also @ TechSpot: Android 4.0: Tracking Ice Cream Sandwich's Availability on Smartphones

TechSpot
Collaborate in the cloud with Office, Exchange, SharePoint, and Lync.
Microsoft Office 365. Pay-as-you-go starting at $8/user/month. Begin your free trial now.

[Inactive] Virus, desktop has been changed on Windows 7

Discussion in 'Virus and Malware Removal' started by Alex510, Dec 16, 2010.

Thread Status:
Not open for further replies.

  1. Alex510 Newcomer, in training

    I have a virus. It changed my desktop to "Warning you have Spyware". I'm also getting pop ups saying buy a certain Anti Virus. I tried downloading AVG and it restarted my computer soon as I clicked download... This is a 6 month old Asus Laptop with Windows 7 with all the updates being completely up to date. No idea how it got a virus..

    Should I follow the steps and post the logs? Thanks for any help on the matter.

    The virus is called "System Tool 2011".
    Alex510, Dec 16, 2010
    #1

  2. Bobbye Helper on the Fringe

    Welcome back, Alex. The steps have changed since you were last here, so be sure to follow the current steps, including pasting the logs. System Tool 2011 has been around for a while- it just goes up a year from previous versions.

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
    Bobbye, Dec 16, 2010
    #2

  3. Alex510 Newcomer, in training

    I can't execute any .exe's because of the virus. Should I go into safe mode?
    Alex510, Dec 16, 2010
    #3

  4. Alex510 Newcomer, in training

    Malware Bytes Log:

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5340

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    12/16/2010 6:06:45 PM
    mbam-log-2010-12-16 (18-06-45).txt

    Scan type: Quick scan
    Objects scanned: 169209
    Time elapsed: 6 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\alex\Desktop\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.

    GMER Log:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-16 21:31:12
    Windows 6.1.7600
    Running: 0idpd07t.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x26 0x6B 0x64 0xA9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x9C 0x40 0xA5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0D 0xA7 0xBC 0x39 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC1 0x3B 0x1D 0x23 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0xB3 0x5C 0x21 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x9C 0x40 0xA5 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0D 0xA7 0xBC 0x39 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC1 0x3B 0x1D 0x23 ...

    ---- Files - GMER 1.0.15 ----

    File C:\ADSM_PData_0150 0 bytes
    File C:\ADSM_PData_0150\DB 0 bytes
    File C:\ADSM_PData_0150\DB\SI.db 624 bytes
    File C:\ADSM_PData_0150\DB\UL.db 1040 bytes
    File C:\ADSM_PData_0150\DB\VL.db 6160 bytes
    File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
    File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
    File C:\ADSM_PData_0150\_avt 512 bytes
    File C:\ProgramData\Microsoft\RAC\Temp\sql2348.tmp 20480 bytes
    File C:\ProgramData\Microsoft\RAC\Temp\sql2368.tmp 20480 bytes
    File C:\Users\alex\Safe Doc 0 bytes
    File C:\Users\alex\Safe Doc\_avt 512 bytes
    File C:\Users\alex\Safe Doc\_lit 512 bytes
    File C:\Users\alex\Safe Music 0 bytes
    File C:\Users\alex\Safe Music\_avt 512 bytes
    File C:\Users\alex\Safe Music\_lit 512 bytes
    File C:\Users\alex\Safe Video 0 bytes
    File C:\Users\alex\Safe Video\_avt 512 bytes
    File C:\Users\alex\Safe Video\_lit 512 bytes

    ---- EOF - GMER 1.0.15 ----

    DDS.txt Log:


    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by alex at 21:32:07.57 on Thu 12/16/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2696 [GMT -8:00]

    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
    SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Windows\SysWOW64\CTsvcCDA.exe
    C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\alex\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://asus.msn.com
    uDefault_Page_URL = hxxp://asus.msn.com
    mWinlogon: Userinit=userinit.exe,
    BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [CinemaNowMediaManagerApp] C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -start
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    mRun: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
    mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: cinemanow.com
    DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    mRun-x64: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\mwx14hke.default\
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
    FF - Ext: vShare: vshareus@toolbar - %profile%\extensions\vshareus@toolbar

    ============= SERVICES / DRIVERS ===============

    R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2009-9-28 15928]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-9-28 359552]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-16 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-16 267944]
    R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-9-28 14904]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-12-16 83120]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-11 127352]
    R2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-9-28 306232]
    R3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2010-10-21 12032]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-7-8 140800]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-9 1222144]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-27 135664]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-21 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 StkTMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkTMini.sys [2010-3-21 528256]
    S3 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2009-8-22 42000]

