Resolved TDL4 or Google redirect virus

Status
Not open for further replies.
Q

QwertyDude

Posts: 14   +0
Hello, I have GRDV or "Google Redirect Virus". I have the log files you have asked for. I keep getting re-directed to pages such as Edit: redirect link removed by Bobbye or Edit: Redirect link removed by Bobbye or even animal stuff. Here are the logs.
DDS Log (Not the attach.txt)

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Justin at 17:55:46 on 2011-07-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1979.828 [GMT -5:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\UnHackMe\hackmon.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Actual Window Minimizer\ActualWindowMinimizerCenter.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Actual Window Minimizer\ActualWindowMinimizerCenter64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\BitComet\BitComet.exe
C:\Program Files (x86)\BitComet\tools\BitCometService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\SpyZooka\spyzooka.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = about:blank
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PUSH Wallpaper] C:\Program Files\Animated Wallpaper\Video Wallpaper\VideoWallpaper.exe -l
uRun: [Actual Window Minimizer] "C:\Program Files (x86)\Actual Window Minimizer\ActualWindowMinimizerCenter.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8353A85A-CDA2-41BA-905F-CBC208DB6AD0} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F7AE1592-18F3-49E9-AEB5-311CECD3D795} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F7AE1592-18F3-49E9-AEB5-311CECD3D795}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\SysWow64\DreamScene.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: HyperCam Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\SysWow64\DreamScene.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1100000.088\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1100000.088\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1100000.088\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1100000.088\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-7-23 1151096]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAVx64\1100000.088\ccHPx64.sys --> C:\Windows\system32\drivers\NAVx64\1100000.088\ccHPx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20110725.001\IDSviA64.sys [2011-7-25 488056]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-12 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1100000.088\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1100000.088\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\drivers\NAVx64\1100000.088\SYMTDIV.SYS --> C:\Windows\system32\drivers\NAVx64\1100000.088\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-27 366640]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe [2011-7-26 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-26 1153368]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-26 132656]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-21 136176]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-27 22:12:28 -------- d-----w- C:\GMER
2011-07-27 21:14:10 709968 ----a-w- C:\Windows\isRS-000.tmp
2011-07-27 16:32:08 -------- d-----w- C:\Windows\System32\SPReview
2011-07-27 16:30:50 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-27 16:27:44 -------- d-----w- C:\Program Files (x86)\ESET
2011-07-27 01:24:52 -------- d-----w- C:\Users\Justin\AppData\Roaming\SUPERAntiSpyware.com
2011-07-27 01:24:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-27 01:24:44 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-27 01:24:39 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-27 00:12:39 -------- d-----w- C:\Users\Justin\AppData\Local\CrashDumps
2011-07-26 22:25:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-07-26 22:25:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-26 21:19:51 -------- d-----w- C:\Program Files (x86)\SpyZooka
2011-07-26 18:32:50 -------- d-----w- C:\Windows\RestoreSafeDeleted
2011-07-26 18:24:05 39192 ----a-w- C:\Windows\System32\Partizan.exe
2011-07-26 18:23:35 2 --shatr- C:\Windows\winstart.bat
2011-07-26 18:22:33 -------- d-----w- C:\Program Files (x86)\UnHackMe
2011-07-26 17:27:25 -------- d-----w- C:\Program Files (x86)\Sophos
2011-07-26 14:44:59 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-07-26 03:48:04 -------- d-----w- C:\Users\Justin\AppData\Roaming\Actual Tools
2011-07-26 03:47:38 -------- d-----w- C:\Program Files (x86)\Actual Window Minimizer
2011-07-26 02:34:25 -------- d-----w- C:\Users\Justin\AppData\Local\Media Get LLC
2011-07-26 02:34:11 -------- d-----w- C:\Users\Justin\AppData\Local\MediaGet2
2011-07-26 02:28:36 -------- d-----we C:\Windows\system64
2011-07-26 02:20:56 -------- d-----w- C:\Users\Justin\AppData\Roaming\Video Wallpaper
2011-07-26 02:17:02 233888 ----a-w- C:\Windows\SysWow64\DreamScene.dll
2011-07-26 00:53:02 275360 ----a-w- C:\Windows\System32\DreamScene.dll
2011-07-26 00:29:15 -------- d-----w- C:\ProgramData\Stardock
2011-07-26 00:29:09 -------- d-----w- C:\Program Files (x86)\Stardock
2011-07-25 23:12:29 -------- d-----w- C:\Program Files (x86)\Image Viewer for Windows 7
2011-07-25 22:33:38 -------- d-----w- C:\Users\Justin\AppData\Local\Magentic
2011-07-20 05:29:20 -------- d-----w- C:\Program Files (x86)\FreeTime
2011-07-20 05:27:54 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-07-20 05:27:06 -------- d-----w- C:\Program Files\DivX
2011-07-20 05:26:53 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-07-20 05:24:27 -------- d-----w- C:\Program Files (x86)\DivX
2011-07-20 05:21:28 -------- d-----w- C:\ProgramData\DivX
