G'day all. I think I may have a virus problem. During a normal scheduled weekly scan AVG reported win/32 heur in four .exe files on my data storage array.
These files had been on the data array for a couple of years and were no longer required so they were quarantined and deleted. I was carrying out your 8 step prelim, and malwarebytes detected both Heuristics.Shuriken and Spyware.Passwords viruses on some even older files.(These to were no longer required so were quarantined and deleted).
My system is a fairly new reinstall of Windows 7 Professional SP1. After I had problems updating to SP1. The C array was not formatted Windows was just reinstalled on the exsisting partition. Windows.old has been being deleted as i reinstall the programs that I require.
I run AVG 2011 on auto update with scheduled scans, Spybot Search & Destroy "teatimer" on autorun at startup and I periodically do Spybot S&D scans and imunise
Logs pasted below:
Malwarebytes log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6075
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514
16/03/2011 9:01:10 PM
mbam-log-2011-03-16 (21-01-10).txt
Scan type: Full scan (C:\|D:\|E:\|H:\|)
Objects scanned: 636577
Time elapsed: 27 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Grant\downloads\twc_4-11_setup.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
d:\downloads\game downloads\silent hunter 4\Ini-Mods\jtex-minichrono\JTxE.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\downloads\game downloads\silent hunter 4\MODTOOLS\JTxE.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\modding tools\MODTOOLS\JTxE.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
dds attach log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 26/02/2011 8:50:00 AM
System Uptime: 16/03/2011 9:23:50 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6T DELUXE V2
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 3800/190mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 838 GiB total, 742.24 GiB free.
D: is FIXED (NTFS) - 901 GiB total, 649.118 GiB free.
E: is FIXED (NTFS) - 962 GiB total, 863.253 GiB free.
F: is CDROM ()
G: is CDROM (CDFS)
H: is FIXED (NTFS) - 0 GiB total, 0.06 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP93: 3/03/2011 6:53:29 PM - Installed X3 Reunion
RP94: 3/03/2011 7:10:16 PM - Installed X3 Reunion
RP95: 6/03/2011 7:00:02 PM - Windows Backup
RP96: 8/03/2011 9:41:59 PM - ATI Catalyst Install
RP97: 9/03/2011 4:33:37 PM - Windows Update
RP99: 10/03/2011 10:05:53 PM - Paint.NET v3.5.8
RP100: 11/03/2011 7:31:20 PM - Installed Application Profiles
RP101: 11/03/2011 7:32:16 PM - Installed Application Profiles
RP102: 11/03/2011 7:41:00 PM - Installed Dolby Digital Live Pack
RP103: 12/03/2011 1:24:41 PM - pre CiM
RP104: 12/03/2011 1:26:29 PM - Installed Steam
RP105: 13/03/2011 7:00:03 PM - Windows Backup
RP106: 15/03/2011 7:44:38 PM - Removed X3 Reunion
RP107: 15/03/2011 7:49:01 PM - Installed X3 Reunion
RP108: 16/03/2011 10:27:05 AM - Removed Java(TM) 6 Update 24
RP109: 16/03/2011 10:27:32 AM - Installed Java(TM) 6 Update 24
RP110: 16/03/2011 10:28:37 AM - Removed Java(TM) 6 Update 24
RP111: 16/03/2011 10:28:53 AM - Installed Java(TM) 6 Update 24
RP112: 16/03/2011 9:04:49 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Acronis*True*Image*Home 2011
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Photoshop Scripting Support 1.0
Adobe Reader X (10.0.1)
Application Profiles
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
Cities in Motion
Creative Audio Control Panel
Creative Console Launcher
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
Definition update for Microsoft Office 2010 (KB982726)
Dolby Digital Live Pack
Driver Sweeper version 2.8.5
eReg
GIMP 2.6.11
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript 8.71
HiJackThis
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Notepad++
NVIDIA Photoshop Plug-ins
OpenAL
Plus Pack for Acronis True Image Home 2011
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Sib Icon Studio
Spybot - Search & Destroy
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2289116)
Visual Studio 2008 x64 Redistributables
WinMerge 2.12.4
WinZip 15.0
X Plugin Manager 2.12
X3 Bonus Package 3.1.07
X3 Reunion
.
==== Event Viewer Messages From Past Week ========
.
