I'm having issues with a google hijack. I also performed a system restore recently and skype is no longer working for me either. Not sure if they are related issues.
Here's the logs:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7765
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
9/21/2011 4:10:36 PM
mbam-log-2011-09-21 (16-10-36).txt
Scan type: Quick scan
Objects scanned: 179256
Time elapsed: 1 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-21 17:16:33
Windows 6.1.7601 Service Pack 1
Running: gmer.exe; Driver: C:\Users\Derek\AppData\Local\Temp\ugloapow.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3881011562-596480335-2157353384-1000@RefCount 6
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\Electronic Arts\Mass Effect\x2122 2\Engine\Localization\DEU\Binaries\Uninstall-3DSexVilla2-Everlust-111.001.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Derek\Desktop\The.Matrix.Path.Of.Neo.PC.Game(djDEVASTATE\x2122)\EAX4Unified_redist_4001.exe 1
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by Derek at 17:17:37 on 2011-09-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3327.1628 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Steam\Steam.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LOLReplay\LOLRecorder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:57596
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\derek\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\derek\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\heroes of might and magic v\registration\RegistrationReminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lolrec~1.lnk - c:\program files\lolreplay\LOLRecorder.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{B9F0FE0F-5863-4129-8C64-B45E1ABD637E} : DhcpNameServer = 68.87.85.102 68.87.69.150
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\derek\appdata\roaming\mozilla\firefox\profiles\xkctxi5h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.leagueoflegends.com/
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsld11b1a23;MpKsld11b1a23;c:\programdata\microsoft\microsoft antimalware\definition updates\{200a9b08-317b-4d6c-a560-f4da4bde9784}\MpKsld11b1a23.sys [2011-9-21 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-3-29 598312]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
R3 ugloapow;ugloapow;c:\users\derek\appdata\local\temp\ugloapow.sys [2011-9-21 100864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-6 39272]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-6 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-6 1343400]
.
=============== Created Last 30 ================
.
2011-09-22 00:00:37 -------- d-----w- C:\gmer
2011-09-21 23:35:48 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{12df84b1-c9fc-4923-affc-e72e9195c206}\gapaengine.dll
2011-09-21 23:35:48 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{200a9b08-317b-4d6c-a560-f4da4bde9784}\MpKsld11b1a23.sys
2011-09-21 23:35:44 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{200a9b08-317b-4d6c-a560-f4da4bde9784}\offreg.dll
2011-09-21 23:35:42 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{200a9b08-317b-4d6c-a560-f4da4bde9784}\mpengine.dll
2011-09-21 23:33:36 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-21 23:12:30 -------- d-----w- c:\users\derek\appdata\roaming\SUPERAntiSpyware.com
2011-09-21 23:12:16 -------- d-----w- c:\programdata\!SASCORE
2011-09-21 23:12:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-21 23:12:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-21 23:06:11 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-21 23:05:56 -------- d-----w- c:\users\derek\appdata\local\temp
2011-09-21 22:07:51 98816 ----a-w- c:\windows\sed.exe
2011-09-21 22:07:51 518144 ----a-w- c:\windows\SWREG.exe
2011-09-21 22:07:51 256000 ----a-w- c:\windows\PEV.exe
2011-09-21 22:07:51 208896 ----a-w- c:\windows\MBR.exe
2011-09-21 22:06:43 -------- d-----w- C:\ComboFix
2011-09-21 21:27:21 -------- dc----w- c:\programdata\{9937DA50-1322-492A-A1C8-1911CDD1BD57}
2011-09-21 21:23:09 -------- d-----w- c:\users\derek\appdata\roaming\Malwarebytes
2011-09-21 21:22:57 -------- d-----w- c:\programdata\Malwarebytes
2011-09-21 21:22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-15 01:17:21 -------- d-----w- c:\program files\Ventrilo
2011-09-13 04:01:32 -------- d-----w- c:\windows\system32\appmgmt
2011-08-26 22:47:18 -------- d-----w- c:\program files\common files\scanner
2011-08-26 22:47:17 -------- d-----w- c:\program files\comcasttb
2011-08-26 22:47:06 -------- d-----w- c:\program files\CA
2011-08-26 22:47:05 -------- d-----w- c:\windows\Downloaded Installations
2011-08-26 22:45:15 -------- d-----w- c:\program files\xfin_portal
2011-08-26 22:42:02 -------- d-----w- c:\users\derek\appdata\local\SupportSoft
2011-08-26 22:40:24 -------- d-----w- c:\program files\common files\SupportSoft
2011-08-26 22:40:24 -------- d-----w- c:\program files\ComcastUI
2011-08-24 13:21:39 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2011-08-17 14:59:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-19 12:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-29 13:54:54 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
.
