Symptoms: Google/Yahoo search in IE/Firefox redirects. Vista update blocked. IE sometimes hangs. Multiple incidents of IE in Task Manager. Pop-ups appear. "Host process has stopped working" message appears.
Step 1:
Symantec Endpoint, Malware Bytes & Spybot indicate NO malware!
Step 2:
TFC was successfully run.
Step 3:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5958
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
3/4/2011 10:57:02 PM
mbam-log-2011-03-04 (22-57-02).txt
Scan type: Quick scan
Objects scanned: 147811
Time elapsed: 4 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Step 4:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-04 23:03:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST3320620AS rev.3.AAE
Running: wwnfbyo5.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\fwldiuod.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 865D21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 865D21F8
Device \Driver\atapi \Device\Ide\IdePort0 865D21F8
Device \Driver\atapi \Device\Ide\IdePort1 865D21F8
Device \Driver\atapi \Device\Ide\IdePort2 865D21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5 865D21F8
Device \Driver\ay07v1el \Device\Scsi\ay07v1el1Port4Path0Target0Lun0 878E31F8
Device \Driver\ay07v1el \Device\Scsi\ay07v1el1 878E31F8
Device 865D31F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskST3320620AS_____________________________3.AAE___#5&621c102&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
Step 5:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Christian at 23:31:23.79 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2178 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\JHSecure\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
e:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
e:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\fpdisp5a.exe
E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\n52te\n52teHid.exe
C:\Windows\System32\Ctxfihlp.exe
E:\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Canon Electronics\DR1210C\TrkMonitor.exe
G:\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Christian\AppData\Local\Temp\BD0C.tmp\MBR.DAT
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msconfig.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Christian\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TrueImageMonitor.exe] e:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [FinePrint Dispatcher v5] c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AcronisTimounterMonitor] e:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Jomantha] c:\program files\n52te\n52teHid.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "e:\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "e:\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "e:\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [TrkMonitor] "c:\program files\canon electronics\dr1210c\TrkMonitor.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] e:\avg\avg10\avgtray.exe
mRun: [Zune Launcher] "g:\zune\ZuneLauncher.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
StartupFolder: c:\users\christ~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - d:\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\christ~1\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\
FF - component: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: InstantAction.com Game Launcher: iaplayer@instantaction.com - %profile%\extensions\iaplayer@instantaction.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [2008-11-21 971232]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-26 176128]
R2 EBIOS32;EBIOS32 - NT Driver;c:\windows\system32\drivers\EBIOS32.SYS [2008-11-28 13922]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-19 363344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-26 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-2-7 1839776]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-10-26 6573568]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-10-26 229888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-9-24 99856]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-3 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-19 20952]
S2 NOD32krn;NOD32 Kernel Service;"e:\program files\eset\nod32krn.exe" --> e:\program files\eset\nod32krn.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-2-7 23888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-5-21 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2008-12-16 48896]
.
=============== Created Last 30 ================
.