16/03/2011 9:22:09 PM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
16/03/2011 8:31:01 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 8:31:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
16/03/2011 8:30:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
16/03/2011 8:30:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
16/03/2011 8:30:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
16/03/2011 8:30:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
16/03/2011 8:30:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
16/03/2011 8:30:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031611-17300-01.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16/03/2011 8:30:33 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 11:23:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fc (0x000000000002bb2c, 0x8250000348ed2847, 0xfffff880033fd9d0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031611-34616-01.
15/03/2011 9:14:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000000c690000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ef7d68). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031511-30014-01.
14/03/2011 6:00:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-31527-01.
13/03/2011 5:15:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000000048d229, 0x000000000000000b, 0x0000000000000008, 0xfffff88005a96dc8). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031311-35583-01.
12/03/2011 7:22:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fc (0x00000000004c852a, 0xb35000030c2e6847, 0xfffff8800331b940, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031211-30014-01.
12/03/2011 5:25:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x000000000000000d, 0x0000000000000001, 0xfffff80002e9d9a2). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031211-37799-01.
12/03/2011 1:28:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
12/03/2011 1:28:24 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/03/2011 6:01:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000e80, 0x000000000000000d, 0x0000000000000008, 0x0000000000000e80). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031111-30076-01.
11/03/2011 5:41:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031111-28454-01.
.
==== End Of File ===========================
dds log:
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Grant at 21:38:48.28 on Wed 16/03/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.12279.10220 [GMT 10:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDClock.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\AVG\AVG10\avgsystx.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\avgsysta.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Grant\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [MysticThumbs] C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-3-1 1263200]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-3-1 3246040]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-27 203776]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-27 1153368]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-3-1 285280]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-3-13 9085952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-3-13 299520]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-2-27 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-2-27 16008]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-26 136176]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-2-26 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-26 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-26 1255736]
.
=============== Created Last 30 ================
.
2011-03-16 11:05:00 388096 ----a-r- C:\Users\Grant\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-16 11:05:00 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-16 09:54:36 -------- d-----w- C:\Users\Grant\AppData\Roaming\Malwarebytes
2011-03-16 09:54:22 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-16 09:54:21 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-16 09:54:19 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-16 09:54:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-15 19:44:44 -------- d-----w- C:\X3 Savegame Manager
2011-03-12 19:58:22 9085952 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-03-12 19:54:39 299520 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-03-12 03:26:39 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-03-12 03:26:38 -------- d-----w- C:\Program Files (x86)\Steam
2011-03-09 08:48:48 -------- d-----w- C:\Users\Grant\.assistant
2011-03-09 08:48:41 -------- d-----w- C:\Program Files (x86)\X Plugin Manager
2011-03-08 11:47:51 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-03-08 11:47:32 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-03-04 07:01:53 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-03-04 07:01:52 -------- d-----w- C:\Program Files\ATI
2011-03-04 07:01:25 -------- d-----w- C:\Program Files\ATI Technologies
2011-03-04 06:01:25 -------- d-----w- C:\ATI
2011-03-03 09:09:58 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-03-03 09:09:58 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-03-03 09:09:58 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-03-03 09:09:58 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-03-03 09:09:57 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-03-03 09:09:57 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-03-03 09:09:57 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-03-03 08:53:34 -------- d-----w- C:\Program Files (x86)\DeepSilver
