Inactive Hotmail spam virus

Status
Not open for further replies.
S

SyberSqueegy

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6722

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

30/05/2011 6:44:57 AM
mbam-log-2011-05-30 (06-44-57).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 808012
Time elapsed: 3 hour(s), 22 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:32 AM, on 30/05/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\BitComet\BitComet.exe
C:\Users\Chris\AppData\Roaming\Mikogo\Mikogo-Host.exe
C:\Program Files (x86)\RayV\RayV\RayV.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\VDOTool\TBPANEL.exe
C:\Program Files (x86)\BOINC\boincmgr.exe
C:\Program Files (x86)\BOINC\boinctray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\Program Files (x86)\BOINC\boinc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Chris\Downloads\hpw6pgcq.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TBPanel] C:\Program Files (x86)\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Mikogo] "C:\Users\Chris\AppData\Roaming\Mikogo\Mikogo-Host.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [FreeApp] "C:\Program Files (x86)\FreeApps\FreeApps.exe" /autorun
O4 - HKCU\..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: B-Service - Unknown owner - C:\Users\Chris\AppData\Roaming\Mikogo\B-Service.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1cad442638e350) (gupdate1cad442638e350) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14213 bytes


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-05-30 03:23:19
Windows 6.1.7600
Running: hpw6pgcq.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167604bf3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x29 0x52 0xF6 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8F 0xA2 0x9C 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCB 0x88 0x6C 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167604bf3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x29 0x52 0xF6 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8F 0xA2 0x9C 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCB 0x88 0x6C 0x91 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\chrisirhc10@hotmail.com@a8d7f829e358fb006ef30996c4bad617\r\n 0x82 0x38 0x99 0x24 ...