2011-03-04 08:10:32 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-04 08:10:32 -------- d-----w- c:\progra~2\AVG10
2011-03-04 08:07:26 -------- d-----w- c:\progra~2\MFAData
2011-03-04 06:33:02 -------- d-----w- c:\progra~2\AVAST Software
2011-03-04 05:26:45 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-03-04 04:35:01 39512 ----a-w- c:\windows\system32\drivers\AMonLWLH.sys
2011-03-04 04:35:00 31424 ----a-w- c:\windows\system32\V3w32se2.dll
2011-03-04 04:34:23 -------- d-----w- c:\program files\common files\AhnLab
2011-03-04 04:33:52 -------- d-----w- c:\progra~2\AhnLab
2011-03-04 04:25:11 99696 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-03-04 04:25:11 357744 ----a-w- c:\windows\system32\Sysfer.dll
2011-03-04 04:24:57 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-04 04:24:51 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2011-03-04 02:26:32 -------- d-----w- c:\users\christ~1\appdata\local\Threat Expert
2011-03-04 02:03:39 -------- d-----w- c:\users\christ~1\appdata\roaming\PC Tools
2011-03-04 02:03:39 -------- d-----w- c:\program files\PC Tools Security
2011-03-04 02:03:39 -------- d-----w- c:\program files\common files\PC Tools
2011-03-04 02:02:15 -------- d-----w- c:\progra~2\PC Tools
2011-03-03 23:37:21 -------- d-----w- c:\progra~2\Hitman Pro
2011-03-03 23:18:24 -------- d-----w- c:\progra~2\NortonInstaller
2011-03-03 23:16:41 -------- d-----w- c:\progra~2\Norton
2011-03-03 08:06:52 -------- d-----w- c:\users\christ~1\appdata\local\Sunbelt Software
2011-03-03 08:06:16 -------- dc-h--w- c:\progra~2\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
2011-03-03 08:05:38 -------- d-----w- c:\program files\Lavasoft
2011-03-03 07:55:17 -------- d-----w- c:\program files\Trend Micro
2011-03-03 05:29:50 -------- d-----w- c:\windows\system32\appmgmt
2011-02-27 01:29:21 -------- d-----w- c:\users\christ~1\appdata\roaming\Fender
2011-02-27 01:27:02 -------- d-----w- c:\program files\Fender
2011-02-20 01:23:53 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2011-02-20 01:23:53 281600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp093.DLL
2011-02-20 01:23:53 161280 ----a-w- c:\windows\system32\hpcpn093.dll
2011-02-20 01:16:13 331776 ----a-w- c:\windows\system32\hppcpr13.dll
2011-02-20 01:15:47 -------- d-----w- C:\HP_P2050_full_solution_v6.1_AM-EMEA
2011-02-08 22:45:31 -------- d-----w- c:\program files\BitTorrent
.
==================== Find3M ====================
.
2011-03-04 06:57:22 4578856446 ----a-w- c:\windows\system32\msvcache.dll
2011-03-04 05:27:04 119296 ----a-w- c:\windows\system32\zlib.dll
2011-02-07 14:11:38 89600 ----a-w- c:\windows\system32\atl71.dll
2011-02-07 14:11:38 87408 ----a-w- c:\windows\system32\FwsVpn.dll
2011-02-07 14:11:38 107888 ----a-w- c:\windows\system32\SymVPN.dll
2011-01-26 03:53:14 32 ----a-w- c:\windows\system32\wdccom.dat.dll
2011-01-25 10:11:28 3158016 ----a-w- c:\windows\system32\MpSigsvr.exe
2011-01-25 10:05:44 1094144 ----a-w- c:\windows\system32\Portax86.dll
2011-01-19 08:26:54 86016 ----a-w- c:\windows\system32\frapsvid.dll
.
============= FINISH: 23:31:53.18 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/20/2008 9:47:25 PM
System Uptime: 3/4/2011 11:18:31 PM (0 hours ago)
.
Motherboard: Intel Corporation | | D975XBX2
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | J3E1 | 2877/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 78 GiB total, 31.102 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 34.082 GiB free.
E: is FIXED (NTFS) - 39 GiB total, 37.28 GiB free.
F: is FIXED (NTFS) - 142 GiB total, 27.806 GiB free.
G: is FIXED (NTFS) - 140 GiB total, 63.294 GiB free.
H: is FIXED (NTFS) - 140 GiB total, 115 GiB free.