2011-03-01 08:39:10 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2011-03-01 08:39:09 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2011-03-01 08:39:08 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2011-03-01 08:39:05 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
2011-02-27 12:32:44 14744 ----a-w- C:\Users\Grant\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2011-02-27 11:46:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-02-27 11:46:20 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-02-27 11:40:53 1047552 ----a-w- C:\Windows\SysWow64\mfc71u.dll
2011-02-27 11:40:53 -------- d-----w- C:\Program Files (x86)\WinMerge
2011-02-27 10:38:56 -------- d-----w- C:\Program Files (x86)\Sib Icon Studio
2011-02-27 10:08:41 -------- d-----w- C:\Program Files (x86)\gs
2011-02-27 10:03:01 -------- d-----w- C:\Program Files\MysticCoder
2011-02-27 10:02:06 -------- d-----w- C:\Program Files\gs
2011-02-27 08:25:00 485376 ----a-w- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr
2011-02-27 08:25:00 1147392 ----a-w- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe
2011-02-27 08:25:00 -------- d-----w- C:\Program Files\MyDefrag v4.3.1
2011-02-27 06:43:04 -------- d-----w- C:\Program Files\Windows XP Mode
2011-02-27 06:26:45 -------- d-----r- C:\Users\Grant\Virtual Machines
2011-02-27 06:21:59 3584 ----a-w- C:\Windows\System32\drivers\sv-SE\vpchbus.sys.mui
2011-02-27 05:02:32 -------- d-----w- C:\PROGRA~3\Bitstream Font Navigator
2011-02-27 04:24:16 -------- d-----w- C:\Users\Grant\AppData\Local\Paint.NET
2011-02-27 03:58:33 -------- d-----w- C:\Users\Grant\.gimp-2.6
2011-02-27 03:53:45 -------- d-----w- C:\Users\Grant\.thumbnails
2011-02-27 03:52:25 -------- d-----w- C:\Users\Grant\.gimp-2.6_ORIGINAL
2011-02-27 03:49:46 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2011-02-27 02:38:19 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-02-27 02:38:19 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-02-27 02:38:19 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-02-27 02:38:06 151552 ----a-w- C:\Windows\SysWow64\nvRegDev.dll
2011-02-27 02:29:53 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-02-27 02:29:53 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-02-27 02:29:53 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-02-27 02:29:52 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-02-27 02:29:52 602244 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-02-27 02:05:35 306688 ----a-w- C:\Windows\IsUninst.exe
2011-02-27 01:46:21 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-02-27 01:45:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-26 20:46:33 -------- d-----w- C:\Users\Grant\AppData\Local\Logitech
2011-02-26 20:45:40 374792 ----a-w- C:\Windows\System32\drivers\UMDF\lgSSQVGA.dll
2011-02-26 20:45:40 22408 ----a-w- C:\Windows\System32\drivers\LGBusEnum.sys
2011-02-26 20:45:40 16008 ----a-w- C:\Windows\System32\drivers\LGVirHid.sys
2011-02-26 20:45:40 157704 ----a-w- C:\Windows\System32\drivers\UMDF\lgSSBW.dll
2011-02-26 20:45:39 -------- d-----w- C:\Program Files\Logitech Gaming Software
2011-02-26 20:38:39 53248 ----a-r- C:\Users\Grant\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-02-26 20:38:30 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-02-26 20:37:48 -------- d-----w- C:\Users\Grant\AppData\Roaming\Logishrd
2011-02-26 16:36:01 -------- d-----w- C:\Windows\Panther
2011-02-26 07:30:35 -------- d-----w- C:\Program Files (x86)\MSECache
2011-02-26 06:46:35 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-02-26 06:46:28 -------- d-----w- C:\Windows\PCHEALTH
2011-02-26 06:46:28 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-02-26 06:44:25 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-02-26 06:44:08 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-02-26 06:43:55 -------- d-----w- C:\Users\Grant\AppData\Local\Microsoft Help
2011-02-26 05:46:58 -------- d-----w- C:\Users\Grant\AppData\Local\ElevatedDiagnostics
2011-02-26 05:46:35 -------- d-----w- C:\Program Files (x86)\Common Files\Creative
2011-02-26 05:46:34 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information
2011-02-26 05:46:33 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2011-02-26 05:46:25 -------- d-----w- C:\Program Files\Creative
2011-02-26 05:46:17 -------- d-----w- C:\Program Files (x86)\Creative
2011-02-26 05:45:57 113152 ----a-w- C:\Windows\System32\cttele64.dll
2011-02-26 05:45:57 106496 ----a-w- C:\Windows\SysWow64\cttele32.dll
2011-02-26 05:45:44 -------- d-----w- C:\Windows\System32\data
2011-02-26 05:03:31 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2011-02-26 04:43:58 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-02-26 04:43:58 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-02-26 03:22:35 -------- d-----w- C:\Windows\SysWow64\Wat
2011-02-26 03:22:35 -------- d-----w- C:\Windows\System32\Wat
2011-02-26 03:21:43 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-26 03:21:43 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-26 02:53:53 -------- d-----w- C:\Users\Grant\AppData\Local\Adobe
2011-02-26 02:42:23 -------- d-----w- C:\Users\Grant\AppData\Local\WinZip
2011-02-26 01:04:01 -------- d-----w- C:\Users\Grant\AppData\Local\Google
2011-02-26 00:38:38 -------- d-----w- C:\Users\Grant\AppData\Roaming\AVG10
2011-02-26 00:37:47 -------- d--h--w- C:\PROGRA~3\Common Files
2011-02-26 00:37:40 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-02-26 00:37:18 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-02-26 00:37:18 -------- d-----w- C:\PROGRA~3\AVG10
2011-02-26 00:36:56 -------- d-----w- C:\Program Files (x86)\AVG