---- EOF - GMER 1.0.15 ----

Post 1 of 2
 

Attachments

  • Attach.txt
    18.4 KB · Views: 0
  • DDS.txt
    29.4 KB · Views: 0
  • hijackthis.log
    13.9 KB · Views: 0
  • GMER.log
    3.4 KB · Views: 0
  • mbam-log-2011-05-30 (06-44-57).txt
    913 bytes · Views: 0
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Chris at 3:01:36 on 2011-05-30
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.6142.1839 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\BitComet\BitComet.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Chris\AppData\Roaming\Mikogo\Mikogo-Host.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\BitComet\tools\BitCometService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\RayV\RayV\RayV.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\VDOTool\TBPANEL.exe
C:\Program Files (x86)\BOINC\boincmgr.exe
C:\Program Files (x86)\BOINC\boinctray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\Program Files (x86)\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\ProgramData\BOINC\projects\aqua.dwavesys.com\roqs_0.22_windows_x86_64__mt4.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\BOINC\projects\abcathome.com\abc_sieve_2.10_windows_x86_64.exe
C:\ProgramData\BOINC\projects\abcathome.com\abc_sieve_2.10_windows_x86_64.exe
C:\ProgramData\BOINC\projects\abcathome.com\abc_sieve_2.10_windows_x86_64.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Chris\Downloads\hpw6pgcq.exe
C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Chris\Downloads\dds(1).scr
C:\Windows\SysWOW64\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Mikogo] "C:\Users\Chris\AppData\Roaming\Mikogo\Mikogo-Host.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [FreeApp] "C:\Program Files (x86)\FreeApps\FreeApps.exe" /autorun
uRun: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
uRun: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [TBPanel] C:\Program Files (x86)\VDOTool\TBPanel.exe /A
mRun: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
dRun: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-5-6 352656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-4-4 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-4-4 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-5-14 821080]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-18 2280312]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-5-14 20336]
R3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys --> C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [?]
R3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys --> C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-5-14 33184]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-5-14 21328]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1cad442638e350;Google Update Service (gupdate1cad442638e350);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-4 133104]
S3 B-Service;B-Service;C:\Users\Chris\AppData\Roaming\Mikogo\B-Service.exe [2010-9-7 185640]
S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-4-4 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-4 133104]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-30 07:16:30 -------- d-----w- C:\Users\Chris\AppData\Local\{C3029D28-385B-4898-BCA4-768F037266F5}
2011-05-29 19:16:03 -------- d-----w- C:\Users\Chris\AppData\Local\{8F3B5B94-B1D6-4291-A851-9D183F830979}
2011-05-29 19:04:54 -------- d-----w- C:\ProgramData\ESTsoft
2011-05-29 19:04:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\ESTsoft
2011-05-29 19:04:46 -------- d-----w- C:\Program Files (x86)\ESTsoft
2011-05-29 10:01:47 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{801B5CD6-7010-4810-B7B0-B6006AE6F333}\mpengine.dll
2011-05-28 21:26:47 -------- d-----w- C:\Users\Chris\AppData\Local\{7421A7DE-CD3B-4D2E-9746-2E9068AB8CDF}
2011-05-28 14:12:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\go
2011-05-28 14:12:39 -------- d-----w- C:\ProgramData\Easybits GO
2011-05-28 09:26:22 -------- d-----w- C:\Users\Chris\AppData\Local\{38CD1299-39B9-44C5-BA10-5B9B36633097}
2011-05-27 21:25:57 -------- d-----w- C:\Users\Chris\AppData\Local\{C8978AE6-8A40-4823-A351-D9029509F6AD}
2011-05-27 09:25:10 -------- d-----w- C:\Users\Chris\AppData\Local\{3332EA3E-A22A-4B3A-ACC8-0778AD5DE69A}
2011-05-26 14:31:10 -------- d-----w- C:\Users\Chris\AppData\Local\{50145954-5329-4560-B8CA-656A89BEECC6}
2011-05-26 02:30:28 -------- d-----w- C:\Users\Chris\AppData\Local\{5F9A1D1F-E726-45EF-BF94-16A12EB8283D}