2011-07-13 00:48:43 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-07-13 00:47:34 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-13 00:47:34 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-07-13 00:47:33 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-13 00:47:33 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-13 00:47:31 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-13 00:47:30 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-13 00:47:30 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-13 00:47:30 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-13 00:47:29 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-13 00:47:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-13 00:47:26 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-12 02:14:40 -------- d-----w- C:\Users\Justin\AppData\Roaming\EurekaLog
2011-07-12 01:20:44 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll
2011-07-12 01:16:07 -------- d--h--w- C:\Windows\msdownld.tmp
2011-07-12 01:16:05 -------- d-----w- C:\Windows\SysWow64\directx
2011-07-11 19:49:36 -------- d-----w- C:\Program Files (x86)\Audacity
2011-07-11 17:17:37 -------- d-----w- C:\Users\Justin\AppData\Roaming\Screaming Bee
2011-07-09 21:03:15 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2011-07-09 01:33:12 -------- d-----w- C:\Users\Justin\AppData\Local\TeamSpeak 3 Client
2011-07-09 00:14:15 -------- d-----w- C:\Program Files (x86)\Ventrilo
2011-07-09 00:13:45 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-07-08 18:01:28 -------- d-----w- C:\Users\Justin\AppData\Local\MTA San Andreas
2011-07-08 18:01:06 -------- d-----w- C:\Program Files (x86)\MTA San Andreas
2011-07-08 02:00:56 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client
2011-07-08 01:28:41 -------- d-----w- C:\Users\Justin\AppData\Roaming\ts3overlay
2011-07-08 01:25:29 -------- d-----w- C:\Users\Justin\AppData\Roaming\TS3Client
2011-07-08 00:55:14 -------- d-----w- C:\Users\Justin\AppData\Roaming\.minecraft
2011-07-07 21:03:44 -------- d-----w- C:\ProgramData\IObit
2011-07-07 21:03:42 -------- d-----w- C:\Program Files (x86)\IObit
2011-07-02 18:30:27 -------- d-----w- C:\Users\Justin\AppData\Roaming\TuneAid
2011-07-01 16:15:06 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-07-01 16:15:06 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-07-01 16:13:59 828416 ----a-w- C:\Windows\System32\MPSSVC.dll
2011-07-01 16:12:59 605696 ----a-w- C:\Windows\System32\wmpeffects.dll
2011-07-01 16:11:59 88576 ----a-w- C:\Windows\System32\drivers\wanarp.sys
2011-07-01 16:10:59 641024 ----a-w- C:\Windows\System32\msscp.dll
2011-07-01 16:09:59 94208 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcf.dll
2011-07-01 16:08:59 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-07-01 16:08:59 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-07-01 16:08:51 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-07-01 16:08:50 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-07-01 16:08:07 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-01 16:08:07 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-07-01 16:03:44 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-01 15:47:47 -------- d-----w- C:\Users\Justin\AppData\Local\assembly
2011-07-01 15:47:00 -------- d-----w- C:\Users\Justin\AppData\Local\TechSmith
2011-07-01 05:41:19 -------- d-----w- C:\Program Files (x86)\Game Cam
2011-07-01 05:41:10 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-06-30 18:24:30 -------- d-----w- C:\Users\Justin\AppData\Local\Programs
2011-06-30 17:26:27 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-06-30 16:39:08 -------- d-----w- C:\Users\Justin\AppData\Local\gctmp
2011-06-30 16:39:06 -------- d-----w- C:\Users\Justin\AppData\Local\Xenocode
2011-06-30 16:38:49 -------- d-----w- C:\Program Files (x86)\Game Cam V2
2011-06-30 13:47:23 -------- d-----w- C:\Users\Justin\AppData\Roaming\Malwarebytes
2011-06-30 13:47:16 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-30 13:47:15 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-30 13:47:12 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-30 13:47:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-30 02:45:48 -------- d-----w- C:\Users\Justin\AppData\Local\WMTools Downloaded Files
2011-06-30 02:40:51 -------- d-----w- C:\Program Files (x86)\Movie Maker 2.6
2011-06-29 17:10:44 -------- d-----w- C:\Program Files\Rockstar Games
2011-06-29 17:00:03 -------- d-----w- C:\ProgramData\WeGame
2011-06-29 16:59:45 488800 ----a-w- C:\Windows\SysWow64\Ltkrn15u.dll
2011-06-29 16:59:45 390496 ----a-w- C:\Windows\SysWow64\Lfcmp15u.dll
2011-06-29 16:59:45 185688 ----a-w- C:\Windows\SysWow64\Ltfil15u.dll
2011-06-29 16:59:45 -------- d-----w- C:\Users\Justin\AppData\Local\WeGame
2011-06-29 16:59:45 -------- d-----w- C:\Program Files (x86)\WeGame
2011-06-28 00:29:01 -------- d-----w- C:\Users\Justin\AppData\Roaming\ImTOO
2011-06-27 23:21:33 12872 ----a-w- C:\Windows\System32\bootdelete.exe
.
==================== Find3M ====================
.
2011-07-27 16:52:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-27 16:52:53 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-26 16:22:47 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-07-26 14:43:39 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-06-27 04:35:34 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-19 01:13:22 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-18 20:36:37 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-06-02 17:53:02 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2011-05-25 00:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-10 13:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-05-10 13:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
.
============= FINISH: 17:56:56.38 ===============

