
Motherboard: ASUSTeK Computer INC. | | T91MT
Processor: Intel(R) Atom(TM) CPU Z520 @ 1.33GHz | CPU 1 | 1333/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 30 GiB total, 8.74 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP128: 2/3/2011 8:54:27 PM - Installed ritePen.
RP129: 2/3/2011 9:41:39 PM - Installed Evernote v. 4.2.1
==== Installed Programs ======================
2DoorWay TouchSuite
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1 MUI
Adobe Shockwave Player 11.5
Amazon Kindle For PC v1.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AsCalibration
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AutoHotkey 1.0.48.05
AVG 2011
Bonjour
Calculator
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
CyberLink YouCam
D3DX10
E-Cam
Eee Docking Touch 3.5.1
Evernote v. 4.2.1
FotoFun_3.0.2.0
Google Earth
Google Gears
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Hotkey Service
Intel(R) Graphics Media Accelerator 500
Internet Radio
InternetRadioHelper
iRotate
Junk Mail filter update
LiveUpdate
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XNA Framework Redistributable 3.0
Mozilla Firefox (3.6.13)
MSVCRT
OGA Notifier 2.0.0048.0
PenWrite v1.8.0
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
ritePen
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype web features
Skype™ 4.1
Spybot - Search & Destroy
Super Hybrid Engine
Synaptics Pointing Device Driver
T91MTTutorial 2.0.0.4
Touch Gate 1.0.1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Virtual Earth 3D (Beta)
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
==== Event Viewer Messages From Past Week ========
2/3/2011 11:16:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
2/2/2011 8:45:45 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2/2/2011 8:44:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
2/2/2011 6:41:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
2/2/2011 6:41:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/30/2011 8:37:30 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E3D564C1-EA55-4779-A333-D3F03DB4AE3E} because another computer on the network has the same name. The server could not start.
1/29/2011 12:49:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/28/2011 9:50:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
1/28/2011 11:37:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
1/28/2011 1:43:02 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
==== End Of File ===========================
Any help would be appreciated!
Here is the MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5679
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
2/4/2011 3:14:18 PM
mbam-log-2011-02-04 (15-14-18).txt
Scan type: Quick scan
Objects scanned: 141904
Time elapsed: 5 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here is the GMER log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-04 12:57:09
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SanDisk_pSSD-P2_32GB rev.SSD_5.20
Running: gmer.exe; Driver: C:\Users\Randy\AppData\Local\Temp\fxrorpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8CDED780]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8CDED830]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8CDED8D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8CDED970]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81E54599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E78F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 81E809F8 4 Bytes [80, D7, DE, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 81E80CC8 8 Bytes [30, D8, DE, 8C, D0, D8, DE, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 81E80D3C 4 Bytes [70, D9, DE, 8C]
PAGE peauth.sys 9F422BEC 111 Bytes JMP 624C14F3
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[200] ntdll.dll!LdrLoadDll 77B8F625 5 Bytes JMP 00D913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{65FF9129-9BC4-445C-A076-840836221D97}\Connection@Name isatap.{669E80C3-10E2-457B-AA08-7E7AEDBDB400}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{A8864E56-C89E-454F-BE5A-6FD4CDEE9832}?\Device\{4D097F36-1049-4C10-B182-2771F8EF8C72}?\Device\{65FF9129-9BC4-445C-A076-840836221D97}?\Device\{0ED27B33-9407-441F-8A42-8FC6941D4F9E}?\Device\{0CEAC66A-DE66-41BC-B450-1E1FD42F31BC}?\Device\{BB6B9D04-A956-4DDD-A08B-A53F84B753A4}?\Device\{16FC2673-AD1E-4C6D-8F03-AB988E601766}?\Device\{88B92B34-014B-4907-9C10-7263C8DFF4BA}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{A8864E56-C89E-454F-BE5A-6FD4CDEE9832}"?"{4D097F36-1049-4C10-B182-2771F8EF8C72}"?"{65FF9129-9BC4-445C-A076-840836221D97}"?"{0ED27B33-9407-441F-8A42-8FC6941D4F9E}"?"{0CEAC66A-DE66-41BC-B450-1E1FD42F31BC}"?"{BB6B9D04-A956-4DDD-A08B-A53F84B753A4}"?"{16FC2673-AD1E-4C6D-8F03-AB988E601766}"?"{88B92B34-014B-4907-9C10-7263C8DFF4BA}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{A8864E56-C89E-454F-BE5A-6FD4CDEE9832}?