TechSpot

Hotmail spam virus

By SyberSqueegy
May 30, 2011
  1. Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6722

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    30/05/2011 6:44:57 AM
    mbam-log-2011-05-30 (06-44-57).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 808012
    Time elapsed: 3 hour(s), 22 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:13:32 AM, on 30/05/2011
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\BitComet\BitComet.exe
    C:\Users\Chris\AppData\Roaming\Mikogo\Mikogo-Host.exe
    C:\Program Files (x86)\RayV\RayV\RayV.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Windows\SysWOW64\CtHelper.exe
    C:\Program Files (x86)\VDOTool\TBPANEL.exe
    C:\Program Files (x86)\BOINC\boincmgr.exe
    C:\Program Files (x86)\BOINC\boinctray.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Logitech\G35\G35.exe
    C:\Program Files (x86)\BOINC\boinc.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
    C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
    C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Chris\Downloads\hpw6pgcq.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
    O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [TBPanel] C:\Program Files (x86)\VDOTool\TBPanel.exe /A
    O4 - HKLM\..\Run: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
    O4 - HKLM\..\Run: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Mikogo] "C:\Users\Chris\AppData\Roaming\Mikogo\Mikogo-Host.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [FreeApp] "C:\Program Files (x86)\FreeApps\FreeApps.exe" /autorun
    O4 - HKCU\..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
    O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: B-Service - Unknown owner - C:\Users\Chris\AppData\Roaming\Mikogo\B-Service.exe
    O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate1cad442638e350) (gupdate1cad442638e350) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14213 bytes


    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-05-30 03:23:19
    Windows 6.1.7600
    Running: hpw6pgcq.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167604bf3
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x29 0x52 0xF6 0xA8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8F 0xA2 0x9C 0xAB ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCB 0x88 0x6C 0x91 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167604bf3 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x29 0x52 0xF6 0xA8 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8F 0xA2 0x9C 0xAB ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCB 0x88 0x6C 0x91 ...
    Reg HKCU\Software\Microsoft\Windows Live\Companion\chrisirhc10@hotmail.com@a8d7f829e358fb006ef30996c4bad617\r\n 0x82 0x38 0x99 0x24 ...

    ---- EOF - GMER 1.0.15 ----

    Post 1 of 2
     

    Attached Files:

  2. SyberSqueegy

    SyberSqueegy TS Rookie Topic Starter

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
    Run by Chris at 3:01:36 on 2011-05-30
    Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.6142.1839 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files (x86)\BitComet\BitComet.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\Chris\AppData\Roaming\Mikogo\Mikogo-Host.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\BitComet\tools\BitCometService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\RayV\RayV\RayV.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Windows\SysWOW64\CtHelper.exe
    C:\Program Files (x86)\VDOTool\TBPANEL.exe
    C:\Program Files (x86)\BOINC\boincmgr.exe
    C:\Program Files (x86)\BOINC\boinctray.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Logitech\G35\G35.exe
    C:\Program Files (x86)\BOINC\boinc.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Xfire\xfire64.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\ProgramData\BOINC\projects\aqua.dwavesys.com\roqs_0.22_windows_x86_64__mt4.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
    C:\Windows\system32\conhost.exe
    C:\ProgramData\BOINC\projects\abcathome.com\abc_sieve_2.10_windows_x86_64.exe
    C:\ProgramData\BOINC\projects\abcathome.com\abc_sieve_2.10_windows_x86_64.exe
    C:\ProgramData\BOINC\projects\abcathome.com\abc_sieve_2.10_windows_x86_64.exe
    C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_5.05_windows_intelx86.exe
    C:\Windows\system32\conhost.exe
    C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Chris\Downloads\hpw6pgcq.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Chris\Downloads\dds(1).scr
    C:\Windows\SysWOW64\WSCRIPT.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
    BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
    uRun: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Mikogo] "C:\Users\Chris\AppData\Roaming\Mikogo\Mikogo-Host.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [FreeApp] "C:\Program Files (x86)\FreeApps\FreeApps.exe" /autorun
    uRun: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
    uRun: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [TBPanel] C:\Program Files (x86)\VDOTool\TBPanel.exe /A
    mRun: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
    mRun: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    dRun: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1
    StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    mRun-x64: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - component: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\9328l0dk.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
    FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-5-6 352656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-4-4 136360]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-4-4 269480]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-5-14 821080]
    R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-18 2280312]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
    R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
    R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-5-14 20336]
    R3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys --> C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [?]