I: is CDROM (UDF)
J: is CDROM ()
L: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP759: 2/19/2011 2:10:44 PM - Scheduled Checkpoint
RP761: 2/19/2011 8:21:47 PM - HP Installation Restore Point
RP762: 2/21/2011 9:03:51 AM - Scheduled Checkpoint
RP763: 2/22/2011 7:19:09 AM - Scheduled Checkpoint
RP764: 2/23/2011 10:31:13 PM - Scheduled Checkpoint
RP765: 2/24/2011 11:27:12 AM - Scheduled Checkpoint
RP766: 2/25/2011 5:33:45 PM - Scheduled Checkpoint
RP767: 2/26/2011 11:07:39 AM - Scheduled Checkpoint
RP768: 2/27/2011 11:47:20 AM - Scheduled Checkpoint
RP769: 2/28/2011 12:40:16 PM - Scheduled Checkpoint
RP773: 3/2/2011 9:38:28 PM - Restore Operation
RP796: 3/3/2011 10:46:40 PM - Restore Operation
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Acronis*Disk Director Suite
Acronis*True*Image*Home
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Connect Add-in
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
ATI Catalyst Install Manager
Brother HL-2170W
Canon DR-1210C Driver
CapturePerfect 3.0
Carom3D
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
CommVault Systems DataArchiver Outlook Add-In (Instance001)
Creative Audio Control Panel
Creative Sound Blaster Properties
Dead Space 2
DisplayFusion 2.2.1
DNE Update
DR-1210C Job Tool
Droplitz
eReg
EVEREST Ultimate Edition v4.20
FileASSASSIN
FinePrint
Fraps
Garmin USB Drivers
Garmin WebUpdater
HD Tune 2.55
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet P2050 Series 6.0
hppFonts
hppQFolderP2050
Intel(R) Network Connections 14.5.1.0
Java(TM) 6 Update 11
LiveUpdate 3.3 (Symantec Corporation)
Logitech SetPoint 6.20
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Monkey's Audio
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
n52te Editor
Nero 7 Premium
OpenAL
ordrumbox-0.8.05
PASW Statistics 18
pdfFactory Pro
PerfectDisk
Pinnacle Game Profiler
PTC ProDESKTOP 8.0
RESIDENT EVIL 5
ScanSoft PaperPort 11
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SharpKeys
SPSS 11.5 for Windows
SPT-667 Phrase Trainer 1
Spybot - Search & Destroy
StarCraft
Steam
Super Meat Boy
Symantec Endpoint Protection
The KMPlayer (remove only)
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2291599)
ViceVersa Pro 1.3.1
Virtual Pool 3 DL
VistaGlazz 1.1
WebReg
Winamp
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Media Player Firefox Plugin
WinRAR archiver
WinTidy 1.0.11
Your Uninstaller! 2008 Version 6.2
YouTube Music Converter V1.3.8
Youtube Music Downloader V3.6
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
.
==== Event Viewer Messages From Past Week ========
.
3/4/2011 9:03:50 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on K: cannot be read.
3/4/2011 3:34:12 AM, Error: EventLog [6008] - The previous system shutdown at 3:32:21 AM on 3/4/2011 was unexpected.
3/4/2011 3:25:25 AM, Error: Service Control Manager [7000] -
3/4/2011 3:22:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 bbfbb
3/4/2011 3:16:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PinnacleUpdate Service service to connect.
3/4/2011 3:14:22 AM, Error: EventLog [6008] - The previous system shutdown at 3:10:28 AM on 3/4/2011 was unexpected.
3/4/2011 2:11:05 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/4/2011 11:24:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
3/4/2011 11:23:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
3/4/2011 11:19:48 PM, Error: Service Control Manager [7034] - The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).
3/4/2011 11:19:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbfbb
3/4/2011 11:19:48 PM, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the path specified.
3/4/2011 11:19:21 PM, Error: EventLog [6008] - The previous system shutdown at 11:17:19 PM on 3/4/2011 was unexpected.
3/4/2011 10:42:56 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
3/4/2011 1:59:11 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AMonLWLH AMonTDLH aswRdr aswSnx aswSP aswTdi ATamptNt_V3IS80 bbfbb CSC DfsC eeCtrl hdaudbex NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr sptd SRTSP SRTSPX SYMTDI tdx usbc2k v3engine V3Flt2K Wanarpv6 WPS
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/4/2011 1:53:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/4/2011 1:53:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/4/2011 1:53:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/4/2011 1:52:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/4/2011 1:52:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/4/2011 1:52:23 AM, Error: EventLog [6008] - The previous system shutdown at 1:50:29 AM on 3/4/2011 was unexpected.
