Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect virus - Alureon.H?


  • Please log in to reply

#1
guy incognito

guy incognito

    New Member

  • Member
  • Pip
  • 7 posts
Hi,

I seem to have picked up a virus from somewhere. I use a Compaq laptop running Windows Vista, and initially only used AVG antivirus software. This flagged up a potential threat file 'us.exe' located in C:Windows/Temp, and a file in Users/ME/AppData/local/temp which was a string of numbers/letters (possibly starting 9045FD?) which I thought I successfully removed. Around the same time as i got this warning I noticed that occasionally searching on google/yahoo would either redirect me to third party search engine results, or after several minutes would open up a new tab/window with previous search entries. This affects both Firefox + IE.

I have since used superantispyware, malwarebytes, hijackthis, unhackme, microsoft security essentials, avenger, ESET online scanner, rkill, and possibly some other programs which I may have forgotten, without any noticeable change. I also occasionally get an error message relating to windows HOSTs file that appears to be malfunctioning. I have tried updating my hosts file in Windows/system32/drivers/etc with a custom file that supposedly blocks various malware files.

Microsoft security essentials found Win32.Alureon.H virus which it reportedly removed.
superantispyware found Trojan.Generic which it removed

I have finally run out of ideas and would appreciate your help!
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello guy incognito

Welcome to G2Go. :)
=====================

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED

  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)
  • Show All (don't miss this one)

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.

  • 0

#3
guy incognito

guy incognito

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for replying, I did the first step and got the logs below:

DDS File:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Sam at 16:02:06.83 on 04/07/2010
Internet Explorer: 7.0.6000.16711 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1982.876 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
SP: Microsoft Security Essentials *disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Gizmo5\mDNSResponder.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Kontiki\KService.exe
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sam\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\users\sam\appdata\roaming\microsoft\windows\start menu\programs\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
IE: Download all links with IDM - c:\users\sam\appdata\roaming\microsoft\windows\start menu\programs\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\users\sam\appdata\roaming\microsoft\windows\start menu\programs\internet download manager\IEGetVL.htm
IE: Download with &FileFactory Turbo - c:\program files\filefactory turbo\plugins\ie\FileFactoryIE.html
IE: Download with IDM - c:\users\sam\appdata\roaming\microsoft\windows\start menu\programs\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\sam\appdata\roaming\mozilla\firefox\profiles\t837plme.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - component: c:\users\sam\appdata\roaming\idm\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-3 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-1-17 33792]
S2 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]
S3 ECS_Loader_220;Digital TV Receiver Firmware Loader 5.10.31.0;c:\windows\system32\drivers\ECS_Loader_220.sys [2005-10-31 15616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-1-10 46592]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]

=============== Created Last 30 ================

2010-07-04 14:01:44 0 d-----w- c:\program files\ESET
2010-07-04 13:37:10 54888 ----a-w- c:\windows\system32\drivers\jbmkbznq.sys
2010-07-04 13:08:36 0 d-----w- c:\program files\Microsoft Security Essentials
2010-07-03 20:14:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-03 20:14:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 20:14:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 19:44:39 0 d-----w- c:\program files\Trend Micro
2010-07-03 18:34:36 0 d-----w- c:\program files\Windows Imaging
2010-07-03 18:31:14 0 d-----w- c:\program files\Windows AIK
2010-07-03 17:34:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-07-03 16:36:13 0 d-----w- c:\users\sam\appdata\roaming\SUPERAntiSpyware.com
2010-07-03 16:36:13 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-03 16:36:02 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-02 17:06:01 69 ----a-w- C:\RunSC.bat
2010-07-02 17:05:48 203976 ----a-w- c:\windows\system32\richtx32.ocx
2010-07-02 17:05:48 0 d-----w- c:\program files\SmartScan
2010-07-02 10:18:45 0 d-----w- c:\programdata\McAfee Security Scan
2010-07-02 10:18:44 0 d-----w- c:\programdata\McAfee
2010-07-02 10:18:37 0 d-----w- c:\program files\McAfee Security Scan
2010-07-02 09:40:49 0 d-----w- c:\users\sam\appdata\roaming\Malwarebytes
2010-07-02 09:40:35 0 d-----w- c:\programdata\Malwarebytes
2010-07-02 09:39:51 6153352 ----a-w- c:\users\sam\mbam-setup-1.46.exe
2010-07-01 23:26:54 2 --shatr- c:\windows\winstart.bat
2010-07-01 23:25:50 0 d-----w- c:\program files\UnHackMe

==================== Find3M ====================

2010-06-04 17:34:44 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-21 23:07:54 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-21 23:07:48 198175 ----a-w- c:\users\sam\appdata\roaming\nvModes.dat
2010-04-21 22:19:31 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-05 20:04:32 4096 ----a-w- c:\windows\d3dx.dat
2008-07-09 13:02:59 174 --sha-w- c:\program files\desktop.ini
2008-07-09 13:00:23 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-17 16:36:56 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 16:05:13.98 ===============


Attach File:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 28/09/2007 13:45:25
System Uptime: 07/04/2010 14:55:32 (2114 hours ago)

Motherboard: Quanta | | 30CF
Processor: AMD Turion™ 64 X2 Mobile Technology TL-58 | Socket S1 | 1900/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 104 GiB total, 3.739 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.679 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP814: 17/06/2010 13:08:49 - Scheduled Checkpoint
RP815: 19/06/2010 00:42:12 - Windows Update
RP816: 20/06/2010 14:31:40 - Scheduled Checkpoint
RP817: 21/06/2010 21:49:06 - Windows Update
RP819: 22/06/2010 17:38:29 - Avg8 Update
RP820: 25/06/2010 21:26:03 - Windows Update
RP821: 28/06/2010 13:26:12 - Scheduled Checkpoint
RP822: 29/06/2010 10:35:20 - Scheduled Checkpoint
RP825: 01/07/2010 21:54:28 - Restore Operation

==== Installed Programs ======================

4oD
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Apple Software Update
AudibleManager
AudioConverter
BayGenie eBay Auction Sniper Free Edition 3.1.3.0
BayGenie eBay Auction Sniper Pro Edition 3.3.1.0
BBC iPlayer Download Manager
BitTorrent
CloneCD
CloneDVD 3.6
CloneDVD2
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
DAEMON Tools Toolbar
DNA
DVB2GO mini
DVD Region+CSS Free 5.9.3.2
Easy GIF Animator 4.6 Pro
ESET Online Scanner v3
ESU for Microsoft Vista
ffdshow [rev 1723] [2007-12-24]
FilmOn HDi Player
Final Fantasy VII
Full Tilt Poker
Gizmo5
Google Toolbar for Internet Explorer
Grand Theft Auto
Half-Life® 2
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.2
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
Internet Download Manager
Java™ 6 Update 3
Java™ 6 Update 7
Java™ SE Runtime Environment 6
LibUSB-Win32-0.1.10.1
LightScribe 1.6.43.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Media Go
Media Player Codec Pack 1.1.0
Microsoft Antimalware
Microsoft Office Professional Edition 2003
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.6)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
Napster
Napster Burn Engine
Nero 6 Ultra Edition
Nokia Connectivity Cable Driver
Nokia Home Media Server
Nokia Map Loader
Nokia Ovi Application Installer
Nokia Ovi Application Installer 6.85.3011
Nokia Ovi Content Copier
Nokia Ovi Content Copier 6.85.3011
Nokia Ovi One Touch Access
Nokia Ovi One Touch Access 6.85.3010
Nokia Ovi Player
Nokia Ovi Suite
Nokia Ovi System Utilities
Nokia Ovi System Utilities 6.85.3013
Nokia Photos
Nokia Software Updater
Nokia_Multimedia_Common_Components_2_5
NVIDIA Drivers
PartyPoker
PC Connectivity Solution
Pcsx2 0.9.4 Watermoose
Pcsx2 0.9.6
Photo Viewer 2.3
PiMPStreamer
PlayStation®Network Downloader
PlayStation®Store
Power Tab Editor 1.7
PPStream
PSP ISO Compressor
PSPHost
PSSWCORE
PSXMemTool 1.17b (remove only)
QuickTime
RealPlayer
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Sky Anytime
SmartAudio
SopCast 3.0.1
Steam™
Stream Torrent 1.0
SubEdit-Player
SubEdit - Vista WMP Patch
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab
THE HOUSE OF THE DEAD 2
TomTom HOME 2.5.2.60
TVAnts 1.0
TVersity Codec Pack 1.2
TVersity Media Server 1.0.0.2 RC1
TVUPlayer 2.3.5.2
TwonkyMedia
Ulead GIF Animator 5 TBYB
Unix Utilities for Yahoo! Widgets
VC_MergeModuleToMSI
Veetle TV 0.9.15
VLC media player 0.9.8a
Winamp
Windows Automated Installation Kit
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Install Manager
Yahoo! Widgets
Zattoo 3.3.4 Beta
ZEN Vision:M Series Media Explorer
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