2011-02-26 00:35:35 -------- d-----w- C:\PROGRA~3\MFAData
2011-02-26 00:28:23 0 ----a-w- C:\Windows\ativpsrm.bin
2011-02-26 00:24:42 -------- d-----w- C:\AMD
2011-02-26 00:18:45 -------- d-----w- C:\Windows\System32\appmgmt
2011-02-26 00:17:53 -------- d-----w- C:\Program Files (x86)\Phyxion.net
2011-02-25 23:55:55 -------- d-----w- C:\Users\Grant\AppData\Local\ATI
2011-02-25 23:43:25 -------- d-sh--w- C:\Windows\Installer
2011-02-25 23:15:55 -------- d-----w- C:\Windows\System32\SPReview
2011-02-25 23:07:14 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2011-02-25 23:07:12 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2011-02-25 23:07:09 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-02-25 23:07:09 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-02-25 23:06:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-25 23:06:27 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-25 23:05:33 3129344 ----a-w- C:\Windows\System32\win32k.sys
2011-02-25 23:01:41 -------- d-----w- C:\Windows\System32\EventProviders
2011-02-25 23:01:07 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{288987BB-B445-4B85-9F52-BA4981DBC9DC}\mpengine.dll
2011-02-25 23:01:05 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-02-24 11:40:13 -------- d-----w- C:\e0a41745d932398196
.
==================== Find3M ====================
.
2011-02-26 05:45:54 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-02-26 05:45:54 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-02-26 05:45:54 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-02-26 05:45:54 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-02-25 23:14:42 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-02-25 23:14:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-26 23:22:18 22295040 ----a-w- C:\Windows\System32\atio6axx.dll
2011-01-26 23:00:44 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-01-26 23:00:30 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-01-26 22:59:46 17204736 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll
2011-01-26 22:56:30 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-01-26 22:56:14 479232 ----a-w- C:\Windows\System32\atieclxx.exe
2011-01-26 22:55:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-01-26 22:54:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-01-26 22:54:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-01-26 22:53:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-01-26 22:53:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-01-26 22:53:36 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-01-26 22:53:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-01-26 22:53:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-01-26 22:49:44 4105728 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-01-26 22:40:02 4847616 ----a-w- C:\Windows\System32\atidxx64.dll
2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-01-26 22:32:12 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-01-26 22:32:00 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-01-26 22:28:52 4170752 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-01-26 22:27:52 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-01-26 22:27:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-01-26 22:27:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-01-26 22:27:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-01-26 22:27:30 6982144 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-01-26 22:25:50 5580800 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-01-26 22:24:18 3463680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-01-26 22:21:58 5316096 ----a-w- C:\Windows\System32\atiumd64.dll
2011-01-26 22:20:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-26 22:14:14 354304 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-01-26 22:14:08 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-01-26 22:13:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-01-26 22:13:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-01-26 22:13:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-01-26 22:12:46 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-01-26 22:12:40 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-01-26 22:12:32 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-01-26 22:12:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-01-26 22:11:46 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 07:46:34 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:46:34 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:55:55 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-04 09:37:38 875520 ----a-w- C:\Windows\System32\MysticThumbs.cpl
2011-01-04 09:37:36 51024 ----a-w- C:\Windows\SysWow64\vcomp100.dll
2011-01-04 09:37:30 57168 ----a-w- C:\Windows\System32\vcomp100.dll
2010-12-23 10:42:53 1118720 ----a-w- C:\Windows\System32\sbe.dll
2010-12-23 10:42:51 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-12-23 10:42:51 723968 ----a-w- C:\Windows\System32\EncDec.dll
2010-12-23 10:36:02 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-12-23 05:54:18 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2010-12-23 05:54:17 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-12-23 05:54:17 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2010-12-23 05:50:23 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
.
============= FINISH: 21:39:10.01 ===============
I had followed a link to a site that that was definately not what I was looking for on google and it opened up gambling and other sites behind internet explorer. I didn't realise these sites were open until I closed down IE.