3/4/2011 1:51:48 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
3/4/2011 1:47:29 AM, Error: EventLog [6008] - The previous system shutdown at 1:45:16 AM on 3/4/2011 was unexpected.
3/4/2011 1:33:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/4/2011 1:30:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATamptNt_V3IS80 bbfbb eeCtrl hdaudbex SPBBCDrv spldr sptd SRTSP SRTSPX SYMTDI usbc2k v3engine V3Flt2K Wanarpv6
3/4/2011 1:29:32 AM, Error: EventLog [6008] - The previous system shutdown at 1:27:38 AM on 3/4/2011 was unexpected.
3/3/2011 9:52:23 PM, Error: EventLog [6008] - The previous system shutdown at 9:50:46 PM on 3/3/2011 was unexpected.
3/3/2011 9:44:46 PM, Error: EventLog [6008] - The previous system shutdown at 9:43:10 PM on 3/3/2011 was unexpected.
3/3/2011 9:39:09 PM, Error: EventLog [6008] - The previous system shutdown at 9:37:00 PM on 3/3/2011 was unexpected.
3/3/2011 9:15:59 PM, Error: EventLog [6008] - The previous system shutdown at 9:14:30 PM on 3/3/2011 was unexpected.
3/3/2011 9:11:30 PM, Error: EventLog [6008] - The previous system shutdown at 9:09:00 PM on 3/3/2011 was unexpected.
3/3/2011 9:01:11 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
3/3/2011 9:01:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/3/2011 8:58:21 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough server storage is available to process this command.
3/3/2011 3:06:46 AM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/3/2011 12:18:46 AM, Error: EventLog [6008] - The previous system shutdown at 12:17:15 AM on 3/3/2011 was unexpected.
3/3/2011 11:52:22 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/3/2011 11:25:09 PM, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/3/2011 11:17:30 PM, Error: PlugPlayManager [12] - The device 'NAVEX15' (Root\LEGACY_NAVEX15\0000) disappeared from the system without first being prepared for removal.
3/3/2011 11:11:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/3/2011 11:09:12 PM, Error: SRTSPL [11] - Unable to allocate open file data.
3/3/2011 11:09:12 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
3/3/2011 11:09:12 PM, Error: SRTSP [4] - Error loading virus definitions.
3/3/2011 11:09:12 PM, Error: Service Control Manager [7000] - The SRTSPL service failed to start due to the following error: A device attached to the system is not functioning.
3/3/2011 11:09:12 PM, Error: Service Control Manager [7000] - The SRTSP service failed to start due to the following error: A device attached to the system is not functioning.
3/3/2011 11:07:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbfbb eeCtrl SRTSP
3/3/2011 10:42:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbfbb SRTSP
3/3/2011 10:41:51 PM, Error: EventLog [6008] - The previous system shutdown at 10:39:29 PM on 3/3/2011 was unexpected.
3/3/2011 10:23:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/3/2011 10:07:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD bbfbb CSC DfsC eeCtrl hdaudbex NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr sptd SRTSP SRTSPX SYMTDI tdx usbc2k Wanarpv6 WPS ws2ifsl
3/3/2011 10:07:34 PM, Error: EventLog [6008] - The previous system shutdown at 10:05:23 PM on 3/3/2011 was unexpected.
3/3/2011 1:05:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
3/3/2011 1:02:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/2/2011 6:00:04 PM, Error: EventLog [6008] - The previous system shutdown at 5:55:49 PM on 3/2/2011 was unexpected.
2/25/2011 4:05:02 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001CC0051441 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/25/2011 4:04:59 PM, Error: EventLog [6008] - The previous system shutdown at 11:07:29 AM on 2/25/2011 was unexpected.