30/06/2010 17:46:52, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 1 Memory Hierarchy Level: 1 Request Type: 3 Address: 841762339848
30/06/2010 14:11:42, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 1 Memory Hierarchy Level: 1 Request Type: 7 Address: 1984
30/06/2010 14:11:10, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 13, function 0. Please contact your system vendor for technical assistance.
30/06/2010 14:11:10, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0. Please contact your system vendor for technical assistance.
30/06/2010 10:15:44, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The dependency service or group failed to start.
29/06/2010 23:48:23, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
29/06/2010 23:28:01, Error: Service Control Manager [7022] - The KService service hung on starting.
29/06/2010 23:26:22, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/06/2010 23:25:09, Error: EventLog [6008] - The previous system shutdown at 23:22:55 on 29/06/2010 was unexpected.
28/06/2010 00:44:00, Error: Service Control Manager [7030] - The Network Access Protection Agent napagentIKEEXT service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
28/06/2010 00:08:08, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
28/06/2010 00:08:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
04/07/2010 14:56:31, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
04/07/2010 14:55:52, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 13 Memory/IO: 2 Address: 18383187884317863487
04/07/2010 14:50:37, Error: Service Control Manager [7034] - The LiveUpdate Notice Service service terminated unexpectedly. It has done this 1 time(s).
04/07/2010 14:50:37, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
04/07/2010 14:38:51, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 2 Address: 9160202892735934271
04/07/2010 14:13:47, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
04/07/2010 14:13:06, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
04/07/2010 14:12:23, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
04/07/2010 13:43:28, Error: EventLog [6008] - The previous system shutdown at 13:40:25 on 04/07/2010 was unexpected.
04/07/2010 11:05:13, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/07/2010 10:42:20, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 2 Memory Hierarchy Level: 0 Request Type: 4 Address: 0
03/07/2010 22:34:40, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 3895072416046632511
03/07/2010 20:43:16, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {AC746233-E9D3-49CD-862F-068F7B7CCCA4} as /. The error: "2" Happened while starting this command: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDMan.exe -Embedding
03/07/2010 20:29:54, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 13 Memory/IO: 2 Address: 13118444452618276415
03/07/2010 18:34:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the libusbd service.
03/07/2010 18:11:24, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 18378648825977359935
03/07/2010 17:06:42, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Sam-PC\Sam SID (S-1-5-21-765861078-2712400846-2122610106-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
03/07/2010 16:55:36, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 18383152699945774655
03/07/2010 16:49:07, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 13 Memory/IO: 2 Address: 18446743919090728923
03/07/2010 16:36:23, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 1 Memory Hierarchy Level: 1 Request Type: 3 Address: 833172798984
03/07/2010 09:56:11, Error: EventLog [6008] - The previous system shutdown at 09:53:35 on 03/07/2010 was unexpected.
03/07/2010 09:07:35, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 1 Memory Hierarchy Level: 1 Request Type: 3 Address: 841763257352
02/07/2010 21:10:43, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
02/07/2010 19:47:53, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 13 Memory/IO: 2 Address: 18446743917547744831
02/07/2010 19:43:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02/07/2010 19:42:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
02/07/2010 19:42:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
02/07/2010 19:42:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
02/07/2010 19:42:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/07/2010 19:42:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02/07/2010 19:40:48, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:34, Error: EventLog [6008] - The previous system shutdown at 19:38:01 on 02/07/2010 was unexpected.
02/07/2010 19:40:05, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 13 Memory/IO: 2 Address: 18383196680410885695
02/07/2010 19:36:53, Error: PlugPlayManager [11] - The device Root\LEGACY_GCOXGISC\0000 disappeared from the system without first being prepared for removal.
02/07/2010 16:28:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
02/07/2010 16:28:26, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/07/2010 16:24:35, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 18311095106448911935
02/07/2010 16:23:06, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 1 Memory Hierarchy Level: 1 Request Type: 8 Address: 0
02/07/2010 15:43:03, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 2 Address: 18383618910055820863
02/07/2010 00:43:51, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 2 Address: 18383196680410885695
02/07/2010 00:31:05, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 1 Participation: 0 Request Type: 5 Memory/IO: 3 Address: 0
01/07/2010 22:27:55, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
01/07/2010 22:12:03, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
01/07/2010 22:05:37, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.85.532.0 Loading engine version: 1.1.5802.0
01/07/2010 22:04:22, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 3606824344630562367
01/07/2010 17:48:22, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 13 Memory/IO: 2 Address: 9160317241945223103
01/07/2010 17:47:19, Error: Service Control Manager [7001] - The Windows Update service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The service has not been started.
01/07/2010 17:47:19, Error: Service Control Manager [7001] - The Security Center service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The service has not been started.
01/07/2010 17:47:19, Error: Service Control Manager [7001] - The KtmRm for Distributed Transaction Coordinator service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The operation completed successfully.
01/07/2010 17:47:16, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The operation completed successfully.
01/07/2010 17:46:29, Error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The service has not been started.
01/07/2010 17:46:29, Error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The operation completed successfully.
01/07/2010 17:46:28, Error: Service Control Manager [7024] - The Remote Procedure Call (RPC) service terminated with service-specific error 1717 (0x6B5).
01/07/2010 17:46:28, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The operation completed successfully.
01/07/2010 17:46:27, Error: Service Control Manager [7031] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
01/07/2010 17:46:27, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
01/07/2010 17:46:27, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
01/07/2010 17:46:27, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
01/07/2010 17:46:27, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
01/07/2010 17:46:24, Error: Service Control Manager [7031] - The IPsec Policy Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
01/07/2010 17:46:19, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
01/07/2010 17:43:45, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 2 Memory Hierarchy Level: 3 Request Type: 13 Address: 4471533168335504959

==== End Of File ===========================


However I am having difficulty with the GMER rootkit scan, I downloaded the program and unticked the relevant boxes, but my computer decided to switch off half way through the scan, possibly overheated. Now the program crashes whenever i try to rescan. Ill try again but meantime do the above logs shed any light?
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi you seem to have some cpu issues going on inside of the computer.
I can tell from the event log output in your logs.
Have you tried to mess around in the bios or any type of overclocking?
If not then may try to do a bios update later on.

Please skip running gmer for now.
It can cause the restarts itself.
================================
Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to restart the computer type in Y then it will restart.
  • Or if you are prompted with a hidden service warning do go ahead and delete it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log
===========
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
guy incognito

guy incognito

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Tried GMER one more time, again cpu rebooted halfway through. As far as i know i havent overclocked or modified bios or anything, certainly not intentionally!