2011-05-25 14:30:02 -------- d-----w- C:\Users\Chris\AppData\Local\{AE5814EC-915D-4731-BF1D-D616C1CCA278}
2011-05-25 02:32:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-25 02:29:00 -------- d-----w- C:\Users\Chris\AppData\Local\{2C0FC4D4-C49C-41B7-A079-F1E39881CFCB}
2011-05-24 01:06:06 -------- d-----w- C:\Users\Chris\AppData\Local\{40B3030A-2EB8-44E8-BFBE-ACBE104D4CA9}
2011-05-23 12:46:15 -------- d-----w- C:\Users\Chris\AppData\Local\{5207811A-C95C-46CD-B5F4-05F9F8736D24}
2011-05-23 00:45:51 -------- d-----w- C:\Users\Chris\AppData\Local\{9EF2EB1E-52D3-440F-B757-962349BAC7B0}
2011-05-22 12:45:24 -------- d-----w- C:\Users\Chris\AppData\Local\{719FDB1C-0ED0-4655-9AB5-A343B6B6718D}
2011-05-22 00:44:59 -------- d-----w- C:\Users\Chris\AppData\Local\{D8FB9A87-36EA-463B-9F23-EED61D98CB5B}
2011-05-21 12:44:35 -------- d-----w- C:\Users\Chris\AppData\Local\{4E25CEDF-C005-495E-9137-23C26C3F7C87}
2011-05-21 00:44:43 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F926B061-1451-41A9-AFC9-E12BC54E447A}\gapaengine.dll
2011-05-21 00:43:46 -------- d-----w- C:\Users\Chris\AppData\Local\{B52F862A-8A68-4689-AEBB-12876EFA3DAB}
2011-05-20 12:43:22 -------- d-----w- C:\Users\Chris\AppData\Local\{E5DF5831-E5F6-4074-87BA-D9843FEEFB0B}
2011-05-20 00:42:53 -------- d-----w- C:\Users\Chris\AppData\Local\{C4254C66-0140-44F8-A58A-C93902BD1CBB}
2011-05-19 12:42:26 -------- d-----w- C:\Users\Chris\AppData\Local\{A4681623-2A60-4FF6-86F0-29D40CCEA665}
2011-05-19 00:41:52 -------- d-----w- C:\Users\Chris\AppData\Local\{7D1D031F-9D2B-4D91-A5CB-1E62A1C42B7A}
2011-05-18 12:41:21 -------- d-----w- C:\Users\Chris\AppData\Local\{10478C86-6591-4489-8EA4-65A79E731650}
2011-05-18 00:39:51 -------- d-----w- C:\Users\Chris\AppData\Local\{1B9B8A6E-24D6-4A21-866E-C5C5092417F9}
2011-05-17 08:59:33 -------- d-----w- C:\Users\Chris\AppData\Local\{5E6C9811-3C5C-41E4-B190-F09D87043294}
2011-05-16 20:59:09 -------- d-----w- C:\Users\Chris\AppData\Local\{224FE3BB-3B8E-4EB1-A0B2-FA03618CE570}
2011-05-16 08:58:28 -------- d-----w- C:\Users\Chris\AppData\Local\{E92C7998-EC8C-4066-87B1-6631F824ECE8}
2011-05-15 20:57:50 -------- d-----w- C:\Users\Chris\AppData\Local\{973BC6AA-72F8-4958-8DEF-4D5A0549678A}
2011-05-15 08:57:26 -------- d-----w- C:\Users\Chris\AppData\Local\{DD89C048-7EE4-4F58-8610-7F4B39E7ED1A}
2011-05-14 20:56:49 -------- d-----w- C:\Users\Chris\AppData\Local\{9FA52ED1-4341-4268-965A-C86502410F88}
2011-05-13 06:44:20 -------- d-----w- C:\Users\Chris\AppData\Local\{2887B6B9-BE65-4744-A04E-A758B722F2C7}
2011-05-12 20:32:20 -------- d-----w- C:\DosBox
2011-05-12 18:47:32 -------- d-----w- C:\Users\Chris\AppData\Local\DOSBox
2011-05-12 18:43:12 -------- d-----w- C:\Users\Chris\AppData\Local\{E34C09FE-AA3D-4EF7-97B9-AE715423A1BC}
2011-05-12 00:00:52 -------- d-----w- C:\ProgramData\Skype Extras
2011-05-11 17:24:06 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 17:24:05 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 17:24:04 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 17:16:46 -------- d-----w- C:\Users\Chris\AppData\Local\{61EFD904-3FA5-47C0-8AFF-D7716426FB73}
2011-05-06 19:48:18 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
2011-05-06 13:23:53 -------- d-----w- C:\Users\Chris\AppData\Local\{F2713915-F208-4BC3-AB34-8002F20FB179}
2011-05-06 01:23:16 -------- d-----w- C:\Users\Chris\AppData\Local\{F3509DF0-C960-491D-B943-C3E582C4C008}
2011-05-05 13:22:52 -------- d-----w- C:\Users\Chris\AppData\Local\{F82F287A-3EBE-445E-9A4E-7E2EB13E51C7}
2011-05-05 01:22:28 -------- d-----w- C:\Users\Chris\AppData\Local\{483F2AD3-64B5-4CE9-AE9E-2D0DDD2B33CB}
2011-05-04 13:21:57 -------- d-----w- C:\Users\Chris\AppData\Local\{BE2A64D2-EC6A-4569-A1F6-8FB30D148A7E}
2011-05-04 01:21:33 -------- d-----w- C:\Users\Chris\AppData\Local\{3EFED186-CE92-4DC0-9B21-F768C17947A3}
2011-05-03 13:21:03 -------- d-----w- C:\Users\Chris\AppData\Local\{3F982E4A-94BA-4CE5-AD8E-4E9CC0F5459C}
2011-05-03 01:20:34 -------- d-----w- C:\Users\Chris\AppData\Local\{85B59CB5-7E6A-4460-B7C2-C9BF70551E84}
2011-05-02 13:20:05 -------- d-----w- C:\Users\Chris\AppData\Local\{16577AE0-E689-403B-B3E1-B6FC8F1384E3}
2011-05-02 01:19:40 -------- d-----w- C:\Users\Chris\AppData\Local\{1297754E-E772-4EA2-A09F-9F9CD7C5619B}
2011-05-01 13:19:17 -------- d-----w- C:\Users\Chris\AppData\Local\{63DD39EA-E21B-4389-80CD-8C89F7055545}
2011-05-01 01:18:35 -------- d-----w- C:\Users\Chris\AppData\Local\{803EFF6E-2FEE-4B4A-B2DC-B3AE75647E00}