2/25/2011 11:45:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
Step 6:
I also ran Ad-aware & Avast. No malware was detected!
Please help. Thank you!!
Step 1:
Symantec Endpoint, Malware Bytes & Spybot indicate NO malware!
Step 2:
TFC was successfully run.
Step 3:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5958
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
3/4/2011 10:57:02 PM
mbam-log-2011-03-04 (22-57-02).txt
Scan type: Quick scan
Objects scanned: 147811
Time elapsed: 4 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Step 4:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-04 23:03:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST3320620AS rev.3.AAE
Running: wwnfbyo5.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\fwldiuod.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 865D21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 865D21F8
Device \Driver\atapi \Device\Ide\IdePort0 865D21F8
Device \Driver\atapi \Device\Ide\IdePort1 865D21F8
Device \Driver\atapi \Device\Ide\IdePort2 865D21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5 865D21F8
Device \Driver\ay07v1el \Device\Scsi\ay07v1el1Port4Path0Target0Lun0 878E31F8
Device \Driver\ay07v1el \Device\Scsi\ay07v1el1 878E31F8
Device 865D31F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskST3320620AS_____________________________3.AAE___#5&621c102&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
Step 5:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Christian at 23:31:23.79 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2178 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\JHSecure\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
e:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
e:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\fpdisp5a.exe
E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\n52te\n52teHid.exe
C:\Windows\System32\Ctxfihlp.exe
E:\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Canon Electronics\DR1210C\TrkMonitor.exe
G:\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Christian\AppData\Local\Temp\BD0C.tmp\MBR.DAT
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msconfig.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Christian\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TrueImageMonitor.exe] e:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [FinePrint Dispatcher v5] c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AcronisTimounterMonitor] e:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Jomantha] c:\program files\n52te\n52teHid.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "e:\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "e:\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "e:\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [TrkMonitor] "c:\program files\canon electronics\dr1210c\TrkMonitor.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] e:\avg\avg10\avgtray.exe
mRun: [Zune Launcher] "g:\zune\ZuneLauncher.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
StartupFolder: c:\users\christ~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - d:\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\christ~1\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\
FF - component: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\9vb1f7xa.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: InstantAction.com Game Launcher: iaplayer@instantaction.com - %profile%\extensions\iaplayer@instantaction.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [2008-11-21 971232]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-26 176128]
R2 EBIOS32;EBIOS32 - NT Driver;c:\windows\system32\drivers\EBIOS32.SYS [2008-11-28 13922]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-19 363344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-26 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-2-7 1839776]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-10-26 6573568]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-10-26 229888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-9-24 99856]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-3 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-19 20952]
S2 NOD32krn;NOD32 Kernel Service;"e:\program files\eset\nod32krn.exe" --> e:\program files\eset\nod32krn.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-2-7 23888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-5-21 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2008-12-16 48896]
.
=============== Created Last 30 ================
.