TDSSK report:


18:52:14:045 6140 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
18:52:14:045 6140 ================================================================================
18:52:14:045 6140 SystemInfo:

18:52:14:045 6140 OS Version: 6.0.6000 ServicePack: 0.0
18:52:14:045 6140 Product type: Workstation
18:52:14:045 6140 ComputerName: SAM-PC
18:52:14:045 6140 UserName: Sam
18:52:14:045 6140 Windows directory: C:\Windows
18:52:14:045 6140 System windows directory: C:\Windows
18:52:14:045 6140 Processor architecture: Intel x86
18:52:14:045 6140 Number of processors: 2
18:52:14:045 6140 Page size: 0x1000
18:52:14:045 6140 Boot type: Normal boot
18:52:14:045 6140 ================================================================================
18:52:27:570 6140 Initialize success
18:52:27:570 6140
18:52:27:570 6140 Scanning Services ...
18:52:28:412 6140 Raw services enum returned 447 services
18:52:28:428 6140
18:52:28:428 6140 Scanning Drivers ...
18:52:30:253 6140 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
18:52:30:456 6140 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:52:30:550 6140 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:52:30:612 6140 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:52:30:674 6140 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:52:30:737 6140 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
18:52:30:815 6140 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:52:30:846 6140 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:52:30:893 6140 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:52:30:955 6140 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:52:30:986 6140 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:52:31:018 6140 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:52:31:064 6140 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
18:52:31:096 6140 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:52:31:127 6140 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:52:31:174 6140 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
18:52:31:236 6140 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
18:52:31:298 6140 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
18:52:31:361 6140 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
18:52:31:423 6140 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
18:52:31:454 6140 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
18:52:31:486 6140 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:52:31:517 6140 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:52:31:564 6140 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:52:31:610 6140 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:52:31:642 6140 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:52:31:673 6140 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:52:31:720 6140 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:52:31:766 6140 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
18:52:31:798 6140 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
18:52:31:813 6140 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:52:31:860 6140 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
18:52:31:954 6140 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
18:52:31:985 6140 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:52:32:063 6140 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
18:52:32:110 6140 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:52:32:141 6140 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:52:32:172 6140 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
18:52:32:203 6140 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
18:52:32:219 6140 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
18:52:32:297 6140 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
18:52:32:375 6140 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
18:52:32:422 6140 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:52:32:468 6140 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
18:52:32:500 6140 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
18:52:32:562 6140 ECS_Loader_220 (24b46483acc0d33783b89c7c0e4939f7) C:\Windows\system32\Drivers\ECS_Loader_220.sys
18:52:32:718 6140 ElbyCDFL (c61c83501268b0110b5c5db7e63dee0c) C:\Windows\system32\Drivers\ElbyCDFL.sys
18:52:32:812 6140 ElbyCDIO (084a13f18856d610d44d3109a9d2acde) C:\Windows\system32\Drivers\ElbyCDIO.sys
18:52:32:874 6140 ElbyDelay (df9957db3bfe5136aad3c2c101806c98) C:\Windows\system32\Drivers\ElbyDelay.sys
18:52:32:936 6140 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:52:32:983 6140 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
18:52:33:030 6140 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:52:33:092 6140 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
18:52:33:139 6140 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
18:52:33:186 6140 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:52:33:202 6140 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
18:52:33:248 6140 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
18:52:33:280 6140 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:52:33:326 6140 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
18:52:33:358 6140 HdAudAddService (a08f4808fb19a40792a6056848187afe) C:\Windows\system32\drivers\CHDART.sys
18:52:33:404 6140 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:52:33:436 6140 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:52:33:467 6140 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:52:33:514 6140 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
18:52:33:560 6140 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:52:33:623 6140 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:52:33:716 6140 HSF_DPV (0d7a055a840c3099c37d576573a42cd5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:52:33:779 6140 HSXHWAZL (bcc074692882c056b0e1ac97f3331a02) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:52:33:810 6140 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
18:52:33:857 6140 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:52:34:106 6140 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
18:52:34:216 6140 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:52:34:387 6140 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:52:34:434 6140 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:52:34:481 6140 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
18:52:34:512 6140 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
18:52:34:528 6140 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:52:34:559 6140 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:52:34:590 6140 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
18:52:34:606 6140 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
18:52:34:637 6140 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:52:34:668 6140 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
18:52:34:746 6140 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:52:34:793 6140 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:52:34:840 6140 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
18:52:34:871 6140 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
18:52:34:902 6140 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\Windows\system32\drivers\klmd.sys
18:52:34:933 6140 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
18:52:35:027 6140 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
18:52:35:058 6140 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
18:52:35:136 6140 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
18:52:35:152 6140 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:52:35:214 6140 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:52:35:245 6140 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:52:35:276 6140 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
18:52:35:308 6140 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:52:35:339 6140 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:52:35:386 6140 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
18:52:35:417 6140 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
18:52:35:479 6140 MotioninJoyXFilter (f3d9723a0aea85186328bc090a3a0614) C:\Windows\system32\DRIVERS\MijXfilt.sys
18:52:35:542 6140 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
18:52:35:588 6140 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
18:52:35:620 6140 MountMgr (bf53f866379da0f63aecbb63efb6309b) C:\Windows\system32\DRIVERS\MOUNTMGR.SYS
18:52:35:620 6140 Suspicious file (Forged): C:\Windows\system32\DRIVERS\MOUNTMGR.SYS. Real md5: bf53f866379da0f63aecbb63efb6309b, Fake md5: 01f1e5a3e4877c931cbb31613fec16a6
18:52:35:620 6140 File "C:\Windows\system32\DRIVERS\MOUNTMGR.SYS" infected by TDSS rootkit ... 18:52:35:760 6140 Backup copy found, using it..
18:52:35:760 6140 will be cured on next reboot
18:52:35:807 6140 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
18:52:35:854 6140 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:52:35:869 6140 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:52:35:900 6140 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
18:52:35:932 6140 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:52:35:963 6140 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
18:52:36:010 6140 mrxsmb (529b64f9735d27fef1b8ea1678f8c79e) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:52:36:041 6140 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:52:36:088 6140 mrxsmb20 (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:52:36:134 6140 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:52:36:166 6140 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:52:36:197 6140 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
18:52:36:228 6140 msisadrv (2c3f1983cd3629573cb9e9658247847a) C:\Windows\system32\drivers\msisadrv.sys
18:52:36:259 6140 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
18:52:36:275 6140 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
18:52:36:290 6140 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