============= FINISH: 17:29:31.37 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2011 7:18:58 PM
System Uptime: 9/21/2011 4:23:19 PM (1 hours ago)
.
Motherboard: ECS | | G31T-M7
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2203/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 734.219 GiB free.
D: is CDROM (UDF)
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslf4c8274d
Device ID: ROOT\LEGACY_MPKSLF4C8274D\0000
Manufacturer:
Name: MpKslf4c8274d
PNP Device ID: ROOT\LEGACY_MPKSLF4C8274D\0000
Service: MpKslf4c8274d
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla4511d04
Device ID: ROOT\LEGACY_MPKSLA4511D04\0000
Manufacturer:
Name: MpKsla4511d04
PNP Device ID: ROOT\LEGACY_MPKSLA4511D04\0000
Service: MpKsla4511d04
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl68c83548
Device ID: ROOT\LEGACY_MPKSL68C83548\0000
Manufacturer:
Name: MpKsl68c83548
PNP Device ID: ROOT\LEGACY_MPKSL68C83548\0000
Service: MpKsl68c83548
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl03249d40
Device ID: ROOT\LEGACY_MPKSL03249D40\0000
Manufacturer:
Name: MpKsl03249d40
PNP Device ID: ROOT\LEGACY_MPKSL03249D40\0000
Service: MpKsl03249d40
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslfa593dc8
Device ID: ROOT\LEGACY_MPKSLFA593DC8\0000
Manufacturer:
Name: MpKslfa593dc8
PNP Device ID: ROOT\LEGACY_MPKSLFA593DC8\0000
Service: MpKslfa593dc8
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla646d26e
Device ID: ROOT\LEGACY_MPKSLA646D26E\0000
Manufacturer:
Name: MpKsla646d26e
PNP Device ID: ROOT\LEGACY_MPKSLA646D26E\0000
Service: MpKsla646d26e
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl040600f4
Device ID: ROOT\LEGACY_MPKSL040600F4\0000
Manufacturer:
Name: MpKsl040600f4
PNP Device ID: ROOT\LEGACY_MPKSL040600F4\0000
Service: MpKsl040600f4
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl055c88b5
Device ID: ROOT\LEGACY_MPKSL055C88B5\0000
Manufacturer:
Name: MpKsl055c88b5
PNP Device ID: ROOT\LEGACY_MPKSL055C88B5\0000
Service: MpKsl055c88b5
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslfe828125
Device ID: ROOT\LEGACY_MPKSLFE828125\0000
Manufacturer:
Name: MpKslfe828125
PNP Device ID: ROOT\LEGACY_MPKSLFE828125\0000
Service: MpKslfe828125
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl093a1754
Device ID: ROOT\LEGACY_MPKSL093A1754\0000
Manufacturer:
Name: MpKsl093a1754
PNP Device ID: ROOT\LEGACY_MPKSL093A1754\0000
Service: MpKsl093a1754
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslaecd84cb
Device ID: ROOT\LEGACY_MPKSLAECD84CB\0000
Manufacturer:
Name: MpKslaecd84cb
PNP Device ID: ROOT\LEGACY_MPKSLAECD84CB\0000
Service: MpKslaecd84cb
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl39161332
Device ID: ROOT\LEGACY_MPKSL39161332\0000
Manufacturer:
Name: MpKsl39161332
PNP Device ID: ROOT\LEGACY_MPKSL39161332\0000
Service: MpKsl39161332
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0e0bea13