Attach.txt log (DDS)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/18/2011 2:50:48 PM
System Uptime: 7/27/2011 4:16:55 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1605
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 216 GiB total, 20.16 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 15.688 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 0 GiB total, 0.161 GiB free.
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP8: 7/27/2011 11:31:55 AM - Windows 7 Service Pack 1
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Actual Window Minimizer 6.5.1
Adobe Flash Player 10 ActiveX
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
BitComet 1.27
DAEMON Tools Lite
DivX Setup
ESET Online Scanner v3
Eusing Free Registry Cleaner
Fraps (remove only)
Game Booster
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HP Button Manager
HP Webcam User's Guide
HyperCam 2
Image Viewer for Windows 7
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Norton AntiVirus
QuickTime
Sanny Builder 3.04
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Snagit 10.0.1
Spybot - Search & Destroy
SpyZooka
TeamSpeak 3 Client
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VLC media player 1.1.10
VST Bridge 1.1
Vuze
WeGame Client 2.4.1.0
Windows Movie Maker 2.6
.
==== Event Viewer Messages From Past Week ========
.
7/27/2011 9:25:37 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2011 9:24:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/27/2011 9:12:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/27/2011 9:12:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/27/2011 9:11:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/27/2011 9:11:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/27/2011 9:11:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/27/2011 9:11:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/27/2011 9:11:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx64 ccHP CSC DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf
7/27/2011 9:11:38 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 9:11:38 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2011 9:11:38 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2011 9:11:38 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2011 9:11:38 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2011 9:11:37 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2011 9:11:37 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 9:11:37 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 9:11:37 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 9:11:37 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 9:08:48 AM, Error: Service Control Manager [7022] - The Task Scheduler service hung on starting.
7/27/2011 5:51:00 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
7/27/2011 4:19:15 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
7/27/2011 4:17:37 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
7/27/2011 4:17:37 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
7/27/2011 11:31:41 AM, Error: Microsoft-Windows-Service Pack Installer [6] - The Service Pack cannot be installed when the computer is running on battery power.
7/27/2011 1:10:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/1672517295/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/27/2011 1:10:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/26/2011 9:57:48 AM, Error: Service Control Manager [7030] - The Windows Firewall service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/26/2011 9:45:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
7/26/2011 9:45:49 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 9:41:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Partizan
7/26/2011 9:15:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service.
7/26/2011 9:10:10 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/26/2011 9:09:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
7/26/2011 9:08:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/26/2011 9:08:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
7/26/2011 9:07:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
7/26/2011 9:07:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
7/26/2011 9:07:18 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 9:06:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
7/26/2011 9:06:20 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 9:04:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
7/26/2011 8:36:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
7/26/2011 6:21:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
7/26/2011 3:21:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.
7/26/2011 3:21:42 PM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 3:17:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
7/26/2011 3:15:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
7/26/2011 3:10:31 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
7/26/2011 3:08:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
7/26/2011 3:08:52 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 3:04:21 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 3:04:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect.
7/26/2011 2:58:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
7/26/2011 2:19:44 PM, Error: Service Control Manager [7000] - The SysProtDrv.sys service failed to start due to the following error: This driver has been blocked from loading
7/26/2011 2:19:44 PM, Error: Application Popup [1060] - \??\C:\Downloads\SysProt\SysProt\SysProtDrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/26/2011 10:07:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
7/26/2011 10:03:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
7/26/2011 10:03:57 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 1:32:45 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\regguard.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/25/2011 6:08:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/25/2011 12:26:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
7/24/2011 3:38:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
7/24/2011 3:38:07 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/22/2011 1:23:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
7/22/2011 1:23:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
.
==== End Of File ===========================


GMER Log

It was blank

Malware Bytes Log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7300

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/27/2011 4:30:16 PM
mbam-log-2011-07-27 (16-29-55).txt

Scan type: Quick scan
Objects scanned: 164904
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


That was all the logs, please help me.
 
Welcome to TechSpot! I'll help with the redirects. As you can see, I remove the hyperlinks for the redirects. If you want to leave the domain name, like domain.com, that's okay. But don't leave the hyperlinks as all it takes is a click to go there.

You will need to update and rerun Malwarebytes. The entries found say No action taken. That means you didn't follow this:
[*] When the scan is complete, click OK, then Show Results to view the results.
[*] Be sure that everything is checked, and click Remove Selected.
Click to expand...

Please do that while I finish checking these logs.
===============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
I did what you said.

I did what you said, but when i updated and rescanned I only got one to show up, so i removed that one trojan (Backdoor.Agent) in my recycle bin. So I look in the quarantine folder and there were four items (including the infected registry files from my Malwarebytes' log. I checked, and I checked to see if the redirecting was going on, and it still was.
 