18:52:36:322 6140 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
18:52:36:353 6140 mssmbios (1f6f7159c75e4b27d138b5225808860f) C:\Windows\system32\DRIVERS\mssmbios.sys
18:52:36:415 6140 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
18:52:36:446 6140 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
18:52:36:493 6140 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
18:52:36:556 6140 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
18:52:36:618 6140 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
18:52:36:634 6140 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
18:52:36:680 6140 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
18:52:36:712 6140 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
18:52:36:727 6140 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
18:52:36:758 6140 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
18:52:36:805 6140 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:52:36:868 6140 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
18:52:36:914 6140 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
18:52:36:961 6140 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\Windows\system32\drivers\nmwcdnsu.sys
18:52:37:008 6140 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\Windows\system32\drivers\nmwcdnsuc.sys
18:52:37:039 6140 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
18:52:37:070 6140 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
18:52:37:133 6140 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
18:52:37:180 6140 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:52:37:211 6140 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
18:52:37:273 6140 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:52:37:679 6140 nvlddmkm (442eac1b12acf1bad6f1224167e034c8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:52:37:788 6140 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:52:37:819 6140 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
18:52:37:835 6140 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:52:37:866 6140 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:52:37:913 6140 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
18:52:37:960 6140 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:52:37:991 6140 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
18:52:38:022 6140 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:52:38:069 6140 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:52:38:100 6140 pci (5bedd5e1416da009c4f24adf8da13773) C:\Windows\system32\drivers\pci.sys
18:52:38:147 6140 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
18:52:38:194 6140 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:52:38:256 6140 Pcouffin (5b68c60b01dac03d895ec1ca0a0365da) C:\Windows\system32\Drivers\Pcouffin.sys
18:52:38:334 6140 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:52:38:412 6140 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
18:52:38:428 6140 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:52:38:459 6140 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
18:52:38:506 6140 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
18:52:38:568 6140 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:52:38:615 6140 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:52:38:646 6140 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
18:52:38:662 6140 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
18:52:38:724 6140 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:52:38:755 6140 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
18:52:38:786 6140 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
18:52:38:818 6140 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:52:38:880 6140 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:52:38:927 6140 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
18:52:38:989 6140 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
18:52:39:052 6140 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
18:52:39:083 6140 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
18:52:39:114 6140 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
18:52:39:145 6140 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
18:52:39:176 6140 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:52:39:254 6140 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
18:52:39:270 6140 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:52:39:301 6140 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:52:39:317 6140 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:52:39:364 6140 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
18:52:39:426 6140 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys
18:52:39:457 6140 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:52:39:488 6140 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:52:39:504 6140 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:52:39:520 6140 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:52:39:551 6140 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:52:39:582 6140 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:52:39:629 6140 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
18:52:39:676 6140 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
18:52:39:769 6140 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
18:52:39:769 6140 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
18:52:39:988 6140 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
18:52:40:050 6140 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
18:52:40:097 6140 srvnet (cd11a0767e82dd8b1a3a26d305dbec0f) C:\Windows\system32\DRIVERS\srvnet.sys
18:52:40:159 6140 swenum (92894dd7fdd62af808b1409b73af9c73) C:\Windows\system32\DRIVERS\swenum.sys
18:52:40:206 6140 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:52:40:237 6140 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:52:40:268 6140 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:52:40:315 6140 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys
18:52:40:393 6140 Tcpip (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\drivers\tcpip.sys
18:52:40:471 6140 Tcpip6 (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\DRIVERS\tcpip.sys
18:52:40:534 6140 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
18:52:40:596 6140 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
18:52:40:674 6140 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
18:52:40:705 6140 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
18:52:40:768 6140 TermDD (85908da29af0ab835048107ad2ad07d1) C:\Windows\system32\DRIVERS\termdd.sys
18:52:40:814 6140 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:52:40:846 6140 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
18:52:40:877 6140 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
18:52:40:955 6140 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:52:41:002 6140 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
18:52:41:048 6140 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:52:41:080 6140 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:52:41:111 6140 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:52:41:158 6140 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:52:41:189 6140 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
18:52:41:236 6140 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
18:52:41:282 6140 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
18:52:41:345 6140 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:52:41:392 6140 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
18:52:41:532 6140 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
18:52:41:594 6140 usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
18:52:41:626 6140 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
18:52:41:657 6140 usbser (c0488cc01a1c686b08a3d360c7f50324) C:\Windows\system32\drivers\usbser.sys
18:52:41:735 6140 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
18:52:41:797 6140 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:52:41:860 6140 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
18:52:41:906 6140 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:52:41:938 6140 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
18:52:41:984 6140 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:52:42:031 6140 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:52:42:094 6140 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:52:42:140 6140 volmgr (d9e9490c960624c416fbde080deeb7fe) C:\Windows\system32\drivers\volmgr.sys
18:52:42:172 6140 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
18:52:42:234 6140 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
18:52:42:265 6140 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:52:42:296 6140 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:52:42:452 6140 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
18:52:42:452 6140 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
18:52:42:515 6140 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:52:42:577 6140 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:52:42:624 6140 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
18:52:42:733 6140 winachsf (3b4522d0e750bac8fe7ae61622a57014) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:52:42:827 6140 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:52:42:905 6140 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
18:52:42:952 6140 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
18:52:43:014 6140 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:52:43:045 6140 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
18:52:43:123 6140 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
18:52:43:123 6140 Reboot required for cure complete..
18:52:43:264 6140 Cure on reboot scheduled successfully
18:52:43:264 6140
18:52:43:264 6140 Completed
18:52:43:264 6140
18:52:43:264 6140 Results:
18:52:43:264 6140 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:52:43:264 6140 File objects infected / cured / cured on reboot: 1 / 0 / 1
18:52:43:264 6140
18:52:43:264 6140 KLMD(ARK) unloaded successfully