    =============== Created Last 30 ================

    2010-12-17 01:47:32 -------- d-----w- C:\Users\alex\AppData\Roaming\Malwarebytes
    2010-12-17 01:47:09 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-17 01:47:04 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-12-17 01:47:01 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-17 01:46:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-12-17 01:02:14 -------- d-----w- C:\Users\alex\AppData\Roaming\Avira
    2010-12-17 00:58:14 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2010-12-17 00:58:14 -------- d-----w- C:\Program Files (x86)\Avira
    2010-12-17 00:58:14 -------- d-----w- C:\PROGRA~3\Avira
    2010-12-16 12:56:44 -------- d-----w- C:\PROGRA~3\bLoCc06303
    2010-12-14 23:18:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-12-14 23:18:08 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-12-14 23:18:01 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-12-14 23:18:00 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-12-14 23:18:00 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-12-14 23:18:00 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-12-14 23:18:00 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-12-14 23:18:00 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-12-14 23:18:00 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-12-14 23:18:00 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-12-14 23:18:00 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-12-14 23:18:00 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-12-14 00:33:21 -------- d-----w- C:\Program Files (x86)\vShare
    2010-12-12 11:51:12 -------- d-----w- C:\Program Files (x86)\Common Files\NSV
    2010-12-12 11:45:53 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2010-12-12 11:45:12 -------- d-----w- C:\Program Files (x86)\Winamp Detect
    2010-12-12 11:44:44 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2010-12-09 10:47:06 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    2010-11-25 05:38:40 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-11-25 05:38:40 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-11-21 11:45:32 -------- d-----w- C:\Windows\en
    2010-11-21 11:43:40 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
    2010-11-21 11:42:50 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
    2010-11-21 11:42:37 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
    2010-11-21 11:42:36 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
    2010-11-21 11:42:36 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2010-11-21 11:42:36 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
    2010-11-21 11:42:36 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2010-11-21 11:42:23 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28448eff1cb89712a\InstallManager_WLE_WLE.exe
    2010-11-21 11:42:00 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1bca184f1cb897121\MeshBetaRemover.exe
    2010-11-21 11:41:38 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e5f36a41cb89711a\DSETUP.dll
    2010-11-21 11:41:38 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e5f36a41cb89711a\DXSETUP.exe
    2010-11-21 11:41:38 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e5f36a41cb89711a\dsetup32.dll
    2010-11-21 11:41:36 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cb781b31cb897119\DSETUP.dll
    2010-11-21 11:41:36 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cb781b31cb897119\DXSETUP.exe
    2010-11-21 11:41:36 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cb781b31cb897119\dsetup32.dll
    2010-11-21 11:40:35 -------- d-----w- C:\Users\alex\AppData\Local\Windows Live
    2010-11-21 11:40:01 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
    2010-11-21 11:40:01 206848 ----a-w- C:\Windows\System32\mfps.dll
    2010-11-21 11:40:01 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
    2010-11-21 11:40:00 4068864 ----a-w- C:\Windows\System32\mf.dll
    2010-11-21 11:40:00 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2010-11-21 11:40:00 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2010-11-21 11:39:59 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
    2010-11-21 11:04:59 -------- d-----w- C:\Program Files (x86)\DVDFab 8

    ==================== Find3M ====================

    2010-12-16 22:59:05 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
    2010-09-23 08:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2010-09-23 08:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
    2010-09-21 22:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
    2010-09-21 22:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
    2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
    2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll

    ============= FINISH: 21:33:11.78 ===============
    Alex510, Dec 17, 2010
    #4

  5. Alex510 Newcomer, in training

    Attach.txt Log:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/5/2009 10:23:19 AM
    System Uptime: 12/16/2010 9:13:19 PM (0 hours ago)

    Motherboard: ASUSTeK Computer Inc. | | K60IJ
    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | Socket 478 | 2100/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 283 GiB total, 129.342 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Atheros AR9285 Wireless Network Adapter
    Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\001517FFFF24141200
    Manufacturer: Atheros Communications Inc.
    Name: Atheros AR9285 Wireless Network Adapter
    PNP Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\001517FFFF24141200
    Service: athr

    ==== System Restore Points ===================

    RP96: 11/21/2010 3:39:38 AM - Windows Update
    RP97: 11/27/2010 8:13:57 PM - Windows Update
    RP98: 12/5/2010 2:04:47 PM - Scheduled Checkpoint
    RP99: 12/12/2010 3:45:26 AM - Installed DirectX
    RP100: 12/14/2010 10:42:59 PM - Windows Update

    ==== Installed Programs ======================

    µTorrent
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1 MUI
    Alcor Micro USB Card Reader
    ASUS AI Recovery
    ASUS CopyProtect
    ASUS Data Security Manager
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS MultiFrame
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    Asus_Camera_ScreenSaver
    Atheros Client Installation Program
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    ATK Generic Function Service
    ATK Hotkey
    ATK Media
    ATKOSD2
    Avira AntiVir Personal - Free Antivirus
    Bing Bar
    Bing Bar Platform
    Cheetah DVD Burner
    CinemaNow Media Manager
    Compatibility Pack for the 2007 Office system
    Contents
    ControlDeck
    ConvertXtoDVD 4.0.3.313
    Corel VideoStudio Pro X3
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    DeviceIO
    DVDFab 8.0.4.0 (11/11/2010)
    Galapago
    Google Chrome
    Google Earth
    Google Update Helper
    ICA
    ImgBurn
    InterVideo DeviceService
    IPM_VS_Pro
    Java(TM) 6 Update 17
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    MLE
    Mozilla Firefox (3.5.16)
    MSVCRT
    MSVCRT_amd64
    NBA 2K10
    Platform
    PureHD
    Razer DeathAdder(TM) Mouse
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Setup
    Share
    SmartSound Common Data
    SmartSound Quicktracks 5
    System Requirements Lab
    System Tool2011
    The Sims™ 3
    Ulead VideoStudio 11
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    USB2.0 ATV
    USB2.0 Capture Device
    VIA Platform Device Manager
    VideoStudio
    VIO
    VLC media player 1.0.3
    VSClassic
    vShare Plugin
    VSPro
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    WinFlash
    WinRAR archiver
    Wireless Console 3
    ZEN Vision W Media Explorer