If the antivirus program isn't uptodate, it will only find yesterday's virus, not today:
AV: Norton AntiVirus *Disabled/Outdated*
SP: Norton AntiVirus *Enabled/Outdated*
If you don't want to renew Norton, use this tool to remove it:
Norton Removal Tool
The add one of these free AV programs:
[o]Avira-AntiVir-Personal-Free-Antivirus
[o]Avast-Free Antivirus

Please update the program right after the install. Reboot the computer when finished.
============================================
I note that you are using 2 file sharing programs. There is a good chance your system got infected because you are using them:
Bit Comet and uTorrent
I am going to remove all of the entries I see for each. I recommend that you uninstall both of them because:
  • Even if you are using a "safe" P2P program, it is only the program that is safe.:
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
==========================================
Please uninstall SpyZooka. Not only is the program questionable, but their download site give a warning that it is not safe.
I also recommend the uninstall of the Eusing Free Registry Cleaner> we don't recommend that anyone use a registry cleaner. The risks are far more than the benefits.
Choose the Control Panel from the Start Menu> Programs> Uninstall a program> Highlight the program> Choose Uninstall> If asked if you're sure click Yes to confirm.
You can uninstall uTorrent and Bit Comet the same way.
===========================================
After the above have been handled, please run the following:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
===============================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
========================================
I did not expect Mbam to fix the problem by itself. But the interesting thing is that you don't mention either of the previous entries and the one found is new.
 
Eeesh

I have ran CombFox three times, but each time it says click finish to reboot, i click it, then my computer tries to reboot. But I get a black screen like if I turned off my computer by holding down the Power/On button. The selections were
Run Windows Startup Repair
--Or--
Start Windows Normally

I tried start windows normally first, it came back to the same screen, so then i clicked run windows startup repair, and it asked me if i would like to resore after the scan and repair, i said yes, so The Norton is back on, I don't have Avira Anymore Spyzooka is still there, uTorrent and BitComet is still there also.
And another thing, The files it said were to be deleted were "wmemb.dll" and "wmemb64.dll" and the other one, i think, started with a "s" but i really don't remember.
 
Also

I was reading online about the new TDL4 and it hides in your MBR? I thought that ment like what starts up when you startup the computer, not sure, sounds dangerous, it said the Kaspersky said that it was almost indestructable, this is one big virus everybody has.
 
ESET Log

C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Agent.AC trojan
C:\Users\Justin\Desktop\NAV10.17.0.0.136_[RH].rar Win32/Packed.Autoit.E.Gen application
C:\Users\Justin\Desktop\PUSH.Entertainment.DreamScene.Video.Wallpaper.and.Screen.Saver.v2.10.Keygen-s0m.zip probably a variant of Win32/Agent.HFFSPRY trojan


That's the ESET Log.
*Please Note that i didnt delete them (as asked not to)
 
Since you did a Sysstem Restore, you have to repeat all of the scans and give me new logs.

Do NOT perform a System Restore while we are cleaning. This can reinfect the system.
Click to expand...

As long as you continue to pirate programs you will get malware.
C:\Users\Justin\Desktop\NAV10.17.0.0.136_[RH].rar
C:\Users\Justin\Desktop\PUSH.Entertainment.DreamScene.Video.Wallpaper.and.S creen.Saver.v2.10.Keygen-s0m.zip
Click to expand...
Please uninstall all pirated progrms.
========================================
P2P Warning:
As long as you continue to do file sharing, you will get malware.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall BitComet and any other file sharing programs.:
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

==============================================
After you repeat the scans, run this:
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
    in your next reply.
=================================================
These entries from Eset show two pirated programs, infected.
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files  
C:\Users\Justin\Desktop\NAV10.17.0.0.136_[RH].rar 
C:\Users\Justin\Desktop\PUSH.Entertainment.DreamScene.Video.Wallpaper.and.S creen.Saver.v2.10.Keygen-s0m.zip 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==============================================
The piracy and file sharing will bring malware. IF you care about the system, stop stealing and stop sharing.
Worry less about a hard to remove rootkit and worry more about how it's going to get on your system.
 