Combofix report:



ComboFix 10-07-03.06 - Sam 04/07/2010 19:08:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1982.1319 [GMT 1:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Microsoft Security Essentials *disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-04 to 2010-07-04 )))))))))))))))))))))))))))))))
.

2010-07-04 18:19 . 2010-07-04 18:19 -------- d-----w- c:\users\Sam\AppData\Local\temp
2010-07-04 17:57 . 2010-07-04 18:00 -------- d-----w- C:\32788R22FWJFW
2010-07-04 14:18 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-07-04 14:17 . 2010-02-20 23:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-07-04 14:17 . 2010-02-20 21:30 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-07-04 14:01 . 2010-07-04 14:01 -------- d-----w- c:\program files\ESET
2010-07-04 13:37 . 2010-07-04 13:37 54888 ----a-w- c:\windows\system32\drivers\jbmkbznq.sys
2010-07-04 13:08 . 2010-07-04 13:09 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-03 20:14 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-03 20:14 . 2010-07-03 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 20:14 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 19:44 . 2010-07-03 19:44 388096 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-03 19:44 . 2010-07-03 19:44 -------- d-----w- c:\program files\Trend Micro
2010-07-03 18:34 . 2010-07-03 18:34 -------- d-----w- c:\program files\Windows Imaging
2010-07-03 18:31 . 2010-07-03 18:34 -------- d-----w- c:\program files\Windows AIK
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-02 17:06 . 2010-07-02 17:06 69 ----a-w- C:\RunSC.bat
2010-07-02 17:05 . 2010-07-02 17:23 -------- d-----w- c:\program files\SmartScan
2010-07-02 10:18 . 2010-07-02 10:18 -------- d-----w- c:\programdata\McAfee Security Scan
2010-07-02 10:18 . 2010-07-02 10:18 -------- d-----w- c:\programdata\McAfee
2010-07-02 10:18 . 2010-07-02 10:18 -------- d-----w- c:\program files\McAfee Security Scan
2010-07-02 09:40 . 2010-07-02 09:40 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
2010-07-02 09:40 . 2010-07-02 09:40 -------- d-----w- c:\programdata\Malwarebytes
2010-07-02 09:39 . 2010-07-02 09:40 6153352 ----a-w- c:\users\Sam\mbam-setup-1.46.exe
2010-07-01 23:26 . 2010-07-01 23:26 2 --shatr- c:\windows\winstart.bat
2010-07-01 23:25 . 2010-07-03 11:33 -------- d-----w- c:\program files\UnHackMe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-04 18:19 . 2007-12-17 00:58 -------- d-----w- c:\programdata\Kontiki
2010-07-04 17:53 . 2006-11-02 08:51 54888 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2010-07-04 15:40 . 2007-12-13 17:14 108872 ----a-w- c:\users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-03 17:34 . 2010-07-03 17:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-07-02 18:25 . 2008-01-19 12:57 -------- d-----w- c:\program files\TVUPlayer
2010-07-02 18:20 . 2007-12-14 23:19 -------- d-----w- c:\program files\PSXMemTool
2010-07-02 18:18 . 2008-08-30 22:45 -------- d-----w- c:\program files\Pcsx2_0.9.4
2010-07-02 18:15 . 2007-08-20 17:06 -------- d-----w- c:\program files\Microsoft Works
2010-07-02 18:11 . 2008-05-20 21:29 -------- d-----w- c:\program files\Gizmo5
2010-07-02 18:11 . 2009-08-28 18:13 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-02 18:06 . 2010-03-02 20:36 -------- d-----w- c:\program files\FilmOn HDi Player
2010-07-02 17:57 . 2009-03-11 23:30 -------- d-----w- c:\program files\CloneDVD
2010-07-02 17:27 . 2008-08-19 19:52 -------- d-----w- c:\program files\Zattoo
2010-07-02 17:25 . 2007-12-18 01:15 -------- d-----w- c:\program files\Winamp
2010-07-02 17:25 . 2009-08-22 14:02 -------- d-----w- c:\program files\Veetle
2010-07-02 17:25 . 2008-07-17 21:08 -------- d-----w- c:\program files\TVersity Codec Pack
2010-07-02 17:25 . 2008-01-19 13:27 -------- d-----w- c:\program files\TVAnts
2010-07-02 17:25 . 2009-03-25 00:03 -------- d-----w- c:\program files\TotalAudioConverter
2010-07-02 17:24 . 2008-04-12 13:48 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-02 17:24 . 2009-09-16 19:02 -------- d-----w- c:\program files\StreamTorrent 1.0
2010-07-02 17:24 . 2008-03-29 14:44 -------- d-----w- c:\program files\SopCast
2010-07-02 17:23 . 2007-12-25 15:36 -------- d-----w- c:\program files\Photo Viewer
2010-07-02 17:23 . 2010-04-04 14:33 -------- d-----w- c:\program files\Pcsx2
2010-07-02 17:19 . 2009-11-15 19:37 -------- d-----w- c:\program files\Grand Theft Auto
2010-07-02 17:19 . 2007-08-20 17:24 -------- d-----w- c:\program files\Google
2010-07-02 17:19 . 2008-01-22 00:58 -------- d-----w- c:\program files\FileFactory Turbo
2010-07-02 17:17 . 2008-10-25 16:51 -------- d-----w- c:\program files\BitTorrent
2010-07-01 21:02 . 2010-01-16 23:47 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2010-07-01 21:02 . 2010-01-10 13:27 -------- d-----w- c:\program files\MotioninJoy
2010-07-01 21:02 . 2010-04-21 22:18 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-01 21:02 . 2010-04-05 19:59 -------- d-----w- c:\program files\SEGA
2010-07-01 21:02 . 2010-02-28 09:00 -------- d-----w- c:\programdata\MotioninJoy
2010-07-01 21:02 . 2010-01-03 14:24 -------- d-----w- c:\programdata\Lavasoft
2010-07-01 21:02 . 2010-01-03 14:24 -------- d-----w- c:\program files\Lavasoft
2010-05-21 13:14 . 2009-10-09 21:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-21 23:07 . 2007-12-13 20:42 198175 ----a-w- c:\users\Sam\AppData\Roaming\nvModes.dat
2010-04-21 22:05 . 2010-04-21 22:05 3351812 ----a-w- c:\programdata\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\msxml6Exec.exe
2010-04-21 22:05 . 2010-04-21 22:05 36864 ----a-w- c:\programdata\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\Sleep.exe
2010-04-21 22:05 . 2010-04-21 22:05 3203453 ----a-w- c:\programdata\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\vcredistExec.exe
2010-04-21 22:04 . 2010-04-21 22:07 35362608 ----a-w- c:\programdata\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\NokiaSoftwareUpdaterSetup_en.exe
2010-04-05 20:04 . 2010-04-05 20:04 4096 ----a-w- c:\windows\d3dx.dat
2007-12-17 16:36 . 2007-12-17 16:36 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-03-07 843776]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-20 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2008-10-20 102400]
R3 ECS_Loader_220;Digital TV Receiver Firmware Loader 5.10.31.0;c:\windows\system32\Drivers\ECS_Loader_220.sys [2005-10-31 15616]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-11 1181328]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2009-12-09 46592]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-11-15 717296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-04 c:\windows\Tasks\User_Feed_Synchronization-{3336D13F-DDA3-4866-BB44-9E6E5A4999C8}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
IE: Download all links with IDM - c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IEGetVL.htm
IE: Download with &FileFactory Turbo - c:\program files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
IE: Download with IDM - c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\t837plme.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - component: c:\users\Sam\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
SafeBoot-klmdb.sys
AddRemove-Final Fantasy VII - c:\program files\Square Soft



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-04 19:19
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-765861078-2712400846-2122610106-1000_Classes\CLSID\{1c80cf40-5870-4801-9c95-a99b0ed0d3ae}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000014f
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,2e,31,62,87,80,8c,99,7f,21,0d,d0,09,b2,27,18,e2,f8,63,62,e9,c8,a7,\

[HKEY_USERS\S-1-5-21-765861078-2712400846-2122610106-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):2e,44,3a,54,19,37,ad,73,b4,69,17,86,2b,a8,12,4a,79,06,89,92,68,
0a,2a,69,ec,aa,ad,d9,3e,4e,a5,0b,bc,f4,17,98,22,ce,1b,cb,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-765861078-2712400846-2122610106-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):70,3a,44,28,9e,96,72,a0,53,43,b5,90,91,db,bd,76,7f,fb,a0,27,44,
68,e1,e6,7b,69,13,f3,74,e3,46,cd,49,70,54,23,4d,60,36,16,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-765861078-2712400846-2122610106-1000_Classes\CLSID\{f33cbe8d-f36e-4210-a27f-454a90cb499b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000085
"Therad"=dword:00000015
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,6b,89,e9,09,6f,ad,8c,9d,a2,a7,61,de,52,29,ee,18,55,75,50,d7,11,d9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-04 19:22:37
ComboFix-quarantined-files.txt 2010-07-04 18:22

Pre-Run: 3,860,000,768 bytes free
Post-Run: 3,821,948,928 bytes free

- - End Of File - - E7B0D620A1C8A4B2AEBE7260B76F93A8
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok well it is more than likely just a cpu issue then.

Please submit the following file to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

c:\windows\system32\drivers\jbmkbznq.sys

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.
  • 0

#7
guy incognito

guy incognito

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Jotti's malware scan
Filename: jbmkbznq.sys
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Sun 4 Jul 2010 21:23:11 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 54888 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: 01f1e5a3e4877c931cbb31613fec16a6
SHA1: 2b68cc684b13bd2840e74c60569cf6dc4cb602a5







Scanners
2010-07-04 Found nothing 2010-07-04 Found nothing
2010-07-04 Found nothing 2010-07-04 Found nothing
2010-07-03 Found nothing 2010-07-04 Found nothing
2010-07-02 Found nothing 2010-07-04 Found nothing
2010-07-04 Found nothing 2010-07-04 Found nothing
2010-07-04 Found nothing 2010-07-01 Found nothing
2010-07-04 Found nothing 2010-07-04 Found nothing
2010-07-04 Found nothing 2010-07-02 Found nothing
2010-07-04 Found nothing 2010-07-04 Found nothing
2010-07-04 Found nothing