2011-04-30 13:17:58 -------- d-----w- C:\Users\Chris\AppData\Local\{AB7229B8-D484-4597-BD11-14F98E6ECBB8}
.
==================== Find3M ====================
.
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-04-08 11:28:58 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2011-04-08 11:28:58 27536 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-04-06 23:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 23:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 23:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 23:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 3:03:47.68 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 02/04/2010 5:06:26 PM
System Uptime: 31/12/2008 11:00:55 PM (21100 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M3N-HD/HDMI
Processor: AMD Phenom(tm) 9850 Quad-Core Processor | Socket AM2 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 111.388 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 114.312 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 128.487 GiB free.
F: is CDROM (CDFS)
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&1
Service:
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&3C06D97&0&5
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&3C06D97&0&5
Service:
.
Class GUID:
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0753&SUBSYS_82E81043&REV_A2\3&2411E6FE&1&0B
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0753&SUBSYS_82E81043&REV_A2\3&2411E6FE&1&0B
Service:
.
==== System Restore Points ===================
.
RP370: 25/05/2011 7:00:14 AM - Windows Update
RP371: 25/05/2011 3:06:48 PM - Windows Update
RP372: 25/05/2011 7:31:11 PM - Windows Update
RP373: 27/05/2011 2:32:27 AM - Windows Update
RP374: 27/05/2011 1:34:51 PM - Windows Update
RP375: 28/05/2011 2:27:06 AM - Windows Update
RP376: 29/05/2011 3:01:30 AM - Windows Update
.
==== Installed Programs ======================
.
3Planesoft Screensaver Manager 1.4
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Advanced SystemCare 4
ALSee
Altitude
ALTools Update
Alyx Nude
Apple Application Support
Apple Software Update
µTorrent
Audacity 1.3.11 (Unicode)
Avira AntiVir Personal - Free Antivirus
Beat Hazard
BitComet 1.27
BOINC
Cascades demo by NVIDIA (remove only)
CCleaner
Counter-Strike: Source
Creative Audio Console
Creative Software AutoUpdate
D3DX10
Deep Space 3D Screensaver 1.0
DTS+AC3 Filter
DTVblizzcon
EasyBits GO
FreeApps
Game Booster
GIMP 2.6.10
GOM Player
GOMTV Streamer
Google Earth Plug-in
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Human Head demo by NVIDIA (remove only)
iCopyExpert 3.1.2
IObit Malware Fighter
Java(TM) 6 Update 20
Junk Mail filter update
Just Cause 1.00.0000
K-Lite Mega Codec Pack 1.46
Koi Fish 3D Screensaver 1.0
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
Malwarebytes' Anti-Malware
Manga Reader v1.5.5
Mesh Runtime
Messenger Companion
Microsoft Office Live Add-in 1.5
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mikogo
Mozilla Firefox 4.0 (x86 en-US)
Mozilla Thunderbird (3.1.4)
MPEG2 Codec(libmpeg2/mad)
MS Access 97 SP2
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
NVIDIA PhysX
OpenAL
Plasma Pong v1.2
Poker Night at the Inventory
Portal 2
Portal 2 - The Final Hours
QuickTime
RapidShare Manager
RealPlayer
RealUpgrade 1.0
Sam & Max 101: Culture Shock
Sam & Max 102: Situation: Comedy
Sam & Max 103: The Mole, the Mob and the Meatball
Sam & Max 104: Abe Lincoln Must Die!
Sam & Max 105: Reality 2.0
Sam & Max 106: Bright Side of the Moon
Sam & Max 201: Ice Station Santa
Sam & Max 202: Moai Better Blues
Sam & Max 203: Night of the Raving Dead
Sam & Max 204: Chariots of the Dogs
Sam & Max 205: What's New Beelzebub?
Sam & Max 305: The City that Dares not Sleep
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Shatter
SimCity 3000 Unlimited
Skype Toolbars
Skype™ 5.3
Smart Defrag 2
Smoke demo by NVIDIA (remove only)
StarCraft
StarCraft II
StealthBot 2.7
Steam(TM)
TeamViewer 6
The Lost Watch II 3D Screensaver 1.0
The Lost Watch II NV 3D Screensaver 1.0
Tunatic
Unity Web Player
VDOTool 6.0
VLC media player 1.1.7
Water Clock 3D Screensaver 1.0
Western Railway NV 3D Screensaver 2.0
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xfire (remove only)
XfireXO Toolbar
.
==== Event Viewer Messages From Past Week ========
.