Please help if you can?
These files had been on the data array for a couple of years and were no longer required so they were quarantined and deleted. I was carrying out your 8 step prelim, and malwarebytes detected both Heuristics.Shuriken and Spyware.Passwords viruses on some even older files.(These to were no longer required so were quarantined and deleted).
My system is a fairly new reinstall of Windows 7 Professional SP1. After I had problems updating to SP1. The C array was not formatted Windows was just reinstalled on the exsisting partition. Windows.old has been being deleted as i reinstall the programs that I require.
I run AVG 2011 on auto update with scheduled scans, Spybot Search & Destroy "teatimer" on autorun at startup and I periodically do Spybot S&D scans and imunise
Logs pasted below:
Malwarebytes log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6075
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514
16/03/2011 9:01:10 PM
mbam-log-2011-03-16 (21-01-10).txt
Scan type: Full scan (C:\|D:\|E:\|H:\|)
Objects scanned: 636577
Time elapsed: 27 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Grant\downloads\twc_4-11_setup.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
d:\downloads\game downloads\silent hunter 4\Ini-Mods\jtex-minichrono\JTxE.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\downloads\game downloads\silent hunter 4\MODTOOLS\JTxE.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
d:\modding tools\MODTOOLS\JTxE.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
dds attach log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 26/02/2011 8:50:00 AM
System Uptime: 16/03/2011 9:23:50 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6T DELUXE V2
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 3800/190mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 838 GiB total, 742.24 GiB free.
D: is FIXED (NTFS) - 901 GiB total, 649.118 GiB free.
E: is FIXED (NTFS) - 962 GiB total, 863.253 GiB free.
F: is CDROM ()
G: is CDROM (CDFS)
H: is FIXED (NTFS) - 0 GiB total, 0.06 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP93: 3/03/2011 6:53:29 PM - Installed X3 Reunion
RP94: 3/03/2011 7:10:16 PM - Installed X3 Reunion
RP95: 6/03/2011 7:00:02 PM - Windows Backup
RP96: 8/03/2011 9:41:59 PM - ATI Catalyst Install
RP97: 9/03/2011 4:33:37 PM - Windows Update
RP99: 10/03/2011 10:05:53 PM - Paint.NET v3.5.8
RP100: 11/03/2011 7:31:20 PM - Installed Application Profiles
RP101: 11/03/2011 7:32:16 PM - Installed Application Profiles
RP102: 11/03/2011 7:41:00 PM - Installed Dolby Digital Live Pack
RP103: 12/03/2011 1:24:41 PM - pre CiM
RP104: 12/03/2011 1:26:29 PM - Installed Steam
RP105: 13/03/2011 7:00:03 PM - Windows Backup
RP106: 15/03/2011 7:44:38 PM - Removed X3 Reunion
RP107: 15/03/2011 7:49:01 PM - Installed X3 Reunion
RP108: 16/03/2011 10:27:05 AM - Removed Java(TM) 6 Update 24
RP109: 16/03/2011 10:27:32 AM - Installed Java(TM) 6 Update 24
RP110: 16/03/2011 10:28:37 AM - Removed Java(TM) 6 Update 24
RP111: 16/03/2011 10:28:53 AM - Installed Java(TM) 6 Update 24
RP112: 16/03/2011 9:04:49 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Acronis*True*Image*Home 2011
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Photoshop Scripting Support 1.0
Adobe Reader X (10.0.1)
Application Profiles
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
Cities in Motion
Creative Audio Control Panel
Creative Console Launcher
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
Definition update for Microsoft Office 2010 (KB982726)
Dolby Digital Live Pack
Driver Sweeper version 2.8.5
eReg
GIMP 2.6.11
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript 8.71
HiJackThis
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Notepad++
NVIDIA Photoshop Plug-ins
OpenAL
Plus Pack for Acronis True Image Home 2011
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Sib Icon Studio
Spybot - Search & Destroy
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2289116)
Visual Studio 2008 x64 Redistributables
WinMerge 2.12.4
WinZip 15.0
X Plugin Manager 2.12
X3 Bonus Package 3.1.07
X3 Reunion
.
==== Event Viewer Messages From Past Week ========
.