--------------------------------------------------------------------------------




Scan a file - Hash search - Frequently Asked Questions - Privacy policy

© 2004-2010 Jotti <[email protected]>



Virustotal scan

File jbmkbznq.sys received on 2010.07.04 19:23:56 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 57 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.04 -
AhnLab-V3 2010.07.03.00 2010.07.03 -
AntiVir 8.2.4.2 2010.07.02 -
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.04 -
Avast 4.8.1351.0 2010.07.04 -
Avast5 5.0.332.0 2010.07.04 -
AVG 9.0.0.836 2010.07.04 -
BitDefender 7.2 2010.07.04 -
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.04 -
Comodo 5317 2010.07.04 -
DrWeb 5.0.2.03300 2010.07.04 -
eSafe 7.0.17.0 2010.07.04 -
eTrust-Vet 36.1.7684 2010.07.03 -
F-Prot 4.6.1.107 2010.07.04 -
F-Secure 9.0.15370.0 2010.07.04 -
Fortinet 4.1.133.0 2010.07.04 -
GData 21 2010.07.04 -
Ikarus T3.1.1.84.0 2010.07.04 -
Jiangmin 13.0.900 2010.07.03 -
Kaspersky 7.0.0.125 2010.07.04 -
McAfee 5.400.0.1158 2010.07.04 -
McAfee-GW-Edition 2010.1 2010.07.02 -
Microsoft 1.5902 2010.07.03 -
NOD32 5251 2010.07.04 -
Norman 6.05.10 2010.07.04 -
nProtect 2010-07-04.02 2010.07.04 -
Panda 10.0.2.7 2010.07.04 -
PCTools 7.0.3.5 2010.07.02 -
Rising 22.54.04.04 2010.07.02 -
Sophos 4.54.0 2010.07.04 -
Sunbelt 6543 2010.07.04 -
Symantec 20101.1.0.89 2010.07.04 -
TheHacker 6.5.2.1.307 2010.07.04 -
TrendMicro 9.120.0.1004 2010.07.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.04 -
VBA32 3.12.12.5 2010.07.02 -
ViRobot 2010.7.3.3920 2010.07.04 -
VirusBuster 5.0.27.0 2010.07.04 -
Additional information
File size: 54888 bytes
MD5...: 01f1e5a3e4877c931cbb31613fec16a6
SHA1..: 2b68cc684b13bd2840e74c60569cf6dc4cb602a5
SHA256: 7312c41a8188baebf6e3216b74f7698efd1e80f77e7bb051b34ab14fb84e4130
ssdeep: 1536:zqMQ/UdBXLTVb2BlJV5QcRkBFMvBrG+zVACfs5bd:zRQ/UdBtbCV5zkBm5K
+zVA7bd

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xd255
timedatestamp.....: 0x4549b17a (Thu Nov 02 08:51:06 2006)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7c2 0x800 6.01 9428989076ddd9180a1aad3bd073b982
.rdata 0x2000 0x435 0x600 3.33 34b02d5e270bde978ca0b41cf14e9b1d
.data 0x3000 0x90 0x200 1.18 347e71e0e95b9232b714b0dfec2ebb4f
PAGE 0x4000 0x8a90 0x8c00 6.34 5f6eeabc3c9345ddf318210cc28a5177
INIT 0xd000 0xbd6 0xc00 5.82 5429771c6cd5b31cb7ff9e785d235506
.rsrc 0xe000 0x3f8 0x400 3.37 d6ae71e9b6a7937b661429b6e2c3beb3
.reloc 0xf000 0x784 0x800 6.11 02ceb127db72c05fef4a7f8a47837029

( 2 imports )
> ntoskrnl.exe: memcpy, ExFreePoolWithTag, IoCreateSymbolicLink, IoDeleteSymbolicLink, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, IoGetAttachedDeviceReference, ObfDereferenceObject, KeWaitForSingleObject, IoGetDeviceObjectPointer, KeReleaseMutex, RtlEqualUnicodeString, RtlInitUnicodeString, RtlCompareMemory, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, RtlStringFromGUID, ExUuidCreate, RtlWriteRegistryValue, KeSetEvent, IoFreeWorkItem, ZwClose, ZwSetInformationFile, ZwWriteFile, ZwReadFile, IoSetThreadHardErrorMode, ZwCreateFile, RtlCreateSystemVolumeInformationFolder, IoQueueWorkItem, IoAllocateWorkItem, ZwQueryInformationFile, KeReleaseSemaphore, ObIsDosDeviceLocallyMapped, RtlQueryRegistryValues, memset, IoFreeIrp, ZwFsControlFile, RtlPrefixUnicodeString, RtlDeleteRegistryValue, IoReportTargetDeviceChangeAsynchronous, RtlCompareUnicodeString, IoUnregisterPlugPlayNotification, IofCompleteRequest, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ExQueueWorkItem, ZwWaitForSingleObject, ZwOpenEvent, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, IoDeleteDevice, IoCancelIrp, KeResetEvent, IoUnregisterShutdownNotification, RtlUpcaseUnicodeChar, ZwQueryDirectoryFile, IoRegisterPlugPlayNotification, memmove, ObQueryNameString, IoFileObjectType, ZwQueryVolumeInformationFile, IoSetCompletionRoutineEx, PsGetCurrentThread, IoInitializeIrp, IoAllocateIrp, IoSetSystemPartition, PsSetThreadHardErrorsAreDisabled, PsGetThreadHardErrorsAreDisabled, IoRegisterShutdownNotification, KeInitializeSemaphore, KeInitializeMutex, IoCreateDevice, RtlCreateRegistryKey, KeTickCount, KeBugCheckEx, ExAllocatePoolWithTag, ZwOpenFile, ObReferenceObjectByHandle
> HAL.dll: KfReleaseSpinLock, KfAcquireSpinLock

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Mount Point Manager
original name: mountmgr.sys
internal name: mountmgr.sys
file version.: 6.0.6000.16386 (vista_rtm.061101-2205)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great please delete that file.

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
Please do a scan with Kaspersky Online Scanner

Note: This scanner is for Internet Explorer.
If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
guy incognito

guy incognito

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Just an update, the symptoms of whatever infected my computer seem to have resolved at this point, i no longer get suspicious search engines or unwanted popups/new tabs with search results.

I have also installed some security programs (online armor, spywareblaster, spyware guard) prior to your most recent post


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4275

Windows 6.0.6000
Internet Explorer 7.0.6000.16711

04/07/2010 23:14:38
mbam-log-2010-07-04 (23-14-38).txt

Scan type: Quick scan
Objects scanned: 131784
Time elapsed: 16 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------

Kaspersky Online Scanner found no threats in My Computer
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great please run DDS once more and post those logs and let me know of any remaining issues?
  • 0

#11
guy incognito

guy incognito

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
You mentioned in one of your earlier posts about a possible CPU issue and that I might need to do something with my BIOS? Otherwise everything seems to be running normally. Thanks for your help.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Sam at 14:46:20.29 on 05/07/2010
Internet Explorer: 7.0.6000.16711 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1982.936 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
SP: Microsoft Security Essentials *disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Gizmo5\mDNSResponder.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Kontiki\KService.exe
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\Installer\MSI937C.tmp
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\users\sam\appdata\roaming\microsoft\windows\start menu\programs\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\OAui.exe"
StartupFolder: c:\users\sam\appdata\roaming\micros~1\windows\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Download FLV video content with IDM - c:\users\sam\appdata\roaming\microsoft\windows\start menu\programs\internet download manager\IEGetVL.htm
IE: Download with &FileFactory Turbo - c:\program files\filefactory turbo\plugins\ie\FileFactoryIE.html
IE: Download with IDM - c:\users\sam\appdata\roaming\microsoft\windows\start menu\programs\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\sam\appdata\roaming\mozilla\firefox\profiles\t837plme.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - component: c:\users\sam\appdata\roaming\idm\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-3 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-7-4 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-7-4 24440]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-7-4 1284600]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-1-17 33792]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2010-7-4 30584]
S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-7-4 3364856]
S2 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]
S3 ECS_Loader_220;Digital TV Receiver Firmware Loader 5.10.31.0;c:\windows\system32\drivers\ECS_Loader_220.sys [2005-10-31 15616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-1-10 46592]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]