    R3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys --> C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-5-14 33184]
    R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-5-14 21328]
    R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1cad442638e350;Google Update Service (gupdate1cad442638e350);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-4 133104]
    S3 B-Service;B-Service;C:\Users\Chris\AppData\Roaming\Mikogo\B-Service.exe [2010-9-7 185640]
    S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-4-4 79360]
    S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
    S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
    S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-4 133104]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-05-30 07:16:30 -------- d-----w- C:\Users\Chris\AppData\Local\{C3029D28-385B-4898-BCA4-768F037266F5}
    2011-05-29 19:16:03 -------- d-----w- C:\Users\Chris\AppData\Local\{8F3B5B94-B1D6-4291-A851-9D183F830979}
    2011-05-29 19:04:54 -------- d-----w- C:\ProgramData\ESTsoft
    2011-05-29 19:04:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\ESTsoft
    2011-05-29 19:04:46 -------- d-----w- C:\Program Files (x86)\ESTsoft
    2011-05-29 10:01:47 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{801B5CD6-7010-4810-B7B0-B6006AE6F333}\mpengine.dll
    2011-05-28 21:26:47 -------- d-----w- C:\Users\Chris\AppData\Local\{7421A7DE-CD3B-4D2E-9746-2E9068AB8CDF}
    2011-05-28 14:12:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\go
    2011-05-28 14:12:39 -------- d-----w- C:\ProgramData\Easybits GO
    2011-05-28 09:26:22 -------- d-----w- C:\Users\Chris\AppData\Local\{38CD1299-39B9-44C5-BA10-5B9B36633097}
    2011-05-27 21:25:57 -------- d-----w- C:\Users\Chris\AppData\Local\{C8978AE6-8A40-4823-A351-D9029509F6AD}
    2011-05-27 09:25:10 -------- d-----w- C:\Users\Chris\AppData\Local\{3332EA3E-A22A-4B3A-ACC8-0778AD5DE69A}
    2011-05-26 14:31:10 -------- d-----w- C:\Users\Chris\AppData\Local\{50145954-5329-4560-B8CA-656A89BEECC6}
    2011-05-26 02:30:28 -------- d-----w- C:\Users\Chris\AppData\Local\{5F9A1D1F-E726-45EF-BF94-16A12EB8283D}
    2011-05-25 14:30:02 -------- d-----w- C:\Users\Chris\AppData\Local\{AE5814EC-915D-4731-BF1D-D616C1CCA278}
    2011-05-25 02:32:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-05-25 02:29:00 -------- d-----w- C:\Users\Chris\AppData\Local\{2C0FC4D4-C49C-41B7-A079-F1E39881CFCB}
    2011-05-24 01:06:06 -------- d-----w- C:\Users\Chris\AppData\Local\{40B3030A-2EB8-44E8-BFBE-ACBE104D4CA9}
    2011-05-23 12:46:15 -------- d-----w- C:\Users\Chris\AppData\Local\{5207811A-C95C-46CD-B5F4-05F9F8736D24}
    2011-05-23 00:45:51 -------- d-----w- C:\Users\Chris\AppData\Local\{9EF2EB1E-52D3-440F-B757-962349BAC7B0}
    2011-05-22 12:45:24 -------- d-----w- C:\Users\Chris\AppData\Local\{719FDB1C-0ED0-4655-9AB5-A343B6B6718D}
