Inactive Run as Adminstrator Side Menu

Status
Not open for further replies.

Jack421

Posts: 11   +0
I am having trouble running programs as an administrator from the side menu! What might be the problem? The right click menu!
 

Attachments

  • DDS.txt
    15.5 KB · Views: 0
  • Attach.txt
    7.5 KB · Views: 0
  • aswMBR.txt
    7.7 KB · Views: 1
  • TDSSKiller.2.5.3.0_28.06.2011_18.07.46_log.txt
    123.7 KB · Views: 1
  • hijackthis.log
    9.9 KB · Views: 1
You started a thread here on 5/27/2011 re: Billieo. https://www.techspot.com/vb/topic165697.html. You pasted a large number of logs in the post. I replied, giving you the information that we do not accept attached logs, that they must be pasted to be reviewed.

You deserted the thread.

Now you have attached a large number of logs-again, which doesn't follow out preliminary virus removal steps which I also gave you previously-

Do you intend to continue with this thread? Do you intend to follow the steps in the Preliminary Virus and Malware Removal thread HERE.

Which also indicate:
NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Why are you randomly running rootkit removers? Let me know if you intend to do this right. I?F you don't I'll close the thread.
 
Pasted

You started a thread here on 5/27/2011 re: Billieo. https://www.techspot.com/vb/topic165697.html. You pasted a large number of logs in the post. I replied, giving you the information that we do not accept attached logs, that they must be pasted to be reviewed.

You deserted the thread.

Now you have attached a large number of logs-again, which doesn't follow out preliminary virus removal steps which I also gave you previously-

Do you intend to continue with this thread? Do you intend to follow the steps in the Preliminary Virus and Malware Removal thread HERE.

Which also indicate:


Why are you randomly running rootkit removers? Let me know if you intend to do this right. I?F you don't I'll close the thread.

Can Not Paste Gmer log is too big 237 kilobytes!