29/05/2011 8:56:50 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...licker:Win32/Yabector.gen&threatid=2147628718 Name: TrojanClicker:Win32/Yabector.gen ID: 2147628718 Severity: Severe Category: Trojan Notifier Path: containerfile:_E:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe;containerfile:_E:\Users\Chris\Downloads\unlocker1.8.7.exe;file:_E:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe->(nsis-1-eBayShortcuts.exe);file:_E:\Users\Chris\Downloads\unlocker1.8.7.exe->(nsis-6-eBay_shortcuts_1016.exe)->(nsis-1-eBayShortcuts.exe) Detection Origin: Local machine Detection Type: Generic Detection Source: System User: NT AUTHORITY\NETWORK SERVICE Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.803.0, AS: 1.105.803.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
29/05/2011 8:56:50 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanClicker:Win32/Yabector.B&threatid=2147629550 Name: TrojanClicker:Win32/Yabector.B ID: 2147629550 Severity: Severe Category: Trojan Notifier Path: containerfile:_C:\Users\Chris\Downloads\unlocker1.8.8.exe;containerfile:_E:\Users\Chris\Downloads\unlocker1.8.8.exe;file:_C:\Users\Chris\Downloads\unlocker1.8.8.exe->(nsis-6-$(PLUGINSDIR)\eBay_shortcuts_1016_new.exe);file:_E:\Users\Chris\Downloads\unlocker1.8.8.exe->(nsis-6-$(PLUGINSDIR)\eBay_shortcuts_1016_new.exe) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\NETWORK SERVICE Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.803.0, AS: 1.105.803.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
29/05/2011 8:56:50 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bumat!rts&threatid=2147626069 Name: Trojan:Win32/Bumat!rts ID: 2147626069 Severity: High Category: Trojan Path: containerfile:_C:\Users\Chris\Downloads\MineralHack.zip;containerfile:_C:\Users\Chris\Downloads\OblivionV305.zip;containerfile:_C:\Users\Chris\Downloads\ZMH100.zip;containerfile:_E:\Users\Chris\Downloads\MineralHack.zip;containerfile:_E:\Users\Chris\Downloads\OblivionV305.zip;containerfile:_E:\Users\Chris\Downloads\ZMH100.zip;file:_C:\Users\Chris\Downloads\MineralHack.zip->zLoader.exe;file:_C:\Users\Chris\Downloads\OblivionV305.zip->zLoader.exe;file:_C:\Users\Chris\Downloads\ZMH100.zip->zLoader.exe;file:_E:\Users\Chris\Downloads\MineralHack.zip->zLoader.exe;file:_E:\Users\Chris\Downloads\OblivionV305.zip->zLoader.exe;file:_E:\Users\Chris\Downloads\ZMH100.zip->zLoader.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\NETWORK SERVICE Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.803.0, AS: 1.105.803.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
29/05/2011 8:56:50 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/RegCure&threatid=147745 Name: Program:Win32/RegCure ID: 147745 Severity: High Category: Potentially Unwanted Software Path: containerfile:_C:\Users\Chris\Downloads\RegCureSetup_CB.exe;containerfile:_C:\Users\Chris\Downloads\RegCureSetup_RW(2).exe;containerfile:_C:\Users\Chris\Downloads\RegCureSetup_RW.exe;containerfile:_E:\Users\Chris\Downloads\RegCureSetup_CB.exe;containerfile:_E:\Users\Chris\Downloads\RegCureSetup_RW(2).exe;containerfile:_E:\Users\Chris\Downloads\RegCureSetup_RW.exe;file:_C:\Users\Chris\Downloads\RegCureSetup_CB.exe->(nsis-6-RegCure.exe);file:_C:\Users\Chris\Downloads\RegCureSetup_RW(2).exe->(nsis-6-RegCure.exe);file:_C:\Users\Chris\Downloads\RegCureSetup_RW.exe->(nsis-6-RegCure.exe);file:_E:\Users\Chris\Downloads\RegCureSetup_CB.exe->(nsis-6-RegCure.exe);file:_E:\Users\Chris\Downloads\RegCureSetup_RW(2).exe->(nsis-6-RegCure.exe);file:_E:\Users\Chris\Downloads\RegCureSetup_RW.exe->(nsis-6-RegCure.exe) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\NETWORK SERVICE Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.803.0, AS: 1.105.803.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
27/05/2011 6:58:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...licker:Win32/Yabector.gen&threatid=2147628718 Name: TrojanClicker:Win32/Yabector.gen ID: 2147628718 Severity: Severe Category: Trojan Notifier Path: containerfile:_E:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe;containerfile:_E:\Users\Chris\Downloads\unlocker1.8.7.exe;file:_E:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe->(nsis-1-eBayShortcuts.exe);file:_E:\Users\Chris\Downloads\unlocker1.8.7.exe->(nsis-6-eBay_shortcuts_1016.exe)->(nsis-1-eBayShortcuts.exe) Detection Origin: Local machine Detection Type: Generic Detection Source: User User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.693.0, AS: 1.105.693.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