\Device\TCPIP6TUNNEL_{4D097F36-1049-4C10-B182-2771F8EF8C72}?\Device\TCPIP6TUNNEL_{65FF9129-9BC4-445C-A076-840836221D97}?\Device\TCPIP6TUNNEL_{0ED27B33-9407-441F-8A42-8FC6941D4F9E}?\Device\TCPIP6TUNNEL_{0CEAC66A-DE66-41BC-B450-1E1FD42F31BC}?\Device\TCPIP6TUNNEL_{BB6B9D04-A956-4DDD-A08B-A53F84B753A4}?\Device\TCPIP6TUNNEL_{16FC2673-AD1E-4C6D-8F03-AB988E601766}?\Device\TCPIP6TUNNEL_{88B92B34-014B-4907-9C10-7263C8DFF4BA}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243f5293a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a4384d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a4384d@001f6b9b1fc9 0xD7 0x42 0x7D 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a4384d@0026e29ec75a 0x4A 0x6C 0xA1 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a4384d@444e1aa57ce1 0xE4 0xE3 0x44 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a4384d@6cd68ae18e81 0x26 0xB7 0xA9 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{65FF9129-9BC4-445C-A076-840836221D97}@InterfaceName isatap.{669E80C3-10E2-457B-AA08-7E7AEDBDB400}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{65FF9129-9BC4-445C-A076-840836221D97}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243f5293a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a4384d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a4384d@001f6b9b1fc9 0xD7 0x42 0x7D 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a4384d@0026e29ec75a 0x4A 0x6C 0xA1 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a4384d@444e1aa57ce1 0xE4 0xE3 0x44 0x79 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a4384d@6cd68ae18e81 0x26 0xB7 0xA9 0x3F ...
---- EOF - GMER 1.0.15 ----
Here is the DDS log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Randy at 23:56:32.56 on Thu 02/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.692 [GMT -5:00]
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\asus\2DoorWayTouchSuite\AsusUacSvc.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\ezSharedSvcHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\windows\Explorer.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\ASUS\TouchHomeKey\TouchHomeKey.exe
C:\Program Files\ASUS\Eee Docking Touch\Eee Docking Touch.exe
C:\Windows\AsScrPro.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Randy\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\iRotate\iRotate.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ASUS\PenWrite\PenWriteMain.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Randy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Randy\Downloads\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Randy\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [googletalk] c:\users\randy\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Google Update] "c:\users\randy\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [HotKeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [Eee Docking Control for Inspirus] c:\program files\easybits for kids\EEEDockCtl.exe
mRun: [TouchHomeKey] c:\program files\asus\touchhomekey\TouchHomeKey.exe
mRun: [Eee Docking Touch] c:\program files\asus\eee docking touch\Eee Docking Touch.exe autorun
mRun: [Start PenWrite] c:\program files\asus\penwrite\PenWrite.exe startup
mRun: [Tutorial] c:\program files\asus\t91mttutorial\T91MTTutorial.exe autorun
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxExt] c:\windows\system32\IgfxExt.exe /RegServer
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\users\randy\appdata\roaming\micros~1\windows\startm~1\programs\startup\irotate.lnk - c:\program files\irotate\iRotate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\radial~1.lnk - c:\users\randy\downloads\radial menu v3.18_touch_mod\radial menu v3.18\Radial menu v3.18.ahk
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: {B5123A63-DBDD-4C85-A009-7681167DB825} = 209.183.35.23 209.183.33.23
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\windows\system32\ShellTrayDll.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\randy\appdata\roaming\mozilla\firefox\profiles\k0rokc6q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|http://news.google.com/
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\randy\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\randy\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\randy\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-10-20 11448]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2009-10-20 219136]