    2011-05-22 00:44:59 -------- d-----w- C:\Users\Chris\AppData\Local\{D8FB9A87-36EA-463B-9F23-EED61D98CB5B}
    2011-05-21 12:44:35 -------- d-----w- C:\Users\Chris\AppData\Local\{4E25CEDF-C005-495E-9137-23C26C3F7C87}
    2011-05-21 00:44:43 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F926B061-1451-41A9-AFC9-E12BC54E447A}\gapaengine.dll
    2011-05-21 00:43:46 -------- d-----w- C:\Users\Chris\AppData\Local\{B52F862A-8A68-4689-AEBB-12876EFA3DAB}
    2011-05-20 12:43:22 -------- d-----w- C:\Users\Chris\AppData\Local\{E5DF5831-E5F6-4074-87BA-D9843FEEFB0B}
    2011-05-20 00:42:53 -------- d-----w- C:\Users\Chris\AppData\Local\{C4254C66-0140-44F8-A58A-C93902BD1CBB}
    2011-05-19 12:42:26 -------- d-----w- C:\Users\Chris\AppData\Local\{A4681623-2A60-4FF6-86F0-29D40CCEA665}
    2011-05-19 00:41:52 -------- d-----w- C:\Users\Chris\AppData\Local\{7D1D031F-9D2B-4D91-A5CB-1E62A1C42B7A}
    2011-05-18 12:41:21 -------- d-----w- C:\Users\Chris\AppData\Local\{10478C86-6591-4489-8EA4-65A79E731650}
    2011-05-18 00:39:51 -------- d-----w- C:\Users\Chris\AppData\Local\{1B9B8A6E-24D6-4A21-866E-C5C5092417F9}
    2011-05-17 08:59:33 -------- d-----w- C:\Users\Chris\AppData\Local\{5E6C9811-3C5C-41E4-B190-F09D87043294}
    2011-05-16 20:59:09 -------- d-----w- C:\Users\Chris\AppData\Local\{224FE3BB-3B8E-4EB1-A0B2-FA03618CE570}
    2011-05-16 08:58:28 -------- d-----w- C:\Users\Chris\AppData\Local\{E92C7998-EC8C-4066-87B1-6631F824ECE8}
    2011-05-15 20:57:50 -------- d-----w- C:\Users\Chris\AppData\Local\{973BC6AA-72F8-4958-8DEF-4D5A0549678A}
    2011-05-15 08:57:26 -------- d-----w- C:\Users\Chris\AppData\Local\{DD89C048-7EE4-4F58-8610-7F4B39E7ED1A}
    2011-05-14 20:56:49 -------- d-----w- C:\Users\Chris\AppData\Local\{9FA52ED1-4341-4268-965A-C86502410F88}
    2011-05-13 06:44:20 -------- d-----w- C:\Users\Chris\AppData\Local\{2887B6B9-BE65-4744-A04E-A758B722F2C7}
    2011-05-12 20:32:20 -------- d-----w- C:\DosBox
    2011-05-12 18:47:32 -------- d-----w- C:\Users\Chris\AppData\Local\DOSBox
    2011-05-12 18:43:12 -------- d-----w- C:\Users\Chris\AppData\Local\{E34C09FE-AA3D-4EF7-97B9-AE715423A1BC}
    2011-05-12 00:00:52 -------- d-----w- C:\ProgramData\Skype Extras
    2011-05-11 17:24:06 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-11 17:24:05 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-11 17:24:04 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-11 17:16:46 -------- d-----w- C:\Users\Chris\AppData\Local\{61EFD904-3FA5-47C0-8AFF-D7716426FB73}
    2011-05-06 19:48:18 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
    2011-05-06 13:23:53 -------- d-----w- C:\Users\Chris\AppData\Local\{F2713915-F208-4BC3-AB34-8002F20FB179}
    2011-05-06 01:23:16 -------- d-----w- C:\Users\Chris\AppData\Local\{F3509DF0-C960-491D-B943-C3E582C4C008}
    2011-05-05 13:22:52 -------- d-----w- C:\Users\Chris\AppData\Local\{F82F287A-3EBE-445E-9A4E-7E2EB13E51C7}