2011-03-04 08:10:32 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-04 08:10:32 -------- d-----w- c:\progra~2\AVG10
2011-03-04 08:07:26 -------- d-----w- c:\progra~2\MFAData
2011-03-04 06:33:02 -------- d-----w- c:\progra~2\AVAST Software
2011-03-04 05:26:45 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-03-04 04:35:01 39512 ----a-w- c:\windows\system32\drivers\AMonLWLH.sys
2011-03-04 04:35:00 31424 ----a-w- c:\windows\system32\V3w32se2.dll
2011-03-04 04:34:23 -------- d-----w- c:\program files\common files\AhnLab
2011-03-04 04:33:52 -------- d-----w- c:\progra~2\AhnLab
2011-03-04 04:25:11 99696 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-03-04 04:25:11 357744 ----a-w- c:\windows\system32\Sysfer.dll
2011-03-04 04:24:57 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-04 04:24:51 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2011-03-04 02:26:32 -------- d-----w- c:\users\christ~1\appdata\local\Threat Expert
2011-03-04 02:03:39 -------- d-----w- c:\users\christ~1\appdata\roaming\PC Tools
2011-03-04 02:03:39 -------- d-----w- c:\program files\PC Tools Security
2011-03-04 02:03:39 -------- d-----w- c:\program files\common files\PC Tools
2011-03-04 02:02:15 -------- d-----w- c:\progra~2\PC Tools
2011-03-03 23:37:21 -------- d-----w- c:\progra~2\Hitman Pro
2011-03-03 23:18:24 -------- d-----w- c:\progra~2\NortonInstaller
2011-03-03 23:16:41 -------- d-----w- c:\progra~2\Norton
2011-03-03 08:06:52 -------- d-----w- c:\users\christ~1\appdata\local\Sunbelt Software
2011-03-03 08:06:16 -------- dc-h--w- c:\progra~2\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
2011-03-03 08:05:38 -------- d-----w- c:\program files\Lavasoft
2011-03-03 07:55:17 -------- d-----w- c:\program files\Trend Micro
2011-03-03 05:29:50 -------- d-----w- c:\windows\system32\appmgmt
2011-02-27 01:29:21 -------- d-----w- c:\users\christ~1\appdata\roaming\Fender
2011-02-27 01:27:02 -------- d-----w- c:\program files\Fender
2011-02-20 01:23:53 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2011-02-20 01:23:53 281600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp093.DLL
2011-02-20 01:23:53 161280 ----a-w- c:\windows\system32\hpcpn093.dll
2011-02-20 01:16:13 331776 ----a-w- c:\windows\system32\hppcpr13.dll
2011-02-20 01:15:47 -------- d-----w- C:\HP_P2050_full_solution_v6.1_AM-EMEA
2011-02-08 22:45:31 -------- d-----w- c:\program files\BitTorrent
.
==================== Find3M ====================
.
2011-03-04 06:57:22 4578856446 ----a-w- c:\windows\system32\msvcache.dll
2011-03-04 05:27:04 119296 ----a-w- c:\windows\system32\zlib.dll
2011-02-07 14:11:38 89600 ----a-w- c:\windows\system32\atl71.dll
2011-02-07 14:11:38 87408 ----a-w- c:\windows\system32\FwsVpn.dll
2011-02-07 14:11:38 107888 ----a-w- c:\windows\system32\SymVPN.dll
2011-01-26 03:53:14 32 ----a-w- c:\windows\system32\wdccom.dat.dll
2011-01-25 10:11:28 3158016 ----a-w- c:\windows\system32\MpSigsvr.exe
2011-01-25 10:05:44 1094144 ----a-w- c:\windows\system32\Portax86.dll
2011-01-19 08:26:54 86016 ----a-w- c:\windows\system32\frapsvid.dll
.
============= FINISH: 23:31:53.18 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/20/2008 9:47:25 PM
System Uptime: 3/4/2011 11:18:31 PM (0 hours ago)
.
Motherboard: Intel Corporation | | D975XBX2
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | J3E1 | 2877/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 78 GiB total, 31.102 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 34.082 GiB free.
E: is FIXED (NTFS) - 39 GiB total, 37.28 GiB free.
F: is FIXED (NTFS) - 142 GiB total, 27.806 GiB free.
G: is FIXED (NTFS) - 140 GiB total, 63.294 GiB free.
H: is FIXED (NTFS) - 140 GiB total, 115 GiB free.