16/03/2011 9:22:09 PM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
16/03/2011 8:31:01 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 8:31:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
16/03/2011 8:30:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
16/03/2011 8:30:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
16/03/2011 8:30:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
16/03/2011 8:30:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
16/03/2011 8:30:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
16/03/2011 8:30:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031611-17300-01.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
16/03/2011 8:30:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16/03/2011 8:30:33 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
16/03/2011 11:23:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fc (0x000000000002bb2c, 0x8250000348ed2847, 0xfffff880033fd9d0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031611-34616-01.
15/03/2011 9:14:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000000c690000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ef7d68). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031511-30014-01.
14/03/2011 6:00:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-31527-01.
13/03/2011 5:15:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000000048d229, 0x000000000000000b, 0x0000000000000008, 0xfffff88005a96dc8). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031311-35583-01.
12/03/2011 7:22:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fc (0x00000000004c852a, 0xb35000030c2e6847, 0xfffff8800331b940, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031211-30014-01.
12/03/2011 5:25:37 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x000000000000000d, 0x0000000000000001, 0xfffff80002e9d9a2). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031211-37799-01.
12/03/2011 1:28:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
12/03/2011 1:28:24 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/03/2011 6:01:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000e80, 0x000000000000000d, 0x0000000000000008, 0x0000000000000e80). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031111-30076-01.
11/03/2011 5:41:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031111-28454-01.
.
==== End Of File ===========================
dds log:
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Grant at 21:38:48.28 on Wed 16/03/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.12279.10220 [GMT 10:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDClock.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\AVG\AVG10\avgsystx.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\avgsysta.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Grant\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [MysticThumbs] C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-3-1 1263200]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-3-1 3246040]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-27 203776]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-27 1153368]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-3-1 285280]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-3-13 9085952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-3-13 299520]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-2-27 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-2-27 16008]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-26 136176]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-2-26 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-26 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-26 1255736]
.
=============== Created Last 30 ================
.
2011-03-16 11:05:00 388096 ----a-r- C:\Users\Grant\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-16 11:05:00 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-16 09:54:36 -------- d-----w- C:\Users\Grant\AppData\Roaming\Malwarebytes
2011-03-16 09:54:22 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-16 09:54:21 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-16 09:54:19 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-16 09:54:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-15 19:44:44 -------- d-----w- C:\X3 Savegame Manager
2011-03-12 19:58:22 9085952 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-03-12 19:54:39 299520 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-03-12 03:26:39 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-03-12 03:26:38 -------- d-----w- C:\Program Files (x86)\Steam
2011-03-09 08:48:48 -------- d-----w- C:\Users\Grant\.assistant
2011-03-09 08:48:41 -------- d-----w- C:\Program Files (x86)\X Plugin Manager
2011-03-08 11:47:51 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-03-08 11:47:32 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-03-04 07:01:53 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-03-04 07:01:52 -------- d-----w- C:\Program Files\ATI
2011-03-04 07:01:25 -------- d-----w- C:\Program Files\ATI Technologies
2011-03-04 06:01:25 -------- d-----w- C:\ATI
2011-03-03 09:09:58 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-03-03 09:09:58 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-03-03 09:09:58 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-03-03 09:09:58 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-03-03 09:09:57 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-03-03 09:09:57 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-03-03 09:09:57 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-03-03 08:53:34 -------- d-----w- C:\Program Files (x86)\DeepSilver