    2011-05-05 01:22:28 -------- d-----w- C:\Users\Chris\AppData\Local\{483F2AD3-64B5-4CE9-AE9E-2D0DDD2B33CB}
    2011-05-04 13:21:57 -------- d-----w- C:\Users\Chris\AppData\Local\{BE2A64D2-EC6A-4569-A1F6-8FB30D148A7E}
    2011-05-04 01:21:33 -------- d-----w- C:\Users\Chris\AppData\Local\{3EFED186-CE92-4DC0-9B21-F768C17947A3}
    2011-05-03 13:21:03 -------- d-----w- C:\Users\Chris\AppData\Local\{3F982E4A-94BA-4CE5-AD8E-4E9CC0F5459C}
    2011-05-03 01:20:34 -------- d-----w- C:\Users\Chris\AppData\Local\{85B59CB5-7E6A-4460-B7C2-C9BF70551E84}
    2011-05-02 13:20:05 -------- d-----w- C:\Users\Chris\AppData\Local\{16577AE0-E689-403B-B3E1-B6FC8F1384E3}
    2011-05-02 01:19:40 -------- d-----w- C:\Users\Chris\AppData\Local\{1297754E-E772-4EA2-A09F-9F9CD7C5619B}
    2011-05-01 13:19:17 -------- d-----w- C:\Users\Chris\AppData\Local\{63DD39EA-E21B-4389-80CD-8C89F7055545}
    2011-05-01 01:18:35 -------- d-----w- C:\Users\Chris\AppData\Local\{803EFF6E-2FEE-4B4A-B2DC-B3AE75647E00}
    2011-04-30 13:17:58 -------- d-----w- C:\Users\Chris\AppData\Local\{AB7229B8-D484-4597-BD11-14F98E6ECBB8}
    .
    ==================== Find3M ====================
    .
    2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-04-08 11:28:58 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll
    2011-04-08 11:28:58 27536 ----a-w- C:\Windows\System32\xfcodec64.dll
    2011-04-06 23:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
    2011-04-06 23:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-04-06 23:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-04-06 23:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
    2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 3:03:47.68 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 02/04/2010 5:06:26 PM
    System Uptime: 31/12/2008 11:00:55 PM (21100 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M3N-HD/HDMI
    Processor: AMD Phenom(tm) 9850 Quad-Core Processor | Socket AM2 | 2500/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 111.388 GiB free.
    D: is FIXED (NTFS) - 298 GiB total, 114.312 GiB free.
    E: is FIXED (NTFS) - 466 GiB total, 128.487 GiB free.
    F: is CDROM (CDFS)
    G: is CDROM ()
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ACPI\AWY0001\2&DABA3FF&1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\AWY0001\2&DABA3FF&1
    Service:
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: Unknown Device
    Device ID: USB\VID_0000&PID_0000\5&3C06D97&0&5
    Manufacturer: (Standard USB Host Controller)
    Name: Unknown Device
    PNP Device ID: USB\VID_0000&PID_0000\5&3C06D97&0&5
    Service:
    .
    Class GUID:
    Description: Coprocessor
    Device ID: PCI\VEN_10DE&DEV_0753&SUBSYS_82E81043&REV_A2\3&2411E6FE&1&0B
    Manufacturer:
    Name: Coprocessor
    PNP Device ID: PCI\VEN_10DE&DEV_0753&SUBSYS_82E81043&REV_A2\3&2411E6FE&1&0B
    Service:
    .
    ==== System Restore Points ===================
    .
    RP370: 25/05/2011 7:00:14 AM - Windows Update
    RP371: 25/05/2011 3:06:48 PM - Windows Update
    RP372: 25/05/2011 7:31:11 PM - Windows Update
    RP373: 27/05/2011 2:32:27 AM - Windows Update
    RP374: 27/05/2011 1:34:51 PM - Windows Update
    RP375: 28/05/2011 2:27:06 AM - Windows Update
    RP376: 29/05/2011 3:01:30 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    3Planesoft Screensaver Manager 1.4
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.4
    Advanced SystemCare 4
    ALSee
    Altitude
    ALTools Update
    Alyx Nude
    Apple Application Support
    Apple Software Update
    µTorrent
    Audacity 1.3.11 (Unicode)
    Avira AntiVir Personal - Free Antivirus
    Beat Hazard
    BitComet 1.27
    BOINC
    Cascades demo by NVIDIA (remove only)
    CCleaner
    Counter-Strike: Source
    Creative Audio Console
    Creative Software AutoUpdate
    D3DX10
    Deep Space 3D Screensaver 1.0
    DTS+AC3 Filter
    DTVblizzcon
    EasyBits GO
    FreeApps
    Game Booster
    GIMP 2.6.10
    GOM Player
    GOMTV Streamer
    Google Earth Plug-in
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Human Head demo by NVIDIA (remove only)
    iCopyExpert 3.1.2
    IObit Malware Fighter
    Java(TM) 6 Update 20
    Junk Mail filter update
    Just Cause 1.00.0000
    K-Lite Mega Codec Pack 1.46
    Koi Fish 3D Screensaver 1.0
    LADSPA_plugins-win-0.4.15
    LAME v3.98.2 for Audacity
    Malwarebytes' Anti-Malware
    Manga Reader v1.5.5
    Mesh Runtime
    Messenger Companion
    Microsoft Office Live Add-in 1.5
    Microsoft Office XP Professional with FrontPage
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mikogo
    Mozilla Firefox 4.0 (x86 en-US)
    Mozilla Thunderbird (3.1.4)
    MPEG2 Codec(libmpeg2/mad)
    MS Access 97 SP2
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Essentials
    neroxml
    NVIDIA PhysX
    OpenAL
    Plasma Pong v1.2
    Poker Night at the Inventory
    Portal 2
    Portal 2 - The Final Hours
    QuickTime
    RapidShare Manager
    RealPlayer
    RealUpgrade 1.0
    Sam & Max 101: Culture Shock
    Sam & Max 102: Situation: Comedy
    Sam & Max 103: The Mole, the Mob and the Meatball
    Sam & Max 104: Abe Lincoln Must Die!
    Sam & Max 105: Reality 2.0
    Sam & Max 106: Bright Side of the Moon
    Sam & Max 201: Ice Station Santa
    Sam & Max 202: Moai Better Blues
    Sam & Max 203: Night of the Raving Dead
    Sam & Max 204: Chariots of the Dogs
    Sam & Max 205: What's New Beelzebub?
    Sam & Max 305: The City that Dares not Sleep
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Shatter
    SimCity 3000 Unlimited
    Skype Toolbars
    Skype™ 5.3
    Smart Defrag 2
    Smoke demo by NVIDIA (remove only)
    StarCraft
    StarCraft II
    StealthBot 2.7
    Steam(TM)
    TeamViewer 6
    The Lost Watch II 3D Screensaver 1.0
    The Lost Watch II NV 3D Screensaver 1.0
    Tunatic
    Unity Web Player
    VDOTool 6.0
    VLC media player 1.1.7
    Water Clock 3D Screensaver 1.0
    Western Railway NV 3D Screensaver 2.0
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Xfire (remove only)
    XfireXO Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    29/05/2011 8:56:50 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...licker:Win32/Yabector.gen&threatid=2147628718 Name: TrojanClicker:Win32/Yabector.gen ID: 2147628718 Severity: Severe Category: Trojan Notifier Path: containerfile:_E:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe;containerfile:_E:\Users\Chris\Downloads\unlocker1.8.7.exe;file:_E:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe->(nsis-1-eBayShortcuts.exe);file:_E:\Users\Chris\Downloads\unlocker1.8.7.exe->(nsis-6-eBay_shortcuts_1016.exe)->(nsis-1-eBayShortcuts.exe) Detection Origin: Local machine Detection Type: Generic Detection Source: System User: NT AUTHORITY\NETWORK SERVICE Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.803.0, AS: 1.105.803.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