Device ID: ROOT\LEGACY_MPKSL0E0BEA13\0000
Manufacturer:
Name: MpKsl0e0bea13
PNP Device ID: ROOT\LEGACY_MPKSL0E0BEA13\0000
Service: MpKsl0e0bea13
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslc36014d0
Device ID: ROOT\LEGACY_MPKSLC36014D0\0000
Manufacturer:
Name: MpKslc36014d0
PNP Device ID: ROOT\LEGACY_MPKSLC36014D0\0000
Service: MpKslc36014d0
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl47300ffd
Device ID: ROOT\LEGACY_MPKSL47300FFD\0000
Manufacturer:
Name: MpKsl47300ffd
PNP Device ID: ROOT\LEGACY_MPKSL47300FFD\0000
Service: MpKsl47300ffd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl4c25b95f
Device ID: ROOT\LEGACY_MPKSL4C25B95F\0000
Manufacturer:
Name: MpKsl4c25b95f
PNP Device ID: ROOT\LEGACY_MPKSL4C25B95F\0000
Service: MpKsl4c25b95f
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslca656fd9
Device ID: ROOT\LEGACY_MPKSLCA656FD9\0000
Manufacturer:
Name: MpKslca656fd9
PNP Device ID: ROOT\LEGACY_MPKSLCA656FD9\0000
Service: MpKslca656fd9
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl8bc51ca4
Device ID: ROOT\LEGACY_MPKSL8BC51CA4\0000
Manufacturer:
Name: MpKsl8bc51ca4
PNP Device ID: ROOT\LEGACY_MPKSL8BC51CA4\0000
Service: MpKsl8bc51ca4
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl4ef88ffd
Device ID: ROOT\LEGACY_MPKSL4EF88FFD\0000
Manufacturer:
Name: MpKsl4ef88ffd
PNP Device ID: ROOT\LEGACY_MPKSL4EF88FFD\0000
Service: MpKsl4ef88ffd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl95e737cd
Device ID: ROOT\LEGACY_MPKSL95E737CD\0000
Manufacturer:
Name: MpKsl95e737cd
PNP Device ID: ROOT\LEGACY_MPKSL95E737CD\0000
Service: MpKsl95e737cd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl58ff3399
Device ID: ROOT\LEGACY_MPKSL58FF3399\0000
Manufacturer:
Name: MpKsl58ff3399
PNP Device ID: ROOT\LEGACY_MPKSL58FF3399\0000
Service: MpKsl58ff3399
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsle4e1232a
Device ID: ROOT\LEGACY_MPKSLE4E1232A\0000
Manufacturer:
Name: MpKsle4e1232a
PNP Device ID: ROOT\LEGACY_MPKSLE4E1232A\0000
Service: MpKsle4e1232a
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9b438dda
Device ID: ROOT\LEGACY_MPKSL9B438DDA\0000
Manufacturer:
Name: MpKsl9b438dda
PNP Device ID: ROOT\LEGACY_MPKSL9B438DDA\0000
Service: MpKsl9b438dda
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl1b1b7ebf
Device ID: ROOT\LEGACY_MPKSL1B1B7EBF\0000
Manufacturer:
Name: MpKsl1b1b7ebf
PNP Device ID: ROOT\LEGACY_MPKSL1B1B7EBF\0000
Service: MpKsl1b1b7ebf
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9d6d5027
Device ID: ROOT\LEGACY_MPKSL9D6D5027\0000
Manufacturer:
Name: MpKsl9d6d5027
PNP Device ID: ROOT\LEGACY_MPKSL9D6D5027\0000
Service: MpKsl9d6d5027
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl002e5e40
Device ID: ROOT\LEGACY_MPKSL002E5E40\0000
Manufacturer:
Name: MpKsl002e5e40
PNP Device ID: ROOT\LEGACY_MPKSL002E5E40\0000
Service: MpKsl002e5e40
.
==== System Restore Points ===================
.
RP144: 9/14/2011 6:16:17 PM - Installed Ventrilo Client
RP145: 9/15/2011 12:23:59 AM - Windows Update
RP146: 9/17/2011 12:32:34 AM - Removed Skype™ 5.5
RP147: 9/19/2011 2:42:55 AM - Windows Update
RP148: 9/21/2011 1:35:21 PM - Restore Operation
RP149: 9/21/2011 1:52:51 PM - Windows Update
RP150: 9/21/2011 2:13:24 PM - Installed Ad-Aware
RP151: 9/21/2011 2:22:18 PM - Installed Ad-Aware
RP152: 9/21/2011 2:23:58 PM - Installed Ad-Aware
RP154: 9/21/2011 3:02:05 PM - Removed Ad-Aware
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Any Video Converter 3.2.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bloodline Champions
Bonjour
Borderlands
Brink
BufferChm
CA Pest Patrol Realtime Protection
Click to Call with Skype
Clone2Go Video Converter Free Version 1.3.8
Comcast Desktop Software (v1.2.0.9)
Copy
Dead Island
Definition update for Microsoft Office 2010 (KB982726)
Destinations
DeviceDiscovery
DJ_AIO_06_F2400_SW_Min
Dragon Age II
Dual-Core Optimizer
EA Installer
EA Shared Game Component: Activation
EasyBits GO
EAX4 Unified Redist
F2400
Fallout: New Vegas
ffdshow [rev 2527] [2008-12-19]
GPBaseService2
Groove Games\Land Of The Dead
Heroes of Might and Magic V
High-Definition Video Playback
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iTunes
Java Auto Updater
Java(TM) 6 Update 27
Killing Floor
League of Legends
Left 4 Dead
LOLReplay
LOTD Update Pack #2 (3/6/06)
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Mass Effect 2
Media Go
Media Go Video Playback Engine 1.64.105.02280
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft IntelliType Pro 8.0
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 6.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NeroKwikMedia Help (CHM)
NVIDIA PhysX
Origin
Pando Media Booster
Pcsx2 0.9.6
PlayStation(R)Network Downloader
PlayStation(R)Store
QuickTime
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Shop for HP Supplies
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
StarCraft II
Status
Steam
SUPERAntiSpyware
The Witcher: Enhanced Edition
Titan Quest
Titan Quest Immortal Throne
Toolbox
TrayApp
Update for Microsoft Office 2010 (KB2494150)
Vampire - The Masquerade Bloodlines
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebReg
Windows Live ID Sign-in Assistant
WinRAR archiver
XFINITY Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/21/2011 6:46:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/21/2011 3:49:02 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/21/2011 2:26:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.
9/21/2011 2:26:09 PM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/21/2011 2:24:27 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
9/21/2011 1:42:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/21/2011 1:42:04 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
9/21/2011 1:36:27 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{f1ed7c9d-4799-11e0-aa2f-806e6f6e6963}\System Volume Information\SystemRestore\New-software' was corrupted and it has been recovered. Some data might have been lost.
9/20/2011 11:44:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/20/2011 11:43:38 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
9/19/2011 2:32:42 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/19/2011 11:26:00 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/18/2011 9:37:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/16/2011 11:11:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/16/2011 11:11:07 AM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
9/15/2011 6:57:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/15/2011 12:01:28 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{f1ed7c9d-4799-11e0-aa2f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{94CA31F5-87EC-4744-B3D5-AA66816102F0}' was corrupted and it has been recovered. Some data might have been lost.
9/14/2011 6:29:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================
Here's the logs:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7765
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
9/21/2011 4:10:36 PM
mbam-log-2011-09-21 (16-10-36).txt
Scan type: Quick scan
Objects scanned: 179256
Time elapsed: 1 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-21 17:16:33
Windows 6.1.7601 Service Pack 1
Running: gmer.exe; Driver: C:\Users\Derek\AppData\Local\Temp\ugloapow.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3881011562-596480335-2157353384-1000@RefCount 6
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\Electronic Arts\Mass Effect\x2122 2\Engine\Localization\DEU\Binaries\Uninstall-3DSexVilla2-Everlust-111.001.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Derek\Desktop\The.Matrix.Path.Of.Neo.PC.Game(djDEVASTATE\x2122)\EAX4Unified_redist_4001.exe 1
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by Derek at 17:17:37 on 2011-09-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3327.1628 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Steam\Steam.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LOLReplay\LOLRecorder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:57596
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\derek\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\derek\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\heroes of might and magic v\registration\RegistrationReminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lolrec~1.lnk - c:\program files\lolreplay\LOLRecorder.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{B9F0FE0F-5863-4129-8C64-B45E1ABD637E} : DhcpNameServer = 68.87.85.102 68.87.69.150
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\derek\appdata\roaming\mozilla\firefox\profiles\xkctxi5h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.leagueoflegends.com/
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsld11b1a23;MpKsld11b1a23;c:\programdata\microsoft\microsoft antimalware\definition updates\{200a9b08-317b-4d6c-a560-f4da4bde9784}\MpKsld11b1a23.sys [2011-9-21 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-3-29 598312]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
R3 ugloapow;ugloapow;c:\users\derek\appdata\local\temp\ugloapow.sys [2011-9-21 100864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-6 39272]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-6 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-6 1343400]
.
=============== Created Last 30 ================
.
2011-09-22 00:00:37 -------- d-----w- C:\gmer
2011-09-21 23:35:48 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{12df84b1-c9fc-4923-affc-e72e9195c206}\gapaengine.dll
2011-09-21 23:35:48 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{200a9b08-317b-4d6c-a560-f4da4bde9784}\MpKsld11b1a23.sys
2011-09-21 23:35:44 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{200a9b08-317b-4d6c-a560-f4da4bde9784}\offreg.dll
2011-09-21 23:35:42 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{200a9b08-317b-4d6c-a560-f4da4bde9784}\mpengine.dll
2011-09-21 23:33:36 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-21 23:12:30 -------- d-----w- c:\users\derek\appdata\roaming\SUPERAntiSpyware.com
2011-09-21 23:12:16 -------- d-----w- c:\programdata\!SASCORE
2011-09-21 23:12:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-21 23:12:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-21 23:06:11 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-21 23:05:56 -------- d-----w- c:\users\derek\appdata\local\temp
2011-09-21 22:07:51 98816 ----a-w- c:\windows\sed.exe
2011-09-21 22:07:51 518144 ----a-w- c:\windows\SWREG.exe
2011-09-21 22:07:51 256000 ----a-w- c:\windows\PEV.exe
2011-09-21 22:07:51 208896 ----a-w- c:\windows\MBR.exe
2011-09-21 22:06:43 -------- d-----w- C:\ComboFix
2011-09-21 21:27:21 -------- dc----w- c:\programdata\{9937DA50-1322-492A-A1C8-1911CDD1BD57}
2011-09-21 21:23:09 -------- d-----w- c:\users\derek\appdata\roaming\Malwarebytes
2011-09-21 21:22:57 -------- d-----w- c:\programdata\Malwarebytes
2011-09-21 21:22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-15 01:17:21 -------- d-----w- c:\program files\Ventrilo
2011-09-13 04:01:32 -------- d-----w- c:\windows\system32\appmgmt
2011-08-26 22:47:18 -------- d-----w- c:\program files\common files\scanner
2011-08-26 22:47:17 -------- d-----w- c:\program files\comcasttb
2011-08-26 22:47:06 -------- d-----w- c:\program files\CA
2011-08-26 22:47:05 -------- d-----w- c:\windows\Downloaded Installations
2011-08-26 22:45:15 -------- d-----w- c:\program files\xfin_portal
2011-08-26 22:42:02 -------- d-----w- c:\users\derek\appdata\local\SupportSoft
2011-08-26 22:40:24 -------- d-----w- c:\program files\common files\SupportSoft
2011-08-26 22:40:24 -------- d-----w- c:\program files\ComcastUI
2011-08-24 13:21:39 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2011-08-17 14:59:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-19 12:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-29 13:54:54 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
.
============= FINISH: 17:29:31.37 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2011 7:18:58 PM
System Uptime: 9/21/2011 4:23:19 PM (1 hours ago)
.
Motherboard: ECS | | G31T-M7
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2203/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 734.219 GiB free.
D: is CDROM (UDF)
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslf4c8274d
Device ID: ROOT\LEGACY_MPKSLF4C8274D\0000
Manufacturer:
Name: MpKslf4c8274d
PNP Device ID: ROOT\LEGACY_MPKSLF4C8274D\0000
Service: MpKslf4c8274d
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla4511d04
Device ID: ROOT\LEGACY_MPKSLA4511D04\0000
Manufacturer:
Name: MpKsla4511d04
PNP Device ID: ROOT\LEGACY_MPKSLA4511D04\0000
Service: MpKsla4511d04
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl68c83548
Device ID: ROOT\LEGACY_MPKSL68C83548\0000
Manufacturer:
Name: MpKsl68c83548
PNP Device ID: ROOT\LEGACY_MPKSL68C83548\0000
Service: MpKsl68c83548
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl03249d40
Device ID: ROOT\LEGACY_MPKSL03249D40\0000
Manufacturer:
Name: MpKsl03249d40
PNP Device ID: ROOT\LEGACY_MPKSL03249D40\0000
Service: MpKsl03249d40
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslfa593dc8
Device ID: ROOT\LEGACY_MPKSLFA593DC8\0000
Manufacturer:
Name: MpKslfa593dc8
PNP Device ID: ROOT\LEGACY_MPKSLFA593DC8\0000
Service: MpKslfa593dc8
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla646d26e
Device ID: ROOT\LEGACY_MPKSLA646D26E\0000
Manufacturer:
Name: MpKsla646d26e
PNP Device ID: ROOT\LEGACY_MPKSLA646D26E\0000
Service: MpKsla646d26e
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl040600f4
Device ID: ROOT\LEGACY_MPKSL040600F4\0000
Manufacturer:
Name: MpKsl040600f4
PNP Device ID: ROOT\LEGACY_MPKSL040600F4\0000
Service: MpKsl040600f4
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl055c88b5
Device ID: ROOT\LEGACY_MPKSL055C88B5\0000
Manufacturer:
Name: MpKsl055c88b5
PNP Device ID: ROOT\LEGACY_MPKSL055C88B5\0000
Service: MpKsl055c88b5
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslfe828125
Device ID: ROOT\LEGACY_MPKSLFE828125\0000
Manufacturer:
Name: MpKslfe828125
PNP Device ID: ROOT\LEGACY_MPKSLFE828125\0000
Service: MpKslfe828125
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl093a1754
Device ID: ROOT\LEGACY_MPKSL093A1754\0000
Manufacturer:
Name: MpKsl093a1754
PNP Device ID: ROOT\LEGACY_MPKSL093A1754\0000
Service: MpKsl093a1754
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslaecd84cb
Device ID: ROOT\LEGACY_MPKSLAECD84CB\0000
Manufacturer:
Name: MpKslaecd84cb
PNP Device ID: ROOT\LEGACY_MPKSLAECD84CB\0000
Service: MpKslaecd84cb
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl39161332
Device ID: ROOT\LEGACY_MPKSL39161332\0000
Manufacturer:
Name: MpKsl39161332
PNP Device ID: ROOT\LEGACY_MPKSL39161332\0000
Service: MpKsl39161332
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0e0bea13
Device ID: ROOT\LEGACY_MPKSL0E0BEA13\0000
Manufacturer:
Name: MpKsl0e0bea13
PNP Device ID: ROOT\LEGACY_MPKSL0E0BEA13\0000
Service: MpKsl0e0bea13
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslc36014d0
Device ID: ROOT\LEGACY_MPKSLC36014D0\0000
Manufacturer:
Name: MpKslc36014d0
PNP Device ID: ROOT\LEGACY_MPKSLC36014D0\0000
Service: MpKslc36014d0
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl47300ffd
Device ID: ROOT\LEGACY_MPKSL47300FFD\0000
Manufacturer:
Name: MpKsl47300ffd
PNP Device ID: ROOT\LEGACY_MPKSL47300FFD\0000
Service: MpKsl47300ffd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl4c25b95f
Device ID: ROOT\LEGACY_MPKSL4C25B95F\0000
Manufacturer:
Name: MpKsl4c25b95f
PNP Device ID: ROOT\LEGACY_MPKSL4C25B95F\0000
Service: MpKsl4c25b95f
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslca656fd9
Device ID: ROOT\LEGACY_MPKSLCA656FD9\0000
Manufacturer:
Name: MpKslca656fd9
PNP Device ID: ROOT\LEGACY_MPKSLCA656FD9\0000
Service: MpKslca656fd9
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl8bc51ca4
Device ID: ROOT\LEGACY_MPKSL8BC51CA4\0000
Manufacturer:
Name: MpKsl8bc51ca4
PNP Device ID: ROOT\LEGACY_MPKSL8BC51CA4\0000
Service: MpKsl8bc51ca4
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl4ef88ffd
Device ID: ROOT\LEGACY_MPKSL4EF88FFD\0000
Manufacturer:
Name: MpKsl4ef88ffd
PNP Device ID: ROOT\LEGACY_MPKSL4EF88FFD\0000
Service: MpKsl4ef88ffd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl95e737cd
Device ID: ROOT\LEGACY_MPKSL95E737CD\0000
Manufacturer:
Name: MpKsl95e737cd
PNP Device ID: ROOT\LEGACY_MPKSL95E737CD\0000
Service: MpKsl95e737cd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl58ff3399
Device ID: ROOT\LEGACY_MPKSL58FF3399\0000
Manufacturer:
Name: MpKsl58ff3399
PNP Device ID: ROOT\LEGACY_MPKSL58FF3399\0000
Service: MpKsl58ff3399
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsle4e1232a
Device ID: ROOT\LEGACY_MPKSLE4E1232A\0000
Manufacturer:
Name: MpKsle4e1232a
PNP Device ID: ROOT\LEGACY_MPKSLE4E1232A\0000
Service: MpKsle4e1232a
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9b438dda
Device ID: ROOT\LEGACY_MPKSL9B438DDA\0000
Manufacturer:
Name: MpKsl9b438dda
PNP Device ID: ROOT\LEGACY_MPKSL9B438DDA\0000
Service: MpKsl9b438dda
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl1b1b7ebf
Device ID: ROOT\LEGACY_MPKSL1B1B7EBF\0000
Manufacturer:
Name: MpKsl1b1b7ebf
PNP Device ID: ROOT\LEGACY_MPKSL1B1B7EBF\0000
Service: MpKsl1b1b7ebf
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9d6d5027
Device ID: ROOT\LEGACY_MPKSL9D6D5027\0000
Manufacturer:
Name: MpKsl9d6d5027
PNP Device ID: ROOT\LEGACY_MPKSL9D6D5027\0000
Service: MpKsl9d6d5027
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl002e5e40
Device ID: ROOT\LEGACY_MPKSL002E5E40\0000
Manufacturer:
Name: MpKsl002e5e40
PNP Device ID: ROOT\LEGACY_MPKSL002E5E40\0000
Service: MpKsl002e5e40
.