    ==== Event Viewer Messages From Past Week ========

    12/16/2010 5:33:55 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The pipe has been ended.
    12/16/2010 5:27:12 AM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 4 time(s).
    12/16/2010 5:27:12 AM, Error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 2 time(s).
    12/16/2010 5:25:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    12/16/2010 5:25:49 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/16/2010 5:23:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000047, 0xfffff80002af2034, 0x000000000000001f, 0xfffff88004a3209c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121610-28298-01.
    12/16/2010 5:18:51 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
    12/16/2010 5:16:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121610-27596-01.
    12/16/2010 5:09:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121610-29796-01.
    12/16/2010 5:05:01 AM, Error: Service Control Manager [7034] - The ADSM Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 4:54:18 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/16/2010 4:54:18 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    12/16/2010 4:54:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/16/2010 4:54:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/16/2010 4:54:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/16/2010 4:54:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/16/2010 4:53:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr sptd tmtdi Wanarpv6
    12/16/2010 4:53:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000047, 0xfffff80002b01034, 0xfffffa80077871f0, 0x000000000000001b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121610-21980-01.
    12/16/2010 4:53:18 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    12/16/2010 4:51:23 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 4 time(s).
    12/16/2010 4:51:23 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 4:51:23 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/16/2010 4:51:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    12/16/2010 4:51:18 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).
    12/16/2010 4:50:48 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    12/16/2010 4:50:18 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    12/16/2010 4:50:15 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
    12/16/2010 4:50:05 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    12/16/2010 4:49:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    12/16/2010 4:49:55 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/16/2010 4:49:54 PM, Error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 4:49:54 PM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 4:49:54 PM, Error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 4:49:54 PM, Error: Service Control Manager [7034] - The FastBootAgent service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 4:49:54 PM, Error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 4:49:54 PM, Error: Service Control Manager [7034] - The CinemaNow Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 4:49:54 PM, Error: Service Control Manager [7034] - The Capture Device Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 4:49:54 PM, Error: Service Control Manager [7034] - The ATKGFNEX Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 4:49:54 PM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 4:49:54 PM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 4:49:54 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    12/16/2010 4:49:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000047, 0xfffff80002af9034, 0xfffff88002f50bb4, 0xfffffa8003eb7010). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121610-21496-01.
    12/16/2010 4:46:08 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 7 time(s).
    12/16/2010 4:46:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    12/16/2010 4:46:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
    12/16/2010 4:46:08 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/16/2010 4:45:47 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 6 time(s).
    12/16/2010 4:45:38 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 5 time(s).
    12/16/2010 3:18:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121610-24726-01.
    12/16/2010 3:16:07 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/16/2010 3:16:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    12/16/2010 3:16:06 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/16/2010 3:16:06 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The pipe has been ended.
    12/16/2010 3:16:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    12/16/2010 3:16:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    12/16/2010 3:13:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
    12/16/2010 3:13:45 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/16/2010 3:12:12 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    12/16/2010 3:09:54 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 34 time(s).
    12/16/2010 3:09:30 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 33 time(s).
    12/16/2010 3:09:13 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 32 time(s).
    12/16/2010 3:09:12 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 31 time(s).
    12/16/2010 3:09:11 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 30 time(s).
    12/16/2010 3:08:41 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 29 time(s).
    12/16/2010 3:08:11 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 28 time(s).
    12/16/2010 3:07:41 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 27 time(s).
    12/16/2010 3:07:41 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 26 time(s).
    12/16/2010 3:07:41 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 25 time(s).
    12/16/2010 3:07:41 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 24 time(s).
    12/16/2010 3:07:40 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 23 time(s).
    12/16/2010 3:07:40 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 22 time(s).
    12/16/2010 3:07:40 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 21 time(s).
    12/16/2010 3:07:40 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 20 time(s).
    12/16/2010 3:07:40 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 19 time(s).
    12/16/2010 3:07:39 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 18 time(s).
    12/16/2010 3:07:12 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 17 time(s).
    12/16/2010 3:06:42 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 16 time(s).
    12/16/2010 3:06:12 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 15 time(s).
    12/16/2010 3:05:42 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 14 time(s).
    12/16/2010 3:05:12 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 13 time(s).
    12/16/2010 3:05:11 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 12 time(s).
    12/16/2010 3:05:11 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 11 time(s).
    12/16/2010 3:04:41 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 10 time(s).
    12/16/2010 3:04:11 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 9 time(s).
    12/16/2010 3:04:10 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 8 time(s).
    12/16/2010 3:03:40 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 7 time(s).
    12/16/2010 3:03:40 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 6 time(s).
    12/16/2010 3:03:40 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 5 time(s).
    12/16/2010 3:03:39 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 4 time(s).
    12/16/2010 3:03:09 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 3 time(s).
    12/16/2010 3:02:39 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/16/2010 2:58:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8005c6bb30, 0xfffffa8005c6be10, 0xfffff80002dd55d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121610-26707-01.
    12/16/2010 2:55:37 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 11 time(s).
    12/16/2010 2:54:27 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 10 time(s).
    12/16/2010 2:54:26 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 9 time(s).
    12/16/2010 2:49:08 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 8 time(s).
    12/16/2010 1:41:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

    ==== End Of File ===========================
    Alex510, Dec 17, 2010
    #5

  6. Bobbye Helper on the Fringe

    Alex, you have malware from the vShare Plugin. This is a parasite that redirects home and search pages. It come from the Pugi family of customised toolbars/browser hijackers based on toolbar code from Softomate Solutions (besttoolbars.net). The behaviours of Pugi variants depends on the details in the configuration XML file supplied and updated by the customisers. Typically there will be a toolbar with a search box and link buttons, coupled with an address bar search hijacker, DNS error hijacker and sometimes homepage hijacker or search sidebar hijacker. Some of Pugi-based toolbars have been installed by various non-legitimate means and are considered parasites.
    Source: allentech.net

    I'd like you to run 2 programs that should then allow you to do the scans. You have Mbam on the desktop, so please download ComboFix from Here and save to your Desktop but don't run yet.
    ===================================================
    Please download randmbam.exe
    It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.
    =============================================
    Follow that with download of exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Do not reboot the computer
    ==================================
    Run the Malwarebytes scan.
    ==================================
    Pick up here to run Combofix from the setup you downloaded and saved to the desktop:

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    Summary:
    1. Malwarebytes saved to desktop
    2. Combofix saved to desktop
    3. Run randbam
    4. Run exehelper
    5. Scan with Mbam
    6. Scan with Combofix
    Please leave logs in next reply.

    Edit: Please remove one of these:
    AV: AntiVir Desktop
    AV: Trend Micro Internet Security
    Bobbye, Dec 18, 2010
    #6
Thread Status:
Not open for further replies.