=============== Created Last 30 ================

2010-07-05 02:11:40 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-07-05 02:11:38 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-07-05 02:11:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-07-05 02:11:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-07-05 02:11:13 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-05 02:11:13 11264 ----a-w- c:\windows\system32\icardres.dll
2010-07-05 02:11:07 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-07-05 02:10:43 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-04 21:11:48 65536 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2010-07-04 21:11:48 63176704 ----a-w- c:\windows\ocsetup_install_NetFx3.etl
2010-07-04 21:11:48 327680 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.perf
2010-07-04 21:10:59 0 d-----w- c:\program files\SpywareGuard
2010-07-04 21:03:23 0 d-----w- c:\program files\SpywareBlaster
2010-07-04 20:59:22 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-07-04 20:59:13 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-07-04 20:59:08 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-04 20:58:29 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-07-04 20:58:12 83968 ----a-w- c:\windows\system32\mscories.dll
2010-07-04 20:12:33 0 d-----w- c:\users\sam\appdata\roaming\OnlineArmor
2010-07-04 20:12:33 0 d-----w- c:\programdata\OnlineArmor
2010-07-04 20:08:40 30584 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-07-04 20:08:40 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-07-04 20:08:40 228216 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-07-04 20:08:27 0 d-----w- c:\program files\Tall Emu
2010-07-04 18:22:43 0 d-sh--w- C:\$RECYCLE.BIN
2010-07-04 18:02:57 98816 ----a-w- c:\windows\sed.exe
2010-07-04 18:02:57 77312 ----a-w- c:\windows\MBR.exe
2010-07-04 18:02:57 256512 ----a-w- c:\windows\PEV.exe
2010-07-04 18:02:57 161792 ----a-w- c:\windows\SWREG.exe
2010-07-04 14:18:05 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-07-04 14:17:57 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-07-04 14:17:57 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-07-04 14:01:44 0 d-----w- c:\program files\ESET
2010-07-04 13:08:36 0 d-----w- c:\program files\Microsoft Security Essentials
2010-07-03 20:14:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-03 20:14:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 20:14:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 19:44:39 0 d-----w- c:\program files\Trend Micro
2010-07-03 18:34:36 0 d-----w- c:\program files\Windows Imaging
2010-07-03 18:31:14 0 d-----w- c:\program files\Windows AIK
2010-07-03 17:34:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-07-03 16:36:13 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-02 17:06:01 69 ----a-w- C:\RunSC.bat
2010-07-02 17:05:48 203976 ----a-w- c:\windows\system32\richtx32.ocx
2010-07-02 17:05:48 0 d-----w- c:\program files\SmartScan
2010-07-02 10:18:45 0 d-----w- c:\programdata\McAfee Security Scan
2010-07-02 10:18:44 0 d-----w- c:\programdata\McAfee
2010-07-02 10:18:37 0 d-----w- c:\program files\McAfee Security Scan
2010-07-02 09:40:49 0 d-----w- c:\users\sam\appdata\roaming\Malwarebytes
2010-07-02 09:40:35 0 d-----w- c:\programdata\Malwarebytes
2010-07-02 09:39:51 6153352 ----a-w- c:\users\sam\mbam-setup-1.46.exe
2010-07-01 23:26:54 2 --shatr- c:\windows\winstart.bat
2010-07-01 23:25:50 0 d-----w- c:\program files\UnHackMe

==================== Find3M ====================

2010-07-04 20:10:58 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-04 20:10:58 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-04 20:10:57 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-04 17:53:49 54888 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-21 23:07:48 198175 ----a-w- c:\users\sam\appdata\roaming\nvModes.dat
2008-07-09 13:02:59 174 --sha-w- c:\program files\desktop.ini
2008-07-09 13:00:23 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-17 16:36:56 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 14:48:06.57 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 28/09/2007 13:45:25
System Uptime: 07/05/2010 02:35:58 (1428 hours ago)

Motherboard: Quanta | | 30CF
Processor: AMD Turion™ 64 X2 Mobile Technology TL-58 | Socket S1 | 1900/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 104 GiB total, 2.664 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.679 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP817: 21/06/2010 21:49:06 - Windows Update
RP819: 22/06/2010 17:38:29 - Avg8 Update
RP820: 25/06/2010 21:26:03 - Windows Update
RP821: 28/06/2010 13:26:12 - Scheduled Checkpoint
RP822: 29/06/2010 10:35:20 - Scheduled Checkpoint
RP825: 01/07/2010 21:54:28 - Restore Operation
RP841: 04/07/2010 21:08:46 - Online Armor installation
RP842: 04/07/2010 21:10:00 - Device Driver Package Install: TLEM Network Service
RP843: 04/07/2010 21:52:58 - Windows Update
RP844: 05/07/2010 03:01:39 - Windows Update

==== Installed Programs ======================

4oD
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Apple Software Update
AudibleManager
AudioConverter
BayGenie eBay Auction Sniper Free Edition 3.1.3.0
BayGenie eBay Auction Sniper Pro Edition 3.3.1.0
BBC iPlayer Download Manager
BitTorrent
CloneCD
CloneDVD 3.6
CloneDVD2
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
DAEMON Tools Toolbar
DNA
DVB2GO mini
DVD Region+CSS Free 5.9.3.2
Easy GIF Animator 4.6 Pro
ESET Online Scanner v3
ESU for Microsoft Vista
ffdshow [rev 1723] [2007-12-24]
FilmOn HDi Player
Full Tilt Poker
Gizmo5
Google Toolbar for Internet Explorer
Grand Theft Auto
Half-Life® 2
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.2
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
Internet Download Manager
Java™ 6 Update 3
Java™ 6 Update 7
Java™ SE Runtime Environment 6
LibUSB-Win32-0.1.10.1
LightScribe 1.6.43.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Media Go
Media Player Codec Pack 1.1.0
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Office Professional Edition 2003
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.6)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
Napster
Napster Burn Engine
Nero 6 Ultra Edition
Nokia Connectivity Cable Driver
Nokia Home Media Server
Nokia Map Loader
Nokia Ovi Application Installer
Nokia Ovi Application Installer 6.85.3011
Nokia Ovi Content Copier
Nokia Ovi Content Copier 6.85.3011
Nokia Ovi One Touch Access
Nokia Ovi One Touch Access 6.85.3010
Nokia Ovi Player
Nokia Ovi Suite
Nokia Ovi System Utilities
Nokia Ovi System Utilities 6.85.3013
Nokia Photos
Nokia Software Updater
Nokia_Multimedia_Common_Components_2_5
NVIDIA Drivers
Online Armor 4.0
PartyPoker
PC Connectivity Solution
Pcsx2 0.9.4 Watermoose
Pcsx2 0.9.6
Photo Viewer 2.3
PiMPStreamer
PlayStation®Network Downloader
PlayStation®Store
Power Tab Editor 1.7
PPStream
PSP ISO Compressor
PSPHost
PSSWCORE
PSXMemTool 1.17b (remove only)
QuickTime
RealPlayer
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Sky Anytime
SmartAudio
SopCast 3.0.1
SpywareBlaster 4.3
SpywareGuard v2.2
Steam™
Stream Torrent 1.0
SubEdit-Player
SubEdit - Vista WMP Patch
Synaptics Pointing Device Driver
System Requirements Lab
THE HOUSE OF THE DEAD 2
TomTom HOME 2.5.2.60
TVAnts 1.0
TVersity Codec Pack 1.2
TVersity Media Server 1.0.0.2 RC1
TVUPlayer 2.3.5.2
TwonkyMedia
Ulead GIF Animator 5 TBYB
Unix Utilities for Yahoo! Widgets
VC_MergeModuleToMSI
Veetle TV 0.9.15
VLC media player 0.9.8a
Winamp
Windows Automated Installation Kit
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Install Manager
Yahoo! Widgets
Zattoo 3.3.4 Beta
ZEN Vision:M Series Media Explorer
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