==== System Restore Points ===================
.
RP144: 9/14/2011 6:16:17 PM - Installed Ventrilo Client
RP145: 9/15/2011 12:23:59 AM - Windows Update
RP146: 9/17/2011 12:32:34 AM - Removed Skype™ 5.5
RP147: 9/19/2011 2:42:55 AM - Windows Update
RP148: 9/21/2011 1:35:21 PM - Restore Operation
RP149: 9/21/2011 1:52:51 PM - Windows Update
RP150: 9/21/2011 2:13:24 PM - Installed Ad-Aware
RP151: 9/21/2011 2:22:18 PM - Installed Ad-Aware
RP152: 9/21/2011 2:23:58 PM - Installed Ad-Aware
RP154: 9/21/2011 3:02:05 PM - Removed Ad-Aware
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Any Video Converter 3.2.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bloodline Champions
Bonjour
Borderlands
Brink
BufferChm
CA Pest Patrol Realtime Protection
Click to Call with Skype
Clone2Go Video Converter Free Version 1.3.8
Comcast Desktop Software (v1.2.0.9)
Copy
Dead Island
Definition update for Microsoft Office 2010 (KB982726)
Destinations
DeviceDiscovery
DJ_AIO_06_F2400_SW_Min
Dragon Age II
Dual-Core Optimizer
EA Installer
EA Shared Game Component: Activation
EasyBits GO
EAX4 Unified Redist
F2400
Fallout: New Vegas
ffdshow [rev 2527] [2008-12-19]
GPBaseService2
Groove Games\Land Of The Dead
Heroes of Might and Magic V
High-Definition Video Playback
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iTunes
Java Auto Updater
Java(TM) 6 Update 27
Killing Floor
League of Legends
Left 4 Dead
LOLReplay
LOTD Update Pack #2 (3/6/06)
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Mass Effect 2
Media Go
Media Go Video Playback Engine 1.64.105.02280
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft IntelliType Pro 8.0
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 6.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NeroKwikMedia Help (CHM)
NVIDIA PhysX
Origin
Pando Media Booster
Pcsx2 0.9.6
PlayStation(R)Network Downloader
PlayStation(R)Store
QuickTime
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Shop for HP Supplies
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
StarCraft II
Status
Steam
SUPERAntiSpyware
The Witcher: Enhanced Edition
Titan Quest
Titan Quest Immortal Throne
Toolbox
TrayApp
Update for Microsoft Office 2010 (KB2494150)
Vampire - The Masquerade Bloodlines
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebReg
Windows Live ID Sign-in Assistant
WinRAR archiver
XFINITY Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/21/2011 6:46:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/21/2011 3:49:02 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/21/2011 2:26:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.
9/21/2011 2:26:09 PM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/21/2011 2:24:27 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
9/21/2011 1:42:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/21/2011 1:42:04 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
9/21/2011 1:36:27 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{f1ed7c9d-4799-11e0-aa2f-806e6f6e6963}\System Volume Information\SystemRestore\New-software' was corrupted and it has been recovered. Some data might have been lost.
9/20/2011 11:44:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/20/2011 11:43:38 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
9/19/2011 2:32:42 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/19/2011 11:26:00 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/18/2011 9:37:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/16/2011 11:11:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/16/2011 11:11:07 AM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
9/15/2011 6:57:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/15/2011 12:01:28 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{f1ed7c9d-4799-11e0-aa2f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{94CA31F5-87EC-4744-B3D5-AA66816102F0}' was corrupted and it has been recovered. Some data might have been lost.
9/14/2011 6:29:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================