2011-03-01 08:39:10 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2011-03-01 08:39:09 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2011-03-01 08:39:08 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2011-03-01 08:39:05 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
2011-02-27 12:32:44 14744 ----a-w- C:\Users\Grant\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2011-02-27 11:46:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-02-27 11:46:20 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-02-27 11:40:53 1047552 ----a-w- C:\Windows\SysWow64\mfc71u.dll
2011-02-27 11:40:53 -------- d-----w- C:\Program Files (x86)\WinMerge
2011-02-27 10:38:56 -------- d-----w- C:\Program Files (x86)\Sib Icon Studio
2011-02-27 10:08:41 -------- d-----w- C:\Program Files (x86)\gs
2011-02-27 10:03:01 -------- d-----w- C:\Program Files\MysticCoder
2011-02-27 10:02:06 -------- d-----w- C:\Program Files\gs
2011-02-27 08:25:00 485376 ----a-w- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr
2011-02-27 08:25:00 1147392 ----a-w- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe
2011-02-27 08:25:00 -------- d-----w- C:\Program Files\MyDefrag v4.3.1
2011-02-27 06:43:04 -------- d-----w- C:\Program Files\Windows XP Mode
2011-02-27 06:26:45 -------- d-----r- C:\Users\Grant\Virtual Machines
2011-02-27 06:21:59 3584 ----a-w- C:\Windows\System32\drivers\sv-SE\vpchbus.sys.mui
2011-02-27 05:02:32 -------- d-----w- C:\PROGRA~3\Bitstream Font Navigator
2011-02-27 04:24:16 -------- d-----w- C:\Users\Grant\AppData\Local\Paint.NET
2011-02-27 03:58:33 -------- d-----w- C:\Users\Grant\.gimp-2.6
2011-02-27 03:53:45 -------- d-----w- C:\Users\Grant\.thumbnails
2011-02-27 03:52:25 -------- d-----w- C:\Users\Grant\.gimp-2.6_ORIGINAL
2011-02-27 03:49:46 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2011-02-27 02:38:19 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-02-27 02:38:19 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-02-27 02:38:19 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-02-27 02:38:06 151552 ----a-w- C:\Windows\SysWow64\nvRegDev.dll
2011-02-27 02:29:53 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-02-27 02:29:53 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-02-27 02:29:53 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-02-27 02:29:52 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-02-27 02:29:52 602244 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-02-27 02:05:35 306688 ----a-w- C:\Windows\IsUninst.exe
2011-02-27 01:46:21 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-02-27 01:45:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-26 20:46:33 -------- d-----w- C:\Users\Grant\AppData\Local\Logitech
2011-02-26 20:45:40 374792 ----a-w- C:\Windows\System32\drivers\UMDF\lgSSQVGA.dll
2011-02-26 20:45:40 22408 ----a-w- C:\Windows\System32\drivers\LGBusEnum.sys
2011-02-26 20:45:40 16008 ----a-w- C:\Windows\System32\drivers\LGVirHid.sys
2011-02-26 20:45:40 157704 ----a-w- C:\Windows\System32\drivers\UMDF\lgSSBW.dll
2011-02-26 20:45:39 -------- d-----w- C:\Program Files\Logitech Gaming Software
2011-02-26 20:38:39 53248 ----a-r- C:\Users\Grant\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-02-26 20:38:30 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-02-26 20:37:48 -------- d-----w- C:\Users\Grant\AppData\Roaming\Logishrd
2011-02-26 16:36:01 -------- d-----w- C:\Windows\Panther
2011-02-26 07:30:35 -------- d-----w- C:\Program Files (x86)\MSECache
2011-02-26 06:46:35 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-02-26 06:46:28 -------- d-----w- C:\Windows\PCHEALTH
2011-02-26 06:46:28 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-02-26 06:44:25 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-02-26 06:44:08 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-02-26 06:43:55 -------- d-----w- C:\Users\Grant\AppData\Local\Microsoft Help
2011-02-26 05:46:58 -------- d-----w- C:\Users\Grant\AppData\Local\ElevatedDiagnostics
2011-02-26 05:46:35 -------- d-----w- C:\Program Files (x86)\Common Files\Creative
2011-02-26 05:46:34 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information
2011-02-26 05:46:33 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2011-02-26 05:46:25 -------- d-----w- C:\Program Files\Creative
2011-02-26 05:46:17 -------- d-----w- C:\Program Files (x86)\Creative
2011-02-26 05:45:57 113152 ----a-w- C:\Windows\System32\cttele64.dll
2011-02-26 05:45:57 106496 ----a-w- C:\Windows\SysWow64\cttele32.dll
2011-02-26 05:45:44 -------- d-----w- C:\Windows\System32\data
2011-02-26 05:03:31 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2011-02-26 04:43:58 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-02-26 04:43:58 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-02-26 03:22:35 -------- d-----w- C:\Windows\SysWow64\Wat
2011-02-26 03:22:35 -------- d-----w- C:\Windows\System32\Wat
2011-02-26 03:21:43 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-26 03:21:43 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-26 02:53:53 -------- d-----w- C:\Users\Grant\AppData\Local\Adobe
2011-02-26 02:42:23 -------- d-----w- C:\Users\Grant\AppData\Local\WinZip
2011-02-26 01:04:01 -------- d-----w- C:\Users\Grant\AppData\Local\Google
2011-02-26 00:38:38 -------- d-----w- C:\Users\Grant\AppData\Roaming\AVG10
2011-02-26 00:37:47 -------- d--h--w- C:\PROGRA~3\Common Files
2011-02-26 00:37:40 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-02-26 00:37:18 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-02-26 00:37:18 -------- d-----w- C:\PROGRA~3\AVG10
2011-02-26 00:36:56 -------- d-----w- C:\Program Files (x86)\AVG
2011-02-26 00:35:35 -------- d-----w- C:\PROGRA~3\MFAData