R2 AsusUacSvc;Asus process privilege adjust service;c:\program files\asus\2doorwaytouchsuite\AsusUacSvc.exe [2009-10-20 28848]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-3 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2009-10-6 635168]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-6 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R4 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\ezSharedSvcHost.exe [2009-10-20 512112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-10 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-15 517448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-20 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 GTNDIS62;GT62 Zero Config Driver;c:\windows\system32\drivers\gtuhs62.sys [2009-8-28 157696]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-8-12 67840]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-8-12 8064]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [2009-10-6 32800]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
=============== Created Last 30 ================
2011-02-04 02:56:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-04 02:56:12 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-04 02:43:29 -------- d-----w- c:\users\randy\appdata\local\Evernote
2011-02-04 01:55:34 57344 ----a-r- c:\users\randy\appdata\roaming\microsoft\installer\{d1fc56fe-c12f-437c-a80f-13f18080845d}\RitePen.exe_D1FC56FEC12F437CA80F13F18080845D.exe
2011-02-04 01:55:34 57344 ----a-r- c:\users\randy\appdata\roaming\microsoft\installer\{d1fc56fe-c12f-437c-a80f-13f18080845d}\NewShortcut1_D1FC56FEC12F437CA80F13F18080845D.exe
2011-02-04 01:55:33 57344 ----a-r- c:\users\randy\appdata\roaming\microsoft\installer\{d1fc56fe-c12f-437c-a80f-13f18080845d}\ritepenhelp.html_D1FC56FEC12F437CA80F13F18080845D.exe
2011-02-04 01:55:19 -------- d-----w- c:\program files\Evernote
2011-02-04 00:21:53 20 ----a-w- c:\windows\system32\SHELLTRAYDLL.DLL
2011-01-29 04:23:47 -------- d-----w- c:\program files\E-Cam
2011-01-29 04:23:31 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-01-29 04:23:30 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-01-29 04:23:30 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-01-29 04:23:30 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-01-29 04:23:29 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-01-29 04:23:25 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-01-29 04:23:24 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-01-29 04:22:49 -------- d-----w- c:\users\randy\appdata\roaming\E-Cam
==================== Find3M ====================
============= FINISH: 0:03:40.91 ===============
Finally - here is the attach log:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/17/2010 10:03:50 PM
System Uptime: 2/3/2011 11:15:52 PM (1 hours ago)
Motherboard: ASUSTeK Computer INC. | | T91MT
Processor: Intel(R) Atom(TM) CPU Z520 @ 1.33GHz | CPU 1 | 1333/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 30 GiB total, 8.74 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP128: 2/3/2011 8:54:27 PM - Installed ritePen.
RP129: 2/3/2011 9:41:39 PM - Installed Evernote v. 4.2.1
==== Installed Programs ======================
2DoorWay TouchSuite
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1 MUI
Adobe Shockwave Player 11.5
Amazon Kindle For PC v1.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AsCalibration
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AutoHotkey 1.0.48.05
AVG 2011
Bonjour
Calculator
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
CyberLink YouCam
D3DX10
E-Cam
Eee Docking Touch 3.5.1
Evernote v. 4.2.1
FotoFun_3.0.2.0
Google Earth
Google Gears
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Hotkey Service
Intel(R) Graphics Media Accelerator 500
Internet Radio
InternetRadioHelper
iRotate
Junk Mail filter update
LiveUpdate
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XNA Framework Redistributable 3.0
Mozilla Firefox (3.6.13)
MSVCRT
OGA Notifier 2.0.0048.0
PenWrite v1.8.0
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
ritePen
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype web features
Skype™ 4.1
Spybot - Search & Destroy
Super Hybrid Engine
Synaptics Pointing Device Driver
T91MTTutorial 2.0.0.4
Touch Gate 1.0.1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Virtual Earth 3D (Beta)
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
==== Event Viewer Messages From Past Week ========
2/3/2011 11:16:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
2/2/2011 8:45:45 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2/2/2011 8:44:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
2/2/2011 6:41:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
2/2/2011 6:41:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/30/2011 8:37:30 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E3D564C1-EA55-4779-A333-D3F03DB4AE3E} because another computer on the network has the same name. The server could not start.
1/29/2011 12:49:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/28/2011 9:50:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
1/28/2011 11:37:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
1/28/2011 1:43:02 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
==== End Of File ===========================
Any help would be appreciated!