I: is CDROM (UDF)
J: is CDROM ()
L: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP759: 2/19/2011 2:10:44 PM - Scheduled Checkpoint
RP761: 2/19/2011 8:21:47 PM - HP Installation Restore Point
RP762: 2/21/2011 9:03:51 AM - Scheduled Checkpoint
RP763: 2/22/2011 7:19:09 AM - Scheduled Checkpoint
RP764: 2/23/2011 10:31:13 PM - Scheduled Checkpoint
RP765: 2/24/2011 11:27:12 AM - Scheduled Checkpoint
RP766: 2/25/2011 5:33:45 PM - Scheduled Checkpoint
RP767: 2/26/2011 11:07:39 AM - Scheduled Checkpoint
RP768: 2/27/2011 11:47:20 AM - Scheduled Checkpoint
RP769: 2/28/2011 12:40:16 PM - Scheduled Checkpoint
RP773: 3/2/2011 9:38:28 PM - Restore Operation
RP796: 3/3/2011 10:46:40 PM - Restore Operation
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Acronis*Disk Director Suite
Acronis*True*Image*Home
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Connect Add-in
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
ATI Catalyst Install Manager
Brother HL-2170W
Canon DR-1210C Driver
CapturePerfect 3.0
Carom3D
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
CommVault Systems DataArchiver Outlook Add-In (Instance001)
Creative Audio Control Panel
Creative Sound Blaster Properties
Dead Space 2
DisplayFusion 2.2.1
DNE Update
DR-1210C Job Tool
Droplitz
eReg
EVEREST Ultimate Edition v4.20
FileASSASSIN
FinePrint
Fraps
Garmin USB Drivers
Garmin WebUpdater
HD Tune 2.55
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet P2050 Series 6.0
hppFonts
hppQFolderP2050
Intel(R) Network Connections 14.5.1.0
Java(TM) 6 Update 11
LiveUpdate 3.3 (Symantec Corporation)
Logitech SetPoint 6.20
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Monkey's Audio
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
n52te Editor
Nero 7 Premium
OpenAL
ordrumbox-0.8.05
PASW Statistics 18
pdfFactory Pro
PerfectDisk
Pinnacle Game Profiler
PTC ProDESKTOP 8.0
RESIDENT EVIL 5
ScanSoft PaperPort 11
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SharpKeys
SPSS 11.5 for Windows
SPT-667 Phrase Trainer 1
Spybot - Search & Destroy
StarCraft
Steam
Super Meat Boy
Symantec Endpoint Protection
The KMPlayer (remove only)
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2291599)
ViceVersa Pro 1.3.1
Virtual Pool 3 DL
VistaGlazz 1.1
WebReg
Winamp
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Media Player Firefox Plugin
WinRAR archiver
WinTidy 1.0.11
Your Uninstaller! 2008 Version 6.2
YouTube Music Converter V1.3.8
Youtube Music Downloader V3.6
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
.
==== Event Viewer Messages From Past Week ========
.
3/4/2011 9:03:50 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on K: cannot be read.
3/4/2011 3:34:12 AM, Error: EventLog [6008] - The previous system shutdown at 3:32:21 AM on 3/4/2011 was unexpected.
3/4/2011 3:25:25 AM, Error: Service Control Manager [7000] -
3/4/2011 3:22:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 bbfbb
3/4/2011 3:16:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PinnacleUpdate Service service to connect.
3/4/2011 3:14:22 AM, Error: EventLog [6008] - The previous system shutdown at 3:10:28 AM on 3/4/2011 was unexpected.
3/4/2011 2:11:05 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/4/2011 11:24:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
3/4/2011 11:23:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
3/4/2011 11:19:48 PM, Error: Service Control Manager [7034] - The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).
3/4/2011 11:19:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbfbb
3/4/2011 11:19:48 PM, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the path specified.
3/4/2011 11:19:21 PM, Error: EventLog [6008] - The previous system shutdown at 11:17:19 PM on 3/4/2011 was unexpected.
3/4/2011 10:42:56 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
3/4/2011 1:59:11 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AMonLWLH AMonTDLH aswRdr aswSnx aswSP aswTdi ATamptNt_V3IS80 bbfbb CSC DfsC eeCtrl hdaudbex NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr sptd SRTSP SRTSPX SYMTDI tdx usbc2k v3engine V3Flt2K Wanarpv6 WPS
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:43 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 1:53:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/4/2011 1:53:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/4/2011 1:53:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/4/2011 1:53:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/4/2011 1:52:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/4/2011 1:52:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/4/2011 1:52:23 AM, Error: EventLog [6008] - The previous system shutdown at 1:50:29 AM on 3/4/2011 was unexpected.