Logs, and Other

I thought the /!\ thing meant important, sorry. And also, sorry for the pirated files, I'm not sure what I was thinking that day. Here are the logs.
--GMER--
It was blank, again.
--DDS--
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Justin at 20:33:27 on 2011-07-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1979.902 [GMT -5:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\UnHackMe\hackmon.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Actual Window Minimizer\ActualWindowMinimizerCenter.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Actual Window Minimizer\ActualWindowMinimizerCenter64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = about:blank
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Actual Window Minimizer] "C:\Program Files (x86)\Actual Window Minimizer\ActualWindowMinimizerCenter.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8353A85A-CDA2-41BA-905F-CBC208DB6AD0} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F7AE1592-18F3-49E9-AEB5-311CECD3D795} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F7AE1592-18F3-49E9-AEB5-311CECD3D795}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\SysWow64\DreamScene.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: HyperCam Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\SysWow64\DreamScene.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1100000.088\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1100000.088\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1100000.088\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1100000.088\SYMEFA64.SYS [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAVx64\1100000.088\ccHPx64.sys --> C:\Windows\system32\drivers\NAVx64\1100000.088\ccHPx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20110725.001\IDSviA64.sys [2011-7-25 488056]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-12 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\drivers\NAVx64\1100000.088\SYMTDIV.SYS --> C:\Windows\system32\drivers\NAVx64\1100000.088\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-27 366640]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe [2011-7-26 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-26 1153368]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-7-23 1151096]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1100000.088\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1100000.088\Ironx64.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-21 136176]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-28 12:21:54 -------- d-s---w- C:\ComboFix
2011-07-28 12:13:55 -------- d-----w- C:\ProgramData\Avira
2011-07-28 12:13:55 -------- d-----w- C:\Program Files (x86)\Avira
2011-07-28 00:59:18 287304 ----a-w- C:\Windows\System32\drivers\TrufosAlt.sys
2011-07-27 22:12:28 -------- d-----w- C:\GMER
2011-07-27 16:32:08 -------- d-----w- C:\Windows\System32\SPReview
2011-07-27 16:30:50 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-27 16:27:44 -------- d-----w- C:\Program Files (x86)\ESET
2011-07-27 01:24:52 -------- d-----w- C:\Users\Justin\AppData\Roaming\SUPERAntiSpyware.com
2011-07-27 01:24:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-27 01:24:44 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-27 01:24:39 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-27 00:12:39 -------- d-----w- C:\Users\Justin\AppData\Local\CrashDumps
2011-07-26 22:25:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-07-26 22:25:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-26 21:19:51 -------- d-----w- C:\Program Files (x86)\SpyZooka
2011-07-26 18:32:50 -------- d-----w- C:\Windows\RestoreSafeDeleted
2011-07-26 18:24:05 39192 ----a-w- C:\Windows\System32\Partizan.exe
2011-07-26 18:23:35 2 --shatr- C:\Windows\winstart.bat
2011-07-26 18:22:33 -------- d-----w- C:\Program Files (x86)\UnHackMe
2011-07-26 17:27:25 -------- d-----w- C:\Program Files (x86)\Sophos
2011-07-26 14:44:59 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-07-26 03:48:04 -------- d-----w- C:\Users\Justin\AppData\Roaming\Actual Tools
2011-07-26 03:47:38 -------- d-----w- C:\Program Files (x86)\Actual Window Minimizer
2011-07-26 02:34:25 -------- d-----w- C:\Users\Justin\AppData\Local\Media Get LLC
2011-07-26 02:34:11 -------- d-----w- C:\Users\Justin\AppData\Local\MediaGet2
2011-07-26 02:28:36 -------- d-----we C:\Windows\system64
2011-07-26 02:20:56 -------- d-----w- C:\Users\Justin\AppData\Roaming\Video Wallpaper
2011-07-26 02:17:02 233888 ----a-w- C:\Windows\SysWow64\DreamScene.dll
2011-07-26 00:53:02 275360 ----a-w- C:\Windows\System32\DreamScene.dll
2011-07-26 00:29:15 -------- d-----w- C:\ProgramData\Stardock
2011-07-26 00:29:09 -------- d-----w- C:\Program Files (x86)\Stardock
2011-07-25 23:12:29 -------- d-----w- C:\Program Files (x86)\Image Viewer for Windows 7
2011-07-25 22:33:38 -------- d-----w- C:\Users\Justin\AppData\Local\Magentic
2011-07-20 05:29:20 -------- d-----w- C:\Program Files (x86)\FreeTime
2011-07-20 05:27:54 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-07-20 05:27:06 -------- d-----w- C:\Program Files\DivX
2011-07-20 05:26:53 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-07-20 05:24:27 -------- d-----w- C:\Program Files (x86)\DivX
2011-07-20 05:21:28 -------- d-----w- C:\ProgramData\DivX
2011-07-13 00:48:43 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-07-13 00:47:34 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-13 00:47:34 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-07-13 00:47:33 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-13 00:47:33 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-13 00:47:31 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-13 00:47:30 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-13 00:47:30 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-13 00:47:30 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-13 00:47:29 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-13 00:47:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-13 00:47:26 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-12 01:20:44 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll
2011-07-12 01:16:07 -------- d--h--w- C:\Windows\msdownld.tmp
2011-07-12 01:16:05 -------- d-----w- C:\Windows\SysWow64\directx
2011-07-11 19:49:36 -------- d-----w- C:\Program Files (x86)\Audacity
2011-07-11 17:17:37 -------- d-----w- C:\Users\Justin\AppData\Roaming\Screaming Bee
2011-07-09 21:03:15 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2011-07-09 01:33:12 -------- d-----w- C:\Users\Justin\AppData\Local\TeamSpeak 3 Client
2011-07-09 00:14:15 -------- d-----w- C:\Program Files (x86)\Ventrilo
2011-07-09 00:13:45 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-07-08 18:01:28 -------- d-----w- C:\Users\Justin\AppData\Local\MTA San Andreas
2011-07-08 18:01:06 -------- d-----w- C:\Program Files (x86)\MTA San Andreas
2011-07-08 02:00:56 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client
2011-07-08 01:28:41 -------- d-----w- C:\Users\Justin\AppData\Roaming\ts3overlay
2011-07-08 01:25:29 -------- d-----w- C:\Users\Justin\AppData\Roaming\TS3Client
2011-07-08 00:55:14 -------- d-----w- C:\Users\Justin\AppData\Roaming\.minecraft
2011-07-07 21:03:44 -------- d-----w- C:\ProgramData\IObit
2011-07-07 21:03:42 -------- d-----w- C:\Program Files (x86)\IObit
2011-07-02 18:30:27 -------- d-----w- C:\Users\Justin\AppData\Roaming\TuneAid
2011-07-01 16:15:06 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-07-01 16:15:06 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-07-01 16:13:59 828416 ----a-w- C:\Windows\System32\MPSSVC.dll
2011-07-01 16:12:59 605696 ----a-w- C:\Windows\System32\wmpeffects.dll
2011-07-01 16:11:59 88576 ----a-w- C:\Windows\System32\drivers\wanarp.sys
2011-07-01 16:10:59 641024 ----a-w- C:\Windows\System32\msscp.dll
2011-07-01 16:09:59 94208 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcf.dll
2011-07-01 16:08:59 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-07-01 16:08:59 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-07-01 16:08:51 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-07-01 16:08:50 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-07-01 16:08:07 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-07-01 16:08:07 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-07-01 16:03:44 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-01 15:47:47 -------- d-----w- C:\Users\Justin\AppData\Local\assembly
2011-07-01 15:47:00 -------- d-----w- C:\Users\Justin\AppData\Local\TechSmith
2011-07-01 05:41:19 -------- d-----w- C:\Program Files (x86)\Game Cam
2011-07-01 05:41:10 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-06-30 18:24:30 -------- d-----w- C:\Users\Justin\AppData\Local\Programs
2011-06-30 17:26:27 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-06-30 16:39:08 -------- d-----w- C:\Users\Justin\AppData\Local\gctmp
2011-06-30 16:39:06 -------- d-----w- C:\Users\Justin\AppData\Local\Xenocode
2011-06-30 16:38:49 -------- d-----w- C:\Program Files (x86)\Game Cam V2
2011-06-30 13:47:23 -------- d-----w- C:\Users\Justin\AppData\Roaming\Malwarebytes
2011-06-30 13:47:16 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-30 13:47:15 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-30 13:47:12 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-30 13:47:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-30 02:45:48 -------- d-----w- C:\Users\Justin\AppData\Local\WMTools Downloaded Files
2011-06-30 02:40:51 -------- d-----w- C:\Program Files (x86)\Movie Maker 2.6
.
==================== Find3M ====================
.
2011-07-27 16:52:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-27 16:52:53 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-26 16:22:47 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-07-26 14:43:39 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-07-11 23:45:00 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-06-27 04:35:34 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-19 01:13:22 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-18 20:36:37 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-06-02 17:53:02 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2011-05-25 00:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-10 13:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-05-10 13:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
============= FINISH: 20:34:05.62 ===============

--DDS(attach.txt)--
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/18/2011 2:50:48 PM
System Uptime: 7/29/2011 6:46:46 PM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 1605
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 216 GiB total, 14.471 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 15.642 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 0 GiB total, 0.161 GiB free.
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Iron Driver
Device ID: ROOT\LEGACY_SYMIRON\0000
Manufacturer:
Name: Symantec Iron Driver
PNP Device ID: ROOT\LEGACY_SYMIRON\0000
Service: SymIRON
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: BHDrvx64
Device ID: ROOT\LEGACY_BHDRVX64\0000
Manufacturer:
Name: BHDrvx64
PNP Device ID: ROOT\LEGACY_BHDRVX64\0000
Service: BHDrvx64
.
==== System Restore Points ===================
.
RP11: 7/28/2011 9:04:24 AM - Windows Update
RP12: 7/29/2011 9:32:36 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
Actual Window Minimizer 6.5.1
Adobe Flash Player 10 ActiveX
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
DAEMON Tools Lite
DivX Setup
ESET Online Scanner v3
Eusing Free Registry Cleaner
Fraps (remove only)
Game Booster
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HP Button Manager
HP Webcam User's Guide
HyperCam 2
Image Viewer for Windows 7
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Norton AntiVirus
QuickTime
Sanny Builder 3.04
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Snagit 10.0.1
Spybot - Search & Destroy
TeamSpeak 3 Client
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VLC media player 1.1.10
VST Bridge 1.1
WeGame Client 2.4.1.0
Windows Movie Maker 2.6
.
==== Event Viewer Messages From Past Week ========
.
7/29/2011 9:55:06 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2011 9:55:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/29/2011 9:55:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/29/2011 9:55:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/29/2011 9:55:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/29/2011 9:54:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/29/2011 9:54:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/29/2011 9:54:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP CSC DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf
7/29/2011 9:54:38 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2011 9:54:38 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2011 9:54:38 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2011 9:54:38 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2011 9:54:38 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2011 9:54:37 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/29/2011 9:54:37 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2011 9:54:37 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2011 9:54:37 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2011 9:54:37 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2011 9:36:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2518869).
7/29/2011 9:36:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2478662).
7/29/2011 8:08:23 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
7/29/2011 10:45:13 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
7/29/2011 10:44:51 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SymIRON
7/29/2011 10:44:39 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
7/29/2011 10:44:39 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
7/28/2011 8:47:15 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/28/2011 8:46:46 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/28/2011 7:14:28 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
7/28/2011 12:49:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB982018).
7/28/2011 12:49:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2545698).
7/28/2011 12:49:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2529073).
7/28/2011 12:44:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2011 12:44:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6
7/28/2011 12:35:32 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2011 9:24:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/27/2011 9:11:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx64 ccHP CSC DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf
7/27/2011 9:08:48 AM, Error: Service Control Manager [7022] - The Task Scheduler service hung on starting.
7/27/2011 11:31:41 AM, Error: Microsoft-Windows-Service Pack Installer [6] - The Service Pack cannot be installed when the computer is running on battery power.
7/27/2011 1:10:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/1672517295/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/27/2011 1:10:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
7/26/2011 9:57:48 AM, Error: Service Control Manager [7030] - The Windows Firewall service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/26/2011 9:45:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
7/26/2011 9:45:49 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 9:41:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Partizan
7/26/2011 9:15:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service.
7/26/2011 9:10:10 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/26/2011 9:09:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
7/26/2011 9:08:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/26/2011 9:08:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
7/26/2011 9:07:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
7/26/2011 9:07:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
7/26/2011 9:07:18 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 9:06:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
7/26/2011 9:06:20 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 9:04:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
7/26/2011 8:36:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
7/26/2011 6:21:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
7/26/2011 3:21:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.
7/26/2011 3:21:42 PM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 3:17:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
7/26/2011 3:15:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
7/26/2011 3:10:31 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
7/26/2011 3:08:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
7/26/2011 3:08:52 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 3:04:21 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 3:04:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect.
7/26/2011 2:58:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
7/26/2011 2:19:44 PM, Error: Service Control Manager [7000] - The SysProtDrv.sys service failed to start due to the following error: This driver has been blocked from loading
7/26/2011 2:19:44 PM, Error: Application Popup [1060] - \??\C:\Downloads\SysProt\SysProt\SysProtDrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/26/2011 10:07:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
7/26/2011 10:03:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
7/26/2011 10:03:57 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/26/2011 1:32:45 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\regguard.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/25/2011 6:08:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/25/2011 12:26:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
7/24/2011 3:38:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
7/24/2011 3:38:07 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/22/2011 1:23:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
7/22/2011 1:23:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
.
==== End Of File ===========================
--MBAM--
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7319

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/29/2011 8:41:15 PM
mbam-log-2011-07-29 (20-41-15).txt

Scan type: Quick scan
Objects scanned: 166099
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Revisiting my Post #4:
If the antivirus program isn't uptodate, it will only find yesterday's virus, not today:
AV: Norton AntiVirus *Disabled/Outdated*
SP: Norton AntiVirus *Enabled/Outdated*
If you don't want to renew Norton, use this tool to remove it:
Norton Removal Tool
The add one of these free AV programs:
[o]Avira-AntiVir-Personal-Free-Antivirus
[o]Avast-Free Antivirus

Please update the program right after the install. Reboot the computer when finished.
Click to expand...
 
CKScanner Log

Listen, I'm sorry about the pirated files, I'm never going to download illegal or pirated files again. I've learned my lesson, this computer is supposed to last me a while.. Here is the log, I hope you understand.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\downloads\crack.exe
c:\downloads\dreamscene video wallpaper 2.23 incl crack [vokeon]\dreamscene video wallpaper 2.23 [vokeon].rar.bc!
c:\downloads\dreamscene video wallpaper 2.23 incl crack [vokeon]\torrent downloaded from ahashare.com.txt.bc!
c:\downloads\dreamscene video wallpaper 2.23 incl crack [vokeon]\torrent downloaded from demonoid.com.txt.bc!
c:\downloads\dreamscene video wallpaper 2.23 incl crack [vokeon]\tracked_by_h33t_com.txt.bc!
c:\downloads\gta iv pc version\crack\gtaiv.exe
c:\downloads\gta iv pc version\crack\launchgtaiv.exe
c:\downloads\gta iv pc version\crack\paul.dll
c:\program files\rockstar games\gta san andreas\data\decision\craig\crack1.ped
c:\users\justin\appdata\roaming\bitcomet\torrents\dreamscene video wallpaper 2.23 incl crack [vokeon].torrent
c:\users\justin\appdata\roaming\bitcomet\torrents\dreamscene video wallpaper 2.23 incl crack [vokeon].xml
c:\users\justin\appdata\roaming\bitcomet\torrents\gamecam[1].v1.2.0.16.cracked.winall-ind.rar.torrent
c:\users\justin\appdata\roaming\bitcomet\torrents\gamecam[1].v1.2.0.16.cracked.winall-ind.rar.xml
c:\users\justin\appdata\roaming\bitcomet\torrents\keygen.push.entertainment.dreamscene.video.wallpaper.2.23.x32.x64.exe.xml
c:\users\justin\desktop\new folder (4)\desktop items part three\gta san andreas\data\decision\craig\crack1.ped
c:\users\justin\documents\dreamscene video wallpaper 2.23 incl crack [vokeon]\torrent downloaded from ahashare.com.txt
c:\users\justin\documents\dreamscene video wallpaper 2.23 incl crack [vokeon]\torrent downloaded from demonoid.com.txt
c:\users\justin\documents\dreamscene video wallpaper 2.23 incl crack [vokeon]\tracked_by_h33t_com.txt
c:\users\justin\downloads\compressed\gamecam.v2.1.setup\crack\gamecamv2.exe
scanner sequence 3.IJ.11.DEAPAI
----- EOF -----

The .ped file in the San Andreas folder is just a pedestrian file inside the game, that pedestrian is a "Crack-Head". Sorry for that inconvenience.
 
I'm sorry about the pirated files, I'm never going to download illegal or pirated files again. I've learned my lesson, this computer is supposed to last me a while.. Here is the log, I hope you understand.
Click to expand...

I am glad you learned your lesson. Understand? What?
Please remove all of the pirated programs and downloads to continue suport. Repeat the CK scan when finished:
c:\downloads\crack.exe
c:\downloads\dreamscene video wallpaper 2.23 incl crack [vokeon]\dreamscene video wallpaper 2.23 [vokeon].rar.bc!
c:\downloads\dreamscene video wallpaper 2.23 incl crack [vokeon]\torrent downloaded from ahashare.com.txt.bc!
c:\downloads\dreamscene video wallpaper 2.23 incl crack [vokeon]\torrent downloaded from demonoid.com.txt.bc!
c:\downloads\dreamscene video wallpaper 2.23 incl crack [vokeon]\tracked_by_h33t_com.txt.bc!
c:\downloads\gta iv pc version\crack\gtaiv.exe
c:\downloads\gta iv pc version\crack\launchgtaiv.exe
c:\downloads\gta iv pc version\crack\paul.dll
c:\users\justin\appdata\roaming\bitcomet\torrents\dreamscene video wallpaper 2.23 incl crack [vokeon].torrent
c:\users\justin\appdata\roaming\bitcomet\torrents\dreamscene video wallpaper 2.23 incl crack [vokeon].xml
c:\users\justin\appdata\roaming\bitcomet\torrents\gamecam[1].v1.2.0.16.cracked.winall-ind.rar.torrent
c:\users\justin\appdata\roaming\bitcomet\torrents\gamecam[1].v1.2.0.16.cracked.winall-ind.rar.xml
c:\users\justin\appdata\roaming\bitcomet\torrents\keygen.push.entertainment .dreamscene.video.wallpaper.2.23.x32.x64.exe.xml
c:\users\justin\documents\dreamscene video wallpaper 2.23 incl crack [vokeon]\torrent downloaded from ahashare.com.txt
c:\users\justin\documents\dreamscene video wallpaper 2.23 incl crack [vokeon]\torrent downloaded from demonoid.com.txt
c:\users\justin\documents\dreamscene video wallpaper 2.23 incl crack [vokeon]\tracked_by_h33t_com.txt
c:\users\justin\downloads\compressed\gamecam.v2.1.setup\crack\gamecamv2.exe
Click to expand...
 
---

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\rockstar games\gta san andreas\data\decision\craig\crack1.ped
scanner sequence 3.NA.11.PWABMF
----- EOF -----


The.ped file is not a virus, just a pedestrian file in Grand Theft Auto
 
I didn't tell you to turn off the Windows Firewall.

Give me an update on the system please.
 
The system is still redirecting. But I do have one question.... What doing a total restore get rid of this virus? I want to ask before I delete everything for no reason...
 
With an outdated antivirus program and 3 files sharing programs> uTorrent, Bit Commet, Vuze and piracy, how do you expect the system to ever be clean!??

I did not see any evidence o a TDL4 malware. I don't know what 'virus' you have.

I would like to know how you're using this:
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3consrv:ConServerDllInitialization,2 sxssrv,4
========================
NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to
qwerty.exe BEFORE saving it to your desktop.
Do NOT run it yet.
-------------------------------------
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.pif
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

Rkill instructions
Once you've gotten one of them to run
  • immediately double click on qwerty.exe to run
  • If normal mode still doesn't work, run BOTH tools from safe mode.

In you have done #2, please post BOTH logs, rKill and Combofix.
===================================
If the above doesn't work, I will be recommending that you do a reformat/reinstall of the OS.
 
Hey

Im not sure what "SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3consrv:ConServerDllInitialization,2 sxssrv,4" is...
But i am running the scans
 
You can close this thread.

I reinstalled windows... No more virus.... You can close this thread... Thanks for the help

--Justin
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back