.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Megatron at 18:11:48 on 2011-06-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.360 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Online Armor\oaui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Online Armor\OAreg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Users\Megatron\Downloads\Software\Report Tools\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [DriverMax]
uRun: [DriverMax_RESTART]
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon]
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\program files\trafficcompressor\TCompLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: {6F943519-7881-438D-8857-621C25992B48} = 156.154.70.22,156.154.71.22
TCP: {88671F84-611F-4E3A-A09C-6719F683C026} = 156.154.70.22,156.154.71.22
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\megatron\appdata\roaming\mozilla\firefox\profiles\v7iza886.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cumon;cumon;c:\windows\system32\drivers\cumon.sys [2011-5-25 227872]
R0 Evdd;evdd;c:\windows\system32\drivers\evdd.sys [2011-5-25 19816]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-20 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-20 307928]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-5-25 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-5-25 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-5-25 25192]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-5-20 2978720]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-5-20 352656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-20 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-20 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-20 42184]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-5-25 381512]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-5-25 4326472]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2011-5-25 29312]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-5-20 73728]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011.sp2c\RpcAgentSrv.exe [2011-6-15 93848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CPMService;COMODO Programs Manager Service;c:\program files\comodo\comodo programs manager\CPMservice.exe [2010-7-22 79304]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown rootrepeal;rootrepeal; [x]
.
=============== File Associations ===============
.
.txt=GetDiz.TextFile
.
=============== Created Last 30 ================
.
2011-06-15 17:17:57 -------- d-----w- c:\program files\PeaZip
2011-06-15 17:11:39 -------- d-----w- c:\windows\system32\Adobe
2011-06-15 17:07:46 -------- d-----w- c:\program files\FrostWire
2011-06-15 10:12:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 10:12:38 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-15 10:12:34 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 03:20:35 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 03:19:19 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 03:18:57 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-15 03:18:44 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 03:18:44 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 03:17:03 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 03:10:20 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 03:10:17 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 03:10:17 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 03:09:11 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 01:22:48 -------- d-----w- c:\program files\iPod
2011-06-15 01:22:12 -------- d-----w- c:\program files\iTunes
2011-06-10 01:42:58 -------- d-----w- c:\users\megatron\appdata\local\Yahoo
2011-06-07 11:03:18 -------- d-----w- C:\z-cassbeth
2011-06-01 00:42:59 -------- d-----w- c:\program files\Myst
2011-05-31 22:28:49 -------- d-----w- c:\users\megatron\appdata\roaming\ScummVM
.
==================== Find3M ====================
.
2011-06-29 01:04:53 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2011-06-15 17:10:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-26 05:53:56 6904040 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-05-24 05:09:57 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-05-23 23:37:56 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-04 11:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-06 20:02:26 39048 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-04-06 20:01:32 29312 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-04-06 20:01:30 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-04-06 20:01:30 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
.
============= FINISH: 18:14:07.29 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/28/2009 8:27:59 AM
System Uptime: 6/28/2011 6:03:50 PM (0 hours ago)
.
Motherboard: Quanta | | 30EA
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57 | Socket S1 | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 86.203 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.981 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0004
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0004
Service: tunnel
.
==== System Restore Points ===================
.
RP146: 6/28/2011 2:00:19 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
AbiWord 2.8.6
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Advanced SystemCare 4
AIMP2
AIMP2: Audio Tools
Any Video Converter 3.2.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AppSnap 1.3.3
Atheros Driver Installation Program
Audacity 1.2.6
avast! Free Antivirus
Blender
Cards_Calendar_OrderGift_DoMorePlugout
CassBeth\LAT
CCleaner
CDBurnerXP
clrmamepro
CNET TechTracker
Comodo Dragon
COMODO Programs Manager
Compatibility Pack for the 2007 Office system
Conexant HD Audio
COWON Media Center - jetAudio Basic VX
CPUID CPU-Z 1.57.1
D3DX10
DAEMON Tools Lite
dBpoweramp Music Converter
DC++ 0.782
Debut Video Capture Software
Defraggler
Digsby
DivX Setup
Doc Scrubber v1.1
DriverMax 5
Dropbox
Dune 2000
DVD Shrink 3.2
DVD Suite
Dynamic Draw 5.5
e-Sword
Emsisoft Anti-Malware 5.1
eMule
Eraser 6.0.8.2273
ESET Online Scanner v3
Eudora
EULAlyzer 2.0
Event Log Explorer 3.3
EVEREST Home Edition v2.20
Evernote v. 4.3.1
FileHippo.com Update Checker
FileZilla Client 3.5.0
Foxit PDF Editor
Foxit PDF IFilter
Foxit Phantom
Foxit Reader 5.0
Free Studio version 5.0.9
Freeciv 2.1.9 (Win32 client)
FreeMind
FreePortScanner 2.8.2
FrostWire 4.21.8
Game Booster
GetDiz
GIMP 2.6.11
GnuCash 2.4.5
Google Earth
Google SketchUp 8
HandBrake 0.9.5
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 B2
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0091
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
IcoFX 1.6.4
ImgBurn
IncrediMail
IncrediMail 2.0
Inkscape 0.48.1
Inno Setup version 5.4.2
IrfanView (remove only)
iTunes
IZArc 4.1.6
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
K-Lite Mega Codec Pack 7.1.0
KeePass Password Safe 1.19b
KompoZer-0.8a4
LabelPrint
LightScribe System Software
MailWasher Free 6.5.4
Malwarebytes' Anti-Malware version 1.51.0.1200
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 2.2
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
mIRC
Mixxx 1.9.0
MobileMe Control Panel
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDefrag v4.3.1
Myst for Windows 95
Mz CPU Accelerator
NETEagle
NetWaiting
Notepad++
NVIDIA Drivers
Nvu 1.0PR
Online Armor 5.0
ooVoo
OpenOffice.org 3.3
Paint.NET v3.5.8
PeaZip 3.8
PeerBlock 1.1 (r518)
Pegasus Mail
PhotoScape
PicPick
Polipo 1.0.4.1
Power2Go
PowerDirector
PSSWCORE
Python 3.2
QuickTime
RAMDisk
Random Password Generator
ratDVD 0.78.1444
Real Alternative 2.0.2
Recuva
Revo Uninstaller 1.92
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
RomCenter 3.58
Safari
Sandboxie 3.54 (32-bit)
ScummVM 1.2.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Segoe UI
SiSoftware Sandra Lite 2011.SP2c
Skype Toolbars
Skype™ 5.3
Songbird 1.9.3 (Build 1959)
Spamihilator 0.9.9.53 (32 bit)
Speccy
SpeedFan (remove only)
SpywareBlaster 4.4
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
TaxACT 2010
TeraCopy 2.12
TextMaker Viewer
The KMPlayer (remove only)
Tor 0.2.1.30
TrafficCompressor
Trillian
TrueCrypt
Uninstall 1.0.0.1
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Vidalia 0.2.12
VideoPad Video Editor
VideoToolkit01
Viewpoint Media Player
Viper 3.0.04
VLC media player 1.1.9
WeatherBug Gadget
Westwood Shared Internet Components
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPatrol
XMind
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/28/2011 6:05:15 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/27/2011 9:14:00 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/27/2011 5:05:25 PM, Error: EventLog [6008] - The previous system shutdown at 2:54:13 PM on 6/27/2011 was unexpected.
.
==== End Of File ===========================
 
IF GMER is that big, it means that you did not observe and follow this:
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

Please delete the current log and rescan with Show All unchecked.
=============================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=========================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

Edit to ask question: What did you submit for identification?>>2011-06-07 11:03:18 -------- d-----w- C:\z-cassbeth
 
Status
Not open for further replies.
Back