3/4/2011 1:51:48 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
3/4/2011 1:47:29 AM, Error: EventLog [6008] - The previous system shutdown at 1:45:16 AM on 3/4/2011 was unexpected.
3/4/2011 1:33:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/4/2011 1:30:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATamptNt_V3IS80 bbfbb eeCtrl hdaudbex SPBBCDrv spldr sptd SRTSP SRTSPX SYMTDI usbc2k v3engine V3Flt2K Wanarpv6
3/4/2011 1:29:32 AM, Error: EventLog [6008] - The previous system shutdown at 1:27:38 AM on 3/4/2011 was unexpected.
3/3/2011 9:52:23 PM, Error: EventLog [6008] - The previous system shutdown at 9:50:46 PM on 3/3/2011 was unexpected.
3/3/2011 9:44:46 PM, Error: EventLog [6008] - The previous system shutdown at 9:43:10 PM on 3/3/2011 was unexpected.
3/3/2011 9:39:09 PM, Error: EventLog [6008] - The previous system shutdown at 9:37:00 PM on 3/3/2011 was unexpected.
3/3/2011 9:15:59 PM, Error: EventLog [6008] - The previous system shutdown at 9:14:30 PM on 3/3/2011 was unexpected.
3/3/2011 9:11:30 PM, Error: EventLog [6008] - The previous system shutdown at 9:09:00 PM on 3/3/2011 was unexpected.
3/3/2011 9:01:11 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
3/3/2011 9:01:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/3/2011 8:58:21 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough server storage is available to process this command.
3/3/2011 3:06:46 AM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/3/2011 12:18:46 AM, Error: EventLog [6008] - The previous system shutdown at 12:17:15 AM on 3/3/2011 was unexpected.
3/3/2011 11:52:22 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/3/2011 11:25:09 PM, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/3/2011 11:17:30 PM, Error: PlugPlayManager [12] - The device 'NAVEX15' (Root\LEGACY_NAVEX15\0000) disappeared from the system without first being prepared for removal.
3/3/2011 11:11:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/3/2011 11:09:12 PM, Error: SRTSPL [11] - Unable to allocate open file data.
3/3/2011 11:09:12 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
3/3/2011 11:09:12 PM, Error: SRTSP [4] - Error loading virus definitions.
3/3/2011 11:09:12 PM, Error: Service Control Manager [7000] - The SRTSPL service failed to start due to the following error: A device attached to the system is not functioning.
3/3/2011 11:09:12 PM, Error: Service Control Manager [7000] - The SRTSP service failed to start due to the following error: A device attached to the system is not functioning.
3/3/2011 11:07:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbfbb eeCtrl SRTSP
3/3/2011 10:42:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bbfbb SRTSP
3/3/2011 10:41:51 PM, Error: EventLog [6008] - The previous system shutdown at 10:39:29 PM on 3/3/2011 was unexpected.
3/3/2011 10:23:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/3/2011 10:07:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD bbfbb CSC DfsC eeCtrl hdaudbex NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr sptd SRTSP SRTSPX SYMTDI tdx usbc2k Wanarpv6 WPS ws2ifsl
3/3/2011 10:07:34 PM, Error: EventLog [6008] - The previous system shutdown at 10:05:23 PM on 3/3/2011 was unexpected.
3/3/2011 1:05:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
3/3/2011 1:02:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/2/2011 6:00:04 PM, Error: EventLog [6008] - The previous system shutdown at 5:55:49 PM on 3/2/2011 was unexpected.
2/25/2011 4:05:02 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001CC0051441 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/25/2011 4:04:59 PM, Error: EventLog [6008] - The previous system shutdown at 11:07:29 AM on 2/25/2011 was unexpected.
2/25/2011 11:45:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
Step 6:
I also ran Ad-aware & Avast. No malware was detected!
Please help. Thank you!!