2011-02-26 00:28:23 0 ----a-w- C:\Windows\ativpsrm.bin
2011-02-26 00:24:42 -------- d-----w- C:\AMD
2011-02-26 00:18:45 -------- d-----w- C:\Windows\System32\appmgmt
2011-02-26 00:17:53 -------- d-----w- C:\Program Files (x86)\Phyxion.net
2011-02-25 23:55:55 -------- d-----w- C:\Users\Grant\AppData\Local\ATI
2011-02-25 23:43:25 -------- d-sh--w- C:\Windows\Installer
2011-02-25 23:15:55 -------- d-----w- C:\Windows\System32\SPReview
2011-02-25 23:07:14 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2011-02-25 23:07:12 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2011-02-25 23:07:09 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-02-25 23:07:09 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-02-25 23:06:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-25 23:06:27 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-25 23:05:33 3129344 ----a-w- C:\Windows\System32\win32k.sys
2011-02-25 23:01:41 -------- d-----w- C:\Windows\System32\EventProviders
2011-02-25 23:01:07 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{288987BB-B445-4B85-9F52-BA4981DBC9DC}\mpengine.dll
2011-02-25 23:01:05 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-02-24 11:40:13 -------- d-----w- C:\e0a41745d932398196
.
==================== Find3M ====================
.
2011-02-26 05:45:54 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-02-26 05:45:54 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-02-26 05:45:54 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-02-26 05:45:54 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-02-25 23:14:42 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-02-25 23:14:42 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-26 23:22:18 22295040 ----a-w- C:\Windows\System32\atio6axx.dll
2011-01-26 23:00:44 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-01-26 23:00:30 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-01-26 22:59:46 17204736 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll
2011-01-26 22:56:30 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-01-26 22:56:14 479232 ----a-w- C:\Windows\System32\atieclxx.exe
2011-01-26 22:55:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-01-26 22:54:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-01-26 22:54:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-01-26 22:53:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-01-26 22:53:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-01-26 22:53:36 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-01-26 22:53:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-01-26 22:53:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-01-26 22:49:44 4105728 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-01-26 22:40:02 4847616 ----a-w- C:\Windows\System32\atidxx64.dll
2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-01-26 22:32:12 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-01-26 22:32:00 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-01-26 22:28:52 4170752 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-01-26 22:27:52 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-01-26 22:27:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-01-26 22:27:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-01-26 22:27:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-01-26 22:27:30 6982144 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-01-26 22:25:50 5580800 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-01-26 22:24:18 3463680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-01-26 22:21:58 5316096 ----a-w- C:\Windows\System32\atiumd64.dll
2011-01-26 22:20:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-26 22:14:14 354304 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-01-26 22:14:08 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-01-26 22:13:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-01-26 22:13:52 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-01-26 22:13:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-01-26 22:13:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-01-26 22:12:46 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-01-26 22:12:40 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-01-26 22:12:32 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-01-26 22:12:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-01-26 22:11:46 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 07:46:34 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:46:34 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:55:55 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-04 09:37:38 875520 ----a-w- C:\Windows\System32\MysticThumbs.cpl
2011-01-04 09:37:36 51024 ----a-w- C:\Windows\SysWow64\vcomp100.dll
2011-01-04 09:37:30 57168 ----a-w- C:\Windows\System32\vcomp100.dll
2010-12-23 10:42:53 1118720 ----a-w- C:\Windows\System32\sbe.dll
2010-12-23 10:42:51 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-12-23 10:42:51 723968 ----a-w- C:\Windows\System32\EncDec.dll
2010-12-23 10:36:02 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-12-23 05:54:18 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2010-12-23 05:54:17 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-12-23 05:54:17 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2010-12-23 05:50:23 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
.
============= FINISH: 21:39:10.01 ===============
I had followed a link to a site that that was definately not what I was looking for on google and it opened up gambling and other sites behind internet explorer. I didn't realise these sites were open until I closed down IE.
Please help if you can?