30/06/2010 17:46:52, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 1 Memory Hierarchy Level: 1 Request Type: 3 Address: 841762339848
30/06/2010 14:11:42, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 1 Memory Hierarchy Level: 1 Request Type: 7 Address: 1984
30/06/2010 14:11:10, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 13, function 0. Please contact your system vendor for technical assistance.
30/06/2010 14:11:10, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0. Please contact your system vendor for technical assistance.
30/06/2010 10:15:44, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The dependency service or group failed to start.
29/06/2010 23:48:23, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
29/06/2010 23:28:01, Error: Service Control Manager [7022] - The KService service hung on starting.
29/06/2010 23:26:22, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/06/2010 23:25:09, Error: EventLog [6008] - The previous system shutdown at 23:22:55 on 29/06/2010 was unexpected.
28/06/2010 00:44:00, Error: Service Control Manager [7030] - The Network Access Protection Agent napagentIKEEXT service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
28/06/2010 00:08:08, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
28/06/2010 00:08:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
04/07/2010 21:43:58, Error: Service Control Manager [7022] - The Online Armor service hung on starting.
04/07/2010 21:42:39, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
04/07/2010 21:40:36, Error: Service Control Manager [7034] - The Online Armor service terminated unexpectedly. It has done this 1 time(s).
04/07/2010 19:07:08, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
04/07/2010 19:06:48, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
04/07/2010 18:53:58, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 3 Memory Hierarchy Level: 1 Request Type: 5 Address: 0
04/07/2010 18:46:24, Error: EventLog [6008] - The previous system shutdown at 18:45:05 on 04/07/2010 was unexpected.
04/07/2010 18:17:17, Error: EventLog [6008] - The previous system shutdown at 18:11:51 on 04/07/2010 was unexpected.
04/07/2010 18:13:33, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
04/07/2010 18:03:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6
04/07/2010 18:02:54, Error: EventLog [6008] - The previous system shutdown at 17:59:23 on 04/07/2010 was unexpected.
04/07/2010 17:55:36, Error: EventLog [6008] - The previous system shutdown at 16:50:41 on 04/07/2010 was unexpected.
04/07/2010 16:46:10, Error: EventLog [6008] - The previous system shutdown at 16:44:12 on 04/07/2010 was unexpected.
04/07/2010 16:36:54, Error: EventLog [6008] - The previous system shutdown at 16:33:54 on 04/07/2010 was unexpected.
04/07/2010 14:56:31, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
04/07/2010 14:55:52, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 13 Memory/IO: 2 Address: 18383187884317863487
04/07/2010 14:50:37, Error: Service Control Manager [7034] - The LiveUpdate Notice Service service terminated unexpectedly. It has done this 1 time(s).
04/07/2010 14:50:37, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
04/07/2010 14:38:51, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 2 Address: 9160202892735934271
04/07/2010 14:13:47, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
04/07/2010 14:13:06, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
04/07/2010 14:12:23, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
04/07/2010 13:43:28, Error: EventLog [6008] - The previous system shutdown at 13:40:25 on 04/07/2010 was unexpected.
04/07/2010 11:05:13, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/07/2010 11:05:13, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
04/07/2010 10:42:20, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 2 Memory Hierarchy Level: 0 Request Type: 4 Address: 0
03/07/2010 22:34:40, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 3895072416046632511
03/07/2010 20:43:16, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {AC746233-E9D3-49CD-862F-068F7B7CCCA4} as /. The error: "2" Happened while starting this command: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDMan.exe -Embedding
03/07/2010 20:29:54, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 13 Memory/IO: 2 Address: 13118444452618276415
03/07/2010 18:34:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the libusbd service.
03/07/2010 18:11:24, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 18378648825977359935
03/07/2010 17:06:42, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Sam-PC\Sam SID (S-1-5-21-765861078-2712400846-2122610106-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
03/07/2010 16:55:36, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 18383152699945774655
03/07/2010 16:49:07, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 13 Memory/IO: 2 Address: 18446743919090728923
03/07/2010 16:36:23, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 1 Memory Hierarchy Level: 1 Request Type: 3 Address: 833172798984
03/07/2010 09:56:11, Error: EventLog [6008] - The previous system shutdown at 09:53:35 on 03/07/2010 was unexpected.
03/07/2010 09:07:35, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 1 Memory Hierarchy Level: 1 Request Type: 3 Address: 841763257352
02/07/2010 21:10:43, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
02/07/2010 19:47:53, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 13 Memory/IO: 2 Address: 18446743917547744831
02/07/2010 19:43:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02/07/2010 19:42:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
02/07/2010 19:42:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
02/07/2010 19:42:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
02/07/2010 19:42:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/07/2010 19:42:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02/07/2010 19:40:48, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/07/2010 19:40:48, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
02/07/2010 19:40:34, Error: EventLog [6008] - The previous system shutdown at 19:38:01 on 02/07/2010 was unexpected.
02/07/2010 19:40:05, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 13 Memory/IO: 2 Address: 18383196680410885695
02/07/2010 19:36:53, Error: PlugPlayManager [11] - The device Root\LEGACY_GCOXGISC\0000 disappeared from the system without first being prepared for removal.
02/07/2010 16:28:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
02/07/2010 16:28:26, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/07/2010 16:24:35, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 18311095106448911935
02/07/2010 16:23:06, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 1 Memory Hierarchy Level: 1 Request Type: 8 Address: 0
02/07/2010 15:43:03, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 2 Address: 18383618910055820863
02/07/2010 00:43:51, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 2 Address: 18383196680410885695
02/07/2010 00:31:05, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 1 Participation: 0 Request Type: 5 Memory/IO: 3 Address: 0
01/07/2010 22:27:55, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
01/07/2010 22:12:03, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
01/07/2010 22:05:37, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.85.532.0 Loading engine version: 1.1.5802.0
01/07/2010 22:04:22, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 3606824344630562367
01/07/2010 17:48:22, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 13 Memory/IO: 2 Address: 9160317241945223103
01/07/2010 17:47:19, Error: Service Control Manager [7001] - The Windows Update service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The service has not been started.
01/07/2010 17:47:19, Error: Service Control Manager [7001] - The Security Center service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The service has not been started.
01/07/2010 17:47:19, Error: Service Control Manager [7001] - The KtmRm for Distributed Transaction Coordinator service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The operation completed successfully.
01/07/2010 17:47:16, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The operation completed successfully.
01/07/2010 17:46:29, Error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The service has not been started.
01/07/2010 17:46:29, Error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The operation completed successfully.
01/07/2010 17:46:28, Error: Service Control Manager [7024] - The Remote Procedure Call (RPC) service terminated with service-specific error 1717 (0x6B5).
01/07/2010 17:46:28, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The operation completed successfully.
01/07/2010 17:46:27, Error: Service Control Manager [7031] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
01/07/2010 17:46:27, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
01/07/2010 17:46:27, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
01/07/2010 17:46:27, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
01/07/2010 17:46:27, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
01/07/2010 17:46:24, Error: Service Control Manager [7031] - The IPsec Policy Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
01/07/2010 17:46:19, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
01/07/2010 17:43:45, Error: Microsoft-Windows-Kernel-WHEA [6] - Machine Check Event reported is a fatal memory hierarchy error. Trasaction Type: 2 Memory Hierarchy Level: 3 Request Type: 13 Address: 4471533168335504959

==== End Of File ===========================
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok what is the make and model of the system?
If Hp it will be marked on the bottom on a white sticker may say something like dv5423us or something similar.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP