TechSpot

Redirect virus removal help [log file]

By jf4350
Aug 30, 2011
  1. I have tried everything to remove this infection (aside from hijackthis) but it keeps coming back. I have included the log file
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. jf4350

    jf4350 TS Rookie Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by James at 0:58:57 on 2011-08-31
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2937.1050 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\windows\system32\conhost.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\windows\system32\igfxext.exe
    C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\windows\system32\DllHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\windows\system32\svchost.exe -k WindowsMobile
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\System32\svchost.exe -k WerSvcGroup
    C:\windows\explorer.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    uRun: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{0B293CB5-0DF9-4A19-8CF9-A79757BB0B72} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{0B293CB5-0DF9-4A19-8CF9-A79757BB0B72}\2375942554630303 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{0B293CB5-0DF9-4A19-8CF9-A79757BB0B72}\84F4D454 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{0B293CB5-0DF9-4A19-8CF9-A79757BB0B72}\C496E6B664 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0B293CB5-0DF9-4A19-8CF9-A79757BB0B72}\C696E6B6379737 : DhcpNameServer = 64.233.217.3 64.233.217.5
    TCP: Interfaces\{4AAC1865-70C9-4D56-A74C-C1609AA0102E} : DhcpNameServer = 192.168.1.254
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    mRun-x64: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\6b0asfj5.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Users\James\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-9-15 136360]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-9-15 269480]
    R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]
    R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
    R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-8-27 17152]
    R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8187B.sys --> C:\windows\system32\DRIVERS\RTL8187B.sys [?]
    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-12 1030600]
    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
    .
    =============== File Associations ===============
    .
    .scr=AutoCADScriptFile
    .
    =============== Created Last 30 ================
    .
    2011-08-31 02:09:36 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD042C57-7AD5-4F53-A227-DEFB1F48FD93}\mpengine.dll
    2011-08-30 03:42:44 388096 ----a-r- C:\Users\James\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-08-30 03:42:44 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-08-30 02:30:26 258048 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpfppw73.dll
    2011-08-30 01:07:34 -------- d-----w- C:\Program Files (x86)\UnderCoverXP
    2011-08-27 06:05:26 69376 ----a-w- C:\windows\System32\drivers\Lbd.sys
    2011-08-24 05:54:18 -------- d-----w- C:\Users\James\AppData\Local\SoftGrid Client
    2011-08-24 05:53:54 -------- d-----w- C:\Users\James\AppData\Roaming\SoftGrid Client
    2011-08-24 05:52:27 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
    2011-08-24 05:50:39 -------- d-----w- C:\Users\James\AppData\Roaming\TP
    2011-08-23 21:12:31 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2011-08-23 21:12:31 2048 ----a-w- C:\windows\System32\tzres.dll
    2011-08-20 09:50:38 -------- d-----w- C:\Users\James\AppData\Roaming\AnvSoft
    2011-08-20 09:50:21 -------- d-----w- C:\Program Files (x86)\AnvSoft
    2011-08-16 09:14:59 520544 ----a-w- C:\windows\System32\d3dx10_41.dll
    2011-08-16 09:05:13 -------- d-----w- C:\windows\SysWow64\directx
    2011-08-11 07:01:05 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2011-08-11 05:25:53 5507968 ----a-w- C:\windows\System32\ntoskrnl.exe
    2011-08-11 05:25:52 3957120 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2011-08-11 05:25:51 3902336 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2011-08-08 05:25:14 -------- d-----w- C:\Program Files (x86)\Connective Tools
    2011-08-05 09:12:01 -------- d-----w- C:\Program Files\DivX
    2011-08-05 09:11:53 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
    2011-08-05 09:07:22 -------- d-----w- C:\Program Files (x86)\DivX
    2011-08-05 09:05:11 -------- d-----w- C:\ProgramData\DivX
    2011-08-05 07:32:30 -------- d-----w- C:\Users\James\AppData\Roaming\mkvtoolnix
    2011-08-05 06:40:58 -------- d-----w- C:\windows\SysWow64\custom matrices
    2011-08-05 06:40:49 -------- d-----w- C:\windows\SysWow64\QuickTime
    2011-08-05 06:40:49 -------- d-----w- C:\windows\SysWow64\C2MP
    2011-08-03 07:23:30 -------- d-----w- C:\windows\WindowsMobile
    .
    ==================== Find3M ====================
    .
    2011-08-20 21:25:43 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-31 18:49:16 4422144 ----a-w- C:\windows\System32\ffdshow.ax
    2011-07-31 18:47:46 3577856 ----a-w- C:\windows\SysWow64\ffdshow.ax
    2011-07-31 18:45:10 3983872 ----a-w- C:\windows\System32\ffmpeg.dll
    2011-07-31 18:31:38 3854848 ----a-w- C:\windows\SysWow64\ffmpeg.dll
    2011-07-22 20:51:50 94208 ----a-w- C:\windows\SysWow64\dpl100.dll
    2011-07-22 05:42:23 2303488 ----a-w- C:\windows\System32\jscript9.dll
    2011-07-22 05:36:16 1389056 ----a-w- C:\windows\System32\wininet.dll
    2011-07-22 02:54:43 1797632 ----a-w- C:\windows\SysWow64\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- C:\windows\SysWow64\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2011-07-19 19:10:28 473600 ----a-w- C:\windows\System32\ff_kernelDeint.dll
    2011-07-19 19:09:32 630272 ----a-w- C:\windows\System32\TomsMoComp_ff.dll
    2011-07-19 19:09:06 358400 ----a-w- C:\windows\System32\ff_libfaad2.dll
    2011-07-19 19:09:06 181760 ----a-w- C:\windows\System32\ff_unrar.dll
    2011-07-19 19:09:06 155648 ----a-w- C:\windows\System32\ff_libmad.dll
    2011-07-19 19:09:06 111616 ----a-w- C:\windows\System32\ff_wmv9.dll
    2011-07-19 19:09:04 221696 ----a-w- C:\windows\System32\ff_libdts.dll
    2011-07-19 19:09:04 1533440 ----a-w- C:\windows\System32\ff_samplerate.dll
    2011-07-19 19:09:04 114688 ----a-w- C:\windows\System32\ff_liba52.dll
    2011-07-19 19:09:02 189440 ----a-w- C:\windows\System32\libmpeg2_ff.dll
    2011-07-19 19:08:04 74752 ----a-w- C:\windows\SysWow64\ff_vfw.dll
    2011-07-19 19:06:48 259584 ----a-w- C:\windows\SysWow64\TomsMoComp_ff.dll
    2011-07-19 19:06:36 158208 ----a-w- C:\windows\SysWow64\ff_unrar.dll
    2011-07-19 19:06:34 96768 ----a-w- C:\windows\SysWow64\ff_wmv9.dll
    2011-07-19 19:06:34 1524224 ----a-w- C:\windows\SysWow64\ff_samplerate.dll
    2011-07-19 19:06:32 145920 ----a-w- C:\windows\SysWow64\ff_libmad.dll
    2011-07-19 19:06:30 136704 ----a-w- C:\windows\SysWow64\libmpeg2_ff.dll
    2011-07-19 19:06:30 113664 ----a-w- C:\windows\SysWow64\ff_liba52.dll
    2011-07-19 19:06:28 327680 ----a-w- C:\windows\SysWow64\ff_libfaad2.dll
    2011-07-19 19:06:28 211456 ----a-w- C:\windows\SysWow64\ff_libdts.dll
    2011-07-16 05:26:54 362496 ----a-w- C:\windows\System32\wow64win.dll
    2011-07-16 05:26:53 243200 ----a-w- C:\windows\System32\wow64.dll
    2011-07-16 05:26:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2011-07-16 05:26:18 214528 ----a-w- C:\windows\System32\winsrv.dll
    2011-07-16 05:24:09 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2011-07-16 05:21:32 422400 ----a-w- C:\windows\System32\KernelBase.dll
    2011-07-16 05:17:46 338432 ----a-w- C:\windows\System32\conhost.exe
    2011-07-16 04:36:09 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2011-07-16 04:32:14 44032 ----a-w- C:\windows\apppatch\acwow64.dll
    2011-07-16 04:31:50 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2011-07-16 04:30:29 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2011-07-16 04:30:27 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2011-07-16 02:26:12 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2011-07-16 02:26:11 2048 ----a-w- C:\windows\SysWow64\user.exe
    2011-07-16 02:21:47 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21:47 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21:47 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21:47 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 02:44:55 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
    2011-07-06 23:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-06 23:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
    2011-06-30 01:47:13 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys
    2011-06-28 21:01:56 88288 ----a-w- C:\windows\System32\drivers\avgntflt.sys
    2011-06-21 06:27:14 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2011-06-15 09:58:31 212992 ----a-w- C:\windows\System32\odbctrac.dll
    2011-06-15 09:58:31 163840 ----a-w- C:\windows\System32\odbccp32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\windows\System32\odbccu32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\windows\System32\odbccr32.dll
    2011-06-15 09:04:46 86016 ----a-w- C:\windows\SysWow64\odbccu32.dll
    2011-06-15 09:04:46 81920 ----a-w- C:\windows\SysWow64\odbccr32.dll
    2011-06-15 09:04:46 319488 ----a-w- C:\windows\SysWow64\odbcjt32.dll
    2011-06-15 09:04:46 163840 ----a-w- C:\windows\SysWow64\odbctrac.dll
    2011-06-15 09:04:46 122880 ----a-w- C:\windows\SysWow64\odbccp32.dll
    2011-06-11 02:56:44 3134464 ----a-w- C:\windows\System32\win32k.sys
    .
    ============= FINISH: 1:02:11.40 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/5/2010 6:05:56 PM
    System Uptime: 8/30/2011 9:58:36 PM (4 hours ago)
    .
    Motherboard: TOSHIBA | | NBWAA
    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | U2E1 | 2194/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 222 GiB total, 143.15 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\6&17BA658&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\6&17BA658&0&01
    Service: vwifimp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe FE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FF001179&REV_02\4&492937F&0&00E2
    Manufacturer: Realtek
    Name: Realtek PCIe FE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FF001179&REV_02\4&492937F&0&00E2
    Service: RTL8167
    .
    ==== System Restore Points ===================
    .
    RP187: 8/23/2011 5:08:58 PM - Windows Update
    RP188: 8/24/2011 3:00:12 AM - Windows Update
    RP189: 8/25/2011 3:00:11 AM - Windows Update
    RP190: 8/26/2011 10:48:58 PM - Windows Update
    RP191: 8/27/2011 2:01:01 AM - Installed Ad-Aware
    RP192: 8/27/2011 2:04:43 AM - Installed Ad-Aware
    RP193: 8/29/2011 11:41:28 PM - Installed HiJackThis
    RP194: 8/30/2011 10:08:08 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ĀµTorrent
    Ad-Aware
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.4.5
    Adobe Shockwave Player 11.6
    Amazon MP3 Downloader 1.0.10
    Any Video Converter 3.2.7
    Apple Application Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Best Buy Software Installer
    Brad Smith Easy SFV Creator
    Compatibility Pack for the 2007 Office system
    Counter-Strike
    Counter-Strike: Condition Zero
    CTAlarmClockLite (remove only)
    D3DX10
    DivX Setup
    DVD Decrypter (Remove Only)
    EAX Unified
    File Shredder 2.0
    Free Audio Converter 4.3.2
    FrostWire 4.21.3
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Grooveshark
    High-Definition Video Playback 10
    HiJackThis
    Hotfix for Office (KB975927)
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    LG USB Modem Driver
    Mafia
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft Midtown Madness 2
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2010 - English
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 6.0 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10
    Nero Burning ROM 10
    Nero BurnRights 10
    Nero Control Center 10
    Nero Core Components 10
    Nero CoverDesigner 10
    Nero DiscSpeed 10
    Nero Dolby Files 10
    Nero Express 10
    Nero InfoTool 10
    Nero MediaHub 10
    Nero Multimedia Suite 10
    Nero Recode 10
    Nero RescueAgent 10
    Nero SoundTrax 10
    Nero StartSmart 10
    Nero Vision 10
    Nero WaveEditor 10
    Opera 11.50
    PDF Settings CS5
    QuickTime
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Roxio Burn
    Roxio Express Labeler 3
    Roxio Roxio Burn
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Spyware Terminator
    Steam
    System Requirements Lab
    System Requirements Lab CYRI
    Tag&Rename 3.4
    TOSHIBA Application Installer
    TOSHIBA Assist
    TOSHIBA Bulletin Board
    TOSHIBA ConfigFree
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    TOSHIBA Quality Application
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    ToshibaRegistration
    UnderCoverXP 1.23
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Utility Common Driver
    VC80CRTRedist - 8.0.50727.6195
    Virtual Hypnotist 5.8
    Virtual Sailor 7
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VoiceOver Kit
    Windows 7 Codec Pack 3.3.0
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! BrowserPlus 2.9.2
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/30/2011 9:59:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    8/29/2011 11:45:57 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 11:45:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/29/2011 11:45:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/29/2011 11:45:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/29/2011 11:45:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/29/2011 11:45:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/29/2011 11:45:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/29/2011 11:45:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf
    8/29/2011 11:45:24 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 11:45:24 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/29/2011 11:45:24 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 11:45:24 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 11:45:24 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 11:45:24 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 11:45:24 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    8/29/2011 11:45:21 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/29/2011 11:45:21 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    8/29/2011 11:45:21 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/29/2011 11:45:21 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/29/2011 11:39:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    8/28/2011 4:26:57 PM, Error: Application Popup [1060] - \??\C:\ProgramData\Spyware Terminator\FileObjInfo.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    8/27/2011 3:33:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    8/27/2011 2:05:26 AM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
    8/27/2011 1:58:59 AM, Error: Service Control Manager [7000] - The PrevX AntiZeroAccess Driver service failed to start due to the following error: This driver has been blocked from loading
    8/27/2011 1:58:59 AM, Error: Application Popup [1060] - \??\C:\windows\SysWow64\drivers\ZeroAccess.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    8/26/2011 2:41:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    .
    ==== End Of File ===========================

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7585

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    8/31/2011 1:02:43 AM
    mbam-log-2011-08-31 (01-02-43).txt

    Scan type: Quick scan
    Objects scanned: 177303
    Time elapsed: 7 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-30 01:39:57
    Windows 6.1.7600
    Running: wd5gjq7p.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x73 0xB4 0x94 0x89 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x11 0x1F 0xC4 0xFE ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x04 0xF0 0x54 0xBB ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x73 0xB4 0x94 0x89 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x11 0x1F 0xC4 0xFE ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x04 0xF0 0x54 0xBB ...

    ---- EOF - GMER 1.0.15 ----
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Avira.
    One of them has to go.
    I suggest Lavasoft goes.

    ===============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...