    29/05/2011 8:56:50 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanClicker:Win32/Yabector.B&threatid=2147629550 Name: TrojanClicker:Win32/Yabector.B ID: 2147629550 Severity: Severe Category: Trojan Notifier Path: containerfile:_C:\Users\Chris\Downloads\unlocker1.8.8.exe;containerfile:_E:\Users\Chris\Downloads\unlocker1.8.8.exe;file:_C:\Users\Chris\Downloads\unlocker1.8.8.exe->(nsis-6-$(PLUGINSDIR)\eBay_shortcuts_1016_new.exe);file:_E:\Users\Chris\Downloads\unlocker1.8.8.exe->(nsis-6-$(PLUGINSDIR)\eBay_shortcuts_1016_new.exe) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\NETWORK SERVICE Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.803.0, AS: 1.105.803.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
    29/05/2011 8:56:50 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bumat!rts&threatid=2147626069 Name: Trojan:Win32/Bumat!rts ID: 2147626069 Severity: High Category: Trojan Path: containerfile:_C:\Users\Chris\Downloads\MineralHack.zip;containerfile:_C:\Users\Chris\Downloads\OblivionV305.zip;containerfile:_C:\Users\Chris\Downloads\ZMH100.zip;containerfile:_E:\Users\Chris\Downloads\MineralHack.zip;containerfile:_E:\Users\Chris\Downloads\OblivionV305.zip;containerfile:_E:\Users\Chris\Downloads\ZMH100.zip;file:_C:\Users\Chris\Downloads\MineralHack.zip->zLoader.exe;file:_C:\Users\Chris\Downloads\OblivionV305.zip->zLoader.exe;file:_C:\Users\Chris\Downloads\ZMH100.zip->zLoader.exe;file:_E:\Users\Chris\Downloads\MineralHack.zip->zLoader.exe;file:_E:\Users\Chris\Downloads\OblivionV305.zip->zLoader.exe;file:_E:\Users\Chris\Downloads\ZMH100.zip->zLoader.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\NETWORK SERVICE Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.803.0, AS: 1.105.803.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
    29/05/2011 8:56:50 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/RegCure&threatid=147745 Name: Program:Win32/RegCure ID: 147745 Severity: High Category: Potentially Unwanted Software Path: containerfile:_C:\Users\Chris\Downloads\RegCureSetup_CB.exe;containerfile:_C:\Users\Chris\Downloads\RegCureSetup_RW(2).exe;containerfile:_C:\Users\Chris\Downloads\RegCureSetup_RW.exe;containerfile:_E:\Users\Chris\Downloads\RegCureSetup_CB.exe;containerfile:_E:\Users\Chris\Downloads\RegCureSetup_RW(2).exe;containerfile:_E:\Users\Chris\Downloads\RegCureSetup_RW.exe;file:_C:\Users\Chris\Downloads\RegCureSetup_CB.exe->(nsis-6-RegCure.exe);file:_C:\Users\Chris\Downloads\RegCureSetup_RW(2).exe->(nsis-6-RegCure.exe);file:_C:\Users\Chris\Downloads\RegCureSetup_RW.exe->(nsis-6-RegCure.exe);file:_E:\Users\Chris\Downloads\RegCureSetup_CB.exe->(nsis-6-RegCure.exe);file:_E:\Users\Chris\Downloads\RegCureSetup_RW(2).exe->(nsis-6-RegCure.exe);file:_E:\Users\Chris\Downloads\RegCureSetup_RW.exe->(nsis-6-RegCure.exe) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\NETWORK SERVICE Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.803.0, AS: 1.105.803.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
    27/05/2011 6:58:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...licker:Win32/Yabector.gen&threatid=2147628718 Name: TrojanClicker:Win32/Yabector.gen ID: 2147628718 Severity: Severe Category: Trojan Notifier Path: containerfile:_E:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe;containerfile:_E:\Users\Chris\Downloads\unlocker1.8.7.exe;file:_E:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe->(nsis-1-eBayShortcuts.exe);file:_E:\Users\Chris\Downloads\unlocker1.8.7.exe->(nsis-6-eBay_shortcuts_1016.exe)->(nsis-1-eBayShortcuts.exe) Detection Origin: Local machine Detection Type: Generic Detection Source: User User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.693.0, AS: 1.105.693.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
    27/05/2011 6:58:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanClicker:Win32/Yabector.B&threatid=2147629550 Name: TrojanClicker:Win32/Yabector.B ID: 2147629550 Severity: Severe Category: Trojan Notifier Path: containerfile:_C:\Users\Chris\Downloads\unlocker1.8.8.exe;containerfile:_E:\Users\Chris\Downloads\unlocker1.8.8.exe;file:_C:\Users\Chris\Downloads\unlocker1.8.8.exe->(nsis-6-$(PLUGINSDIR)\eBay_shortcuts_1016_new.exe);file:_E:\Users\Chris\Downloads\unlocker1.8.8.exe->(nsis-6-$(PLUGINSDIR)\eBay_shortcuts_1016_new.exe) Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.693.0, AS: 1.105.693.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