27/05/2011 6:58:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanClicker:Win32/Yabector.B&threatid=2147629550 Name: TrojanClicker:Win32/Yabector.B ID: 2147629550 Severity: Severe Category: Trojan Notifier Path: containerfile:_C:\Users\Chris\Downloads\unlocker1.8.8.exe;containerfile:_E:\Users\Chris\Downloads\unlocker1.8.8.exe;file:_C:\Users\Chris\Downloads\unlocker1.8.8.exe->(nsis-6-$(PLUGINSDIR)\eBay_shortcuts_1016_new.exe);file:_E:\Users\Chris\Downloads\unlocker1.8.8.exe->(nsis-6-$(PLUGINSDIR)\eBay_shortcuts_1016_new.exe) Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.693.0, AS: 1.105.693.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
27/05/2011 6:58:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/RegCure&threatid=147745 Name: Program:Win32/RegCure ID: 147745 Severity: High Category: Potentially Unwanted Software Path: containerfile:_C:\Users\Chris\Downloads\RegCureSetup_CB.exe;containerfile:_C:\Users\Chris\Downloads\RegCureSetup_RW(2).exe;containerfile:_C:\Users\Chris\Downloads\RegCureSetup_RW.exe;containerfile:_E:\Users\Chris\Downloads\RegCureSetup_CB.exe;containerfile:_E:\Users\Chris\Downloads\RegCureSetup_RW(2).exe;containerfile:_E:\Users\Chris\Downloads\RegCureSetup_RW.exe;file:_C:\Users\Chris\Downloads\RegCureSetup_CB.exe->(nsis-6-RegCure.exe);file:_C:\Users\Chris\Downloads\RegCureSetup_RW(2).exe->(nsis-6-RegCure.exe);file:_C:\Users\Chris\Downloads\RegCureSetup_RW.exe->(nsis-6-RegCure.exe);file:_E:\Users\Chris\Downloads\RegCureSetup_CB.exe->(nsis-6-RegCure.exe);file:_E:\Users\Chris\Downloads\RegCureSetup_RW(2).exe->(nsis-6-RegCure.exe);file:_E:\Users\Chris\Downloads\RegCureSetup_RW.exe->(nsis-6-RegCure.exe) Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.693.0, AS: 1.105.693.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
27/05/2011 6:58:51 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bumat!rts&threatid=2147626069 Name: Trojan:Win32/Bumat!rts ID: 2147626069 Severity: High Category: Trojan Path: containerfile:_C:\Users\Chris\Downloads\MineralHack.zip;containerfile:_C:\Users\Chris\Downloads\OblivionV305.zip;containerfile:_C:\Users\Chris\Downloads\ZMH100.zip;containerfile:_E:\Users\Chris\Downloads\MineralHack.zip;containerfile:_E:\Users\Chris\Downloads\OblivionV305.zip;containerfile:_E:\Users\Chris\Downloads\ZMH100.zip;file:_C:\Users\Chris\Downloads\MineralHack.zip->zLoader.exe;file:_C:\Users\Chris\Downloads\OblivionV305.zip->zLoader.exe;file:_C:\Users\Chris\Downloads\ZMH100.zip->zLoader.exe;file:_E:\Users\Chris\Downloads\MineralHack.zip->zLoader.exe;file:_E:\Users\Chris\Downloads\OblivionV305.zip->zLoader.exe;file:_E:\Users\Chris\Downloads\ZMH100.zip->zLoader.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.693.0, AS: 1.105.693.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
27/05/2011 2:23:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
27/05/2011 2:21:54 AM, Error: Service Control Manager [7000] - The TBPanel service failed to start due to the following error: This driver has been blocked from loading
27/05/2011 2:21:54 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\TBPanel.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
27/05/2011 2:21:29 AM, Error: volmgr [46] - Crash dump initialization failed!
25/05/2011 8:47:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
25/05/2011 8:45:00 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
24/05/2011 7:27:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
23/05/2011 6:04:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================


Post 2 of 2
 
Glad you found the message about attached files! Now I don't have to nag at you to paste the logs!

There is no "Hotmail spam virus"! You have not given much information as to what's happening. Hotmail is a web-based email and can get hacked from the internet> it's not a big challenge. Your Hotmail account can also be getting a lot of spam> possibly because there isn't much available on Hotmail to get spam filters in place
======================================
I can review your logs for malware, but even if there is malware on the system, it may have nothing to do with your problem.
=====================================
You are using 2 antivirus programs: Avira and Microsoft Security Essentials. Contrary to what you might think, multiple AV programs actually make the system more vulnerable, not less. So please remove one of the AV programs.
=====================================
Please run the following 2 programs:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
    in your next reply.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back