    27/05/2011 6:58:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/RegCure&threatid=147745 Name: Program:Win32/RegCure ID: 147745 Severity: High Category: Potentially Unwanted Software Path: containerfile:_C:\Users\Chris\Downloads\RegCureSetup_CB.exe;containerfile:_C:\Users\Chris\Downloads\RegCureSetup_RW(2).exe;containerfile:_C:\Users\Chris\Downloads\RegCureSetup_RW.exe;containerfile:_E:\Users\Chris\Downloads\RegCureSetup_CB.exe;containerfile:_E:\Users\Chris\Downloads\RegCureSetup_RW(2).exe;containerfile:_E:\Users\Chris\Downloads\RegCureSetup_RW.exe;file:_C:\Users\Chris\Downloads\RegCureSetup_CB.exe->(nsis-6-RegCure.exe);file:_C:\Users\Chris\Downloads\RegCureSetup_RW(2).exe->(nsis-6-RegCure.exe);file:_C:\Users\Chris\Downloads\RegCureSetup_RW.exe->(nsis-6-RegCure.exe);file:_E:\Users\Chris\Downloads\RegCureSetup_CB.exe->(nsis-6-RegCure.exe);file:_E:\Users\Chris\Downloads\RegCureSetup_RW(2).exe->(nsis-6-RegCure.exe);file:_E:\Users\Chris\Downloads\RegCureSetup_RW.exe->(nsis-6-RegCure.exe) Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.693.0, AS: 1.105.693.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
    27/05/2011 6:58:51 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bumat!rts&threatid=2147626069 Name: Trojan:Win32/Bumat!rts ID: 2147626069 Severity: High Category: Trojan Path: containerfile:_C:\Users\Chris\Downloads\MineralHack.zip;containerfile:_C:\Users\Chris\Downloads\OblivionV305.zip;containerfile:_C:\Users\Chris\Downloads\ZMH100.zip;containerfile:_E:\Users\Chris\Downloads\MineralHack.zip;containerfile:_E:\Users\Chris\Downloads\OblivionV305.zip;containerfile:_E:\Users\Chris\Downloads\ZMH100.zip;file:_C:\Users\Chris\Downloads\MineralHack.zip->zLoader.exe;file:_C:\Users\Chris\Downloads\OblivionV305.zip->zLoader.exe;file:_C:\Users\Chris\Downloads\ZMH100.zip->zLoader.exe;file:_E:\Users\Chris\Downloads\MineralHack.zip->zLoader.exe;file:_E:\Users\Chris\Downloads\OblivionV305.zip->zLoader.exe;file:_E:\Users\Chris\Downloads\ZMH100.zip->zLoader.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.105.693.0, AS: 1.105.693.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.6903.0, NIS: 2.0.5854.0
    27/05/2011 2:23:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    27/05/2011 2:21:54 AM, Error: Service Control Manager [7000] - The TBPanel service failed to start due to the following error: This driver has been blocked from loading
    27/05/2011 2:21:54 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\TBPanel.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    27/05/2011 2:21:29 AM, Error: volmgr [46] - Crash dump initialization failed!
    25/05/2011 8:47:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    25/05/2011 8:45:00 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    24/05/2011 7:27:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    23/05/2011 6:04:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================


    Post 2 of 2
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Glad you found the message about attached files! Now I don't have to nag at you to paste the logs!

    There is no "Hotmail spam virus"! You have not given much information as to what's happening. Hotmail is a web-based email and can get hacked from the internet> it's not a big challenge. Your Hotmail account can also be getting a lot of spam> possibly because there isn't much available on Hotmail to get spam filters in place
    ======================================
    I can review your logs for malware, but even if there is malware on the system, it may have nothing to do with your problem.
    =====================================
    You are using 2 antivirus programs: Avira and Microsoft Security Essentials. Contrary to what you might think, multiple AV programs actually make the system more vulnerable, not less. So please remove one of the AV programs.
    =====================================
    Please run the following 2 programs:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ==================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...