Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infection ! Browser Hijacked and Blue Screens

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infection ! Browser Hijacked and Blue Screens

Unread postby Pumpkinhead » June 28th, 2011, 10:14 am

Hello,
I am a newbie here and I want to provide you all the information you need.
I have an infection that I am unable to get rid of. My virus scanner and Malewarebytes are catching them and quarantining them but they do not seem to "really" get them deleted. I am having my browser hijacked by " MY ONLINE ARCADE " and I am experiencing BSOD.

Below are the DDS logs as requested:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Kyle at 8:52:18 on 2011-06-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3069.897 [GMT -4:00]
.
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\UTILTI~1\AVG\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\EVGA Precision\EVGAPrecision.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\UtiltiesSecurity\AVG\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\dllhost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\UtiltiesSecurity\ThreatFire\TFService.exe
C:\Program Files\UtiltiesSecurity\AVG\avgam.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\UtiltiesSecurity\AVG\avgnsx.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\UtiltiesSecurity\AVG\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\msdtc.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\UtiltiesSecurity\AVG\avgcsrvx.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\UtiltiesSecurity\ThreatFire\TFTray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\UtiltiesSecurity\AVG\avgtray.exe
C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\UtiltiesSecurity\AVG\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Kyle\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\UTILTI~1\AVG\avgrsx.exe
C:\Program Files\UtiltiesSecurity\AVG\avgcsrvx.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Silverlight\4.0.60531.0\agcp.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://home.mywebsearch.com/index.jhtml ... jUKNarEOhA
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\utiltiessecurity\avg\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\utiltiessecurity\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ThreatFire] c:\program files\utiltiessecurity\threatfire\TFTray.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AVG_TRAY] c:\program files\utiltiessecurity\avg\avgtray.exe
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: isssolutions.com\remoteuser
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://remoteuser.isssolutions.com/XTSAC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8B1CBC79-591B-4714-B1FB-15A893CC2D83} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\utiltiessecurity\avg\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\8cg5bccp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\utiltiessecurity\avg\firefox4\components\avgssff4.dll
FF - component: c:\program files\utiltiessecurity\avg\firefox4\components\avgssff5.dll
FF - component: c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\8cg5bccp.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgoogletalk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\kyle\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\kyle\appdata\local\roblox\versions\version-5ce51d8367464075\NPRobloxProxy.dll
FF - plugin: c:\users\kyle\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\8cg5bccp.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\8cg5bccp.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll
FF - plugin: c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\8cg5bccp.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\kyle\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\kyle\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\kyle\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\documents and settings\kyle wilson\application data\mozilla\plugins\npcoolirisplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-1-16 902432]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-1-14 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-1-14 59664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2009-10-13 114184]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-1-16 2326920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\utiltiessecurity\avg\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\utiltiessecurity\avg\avgwdsvc.exe [2011-2-8 269520]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-9 12672]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2009-10-30 146440]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2009-10-13 97800]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2009-10-13 101384]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-7-13 7168]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
R2 ThreatFire;ThreatFire;c:\program files\utiltiessecurity\threatfire\tfservice.exe service --> c:\program files\utiltiessecurity\threatfire\TFService.exe service [?]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2007-9-6 302112]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-1-16 159168]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 RTCore32;RTCore32;c:\program files\evga precision\RTCore32.sys [2005-5-25 4608]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-1-14 33552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-11-2 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
.
=============== Created Last 30 ================
.
2011-06-28 02:48:50 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-28 02:48:50 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-28 02:48:50 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-28 02:48:50 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-28 02:48:50 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-28 02:48:50 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-06-28 02:48:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-28 02:48:49 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-06-27 16:40:47 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-27 16:40:47 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-27 16:40:47 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-27 16:40:42 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-27 16:40:42 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-27 16:40:40 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-27 16:40:36 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-27 16:40:28 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-27 16:40:24 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-27 16:40:24 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-27 16:40:24 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-27 16:04:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-27 16:04:37 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-27 16:04:36 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-27 14:09:08 -------- d-----w- c:\windows\system32\drivers\umdf\pt-BR
2011-06-27 14:09:04 -------- d-----w- c:\windows\system32\drivers\umdf\pt-PT
2011-06-27 14:09:02 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
2011-06-27 14:09:00 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
2011-06-27 14:08:58 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
2011-06-27 14:08:56 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
2011-06-27 14:08:53 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
2011-06-23 02:08:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-05-10 01:33:19 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-05-03 12:07:40 6952840 ----a-w- c:\users\kyle\lws225.exe
2011-04-15 01:28:30 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-14 19:12:01 158399432 ----a-w- c:\users\kyle\Templates_Plus_DVD.exe
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-04-01 09:11:10 4333280 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-04-01 09:10:46 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 09:10:24 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 09:09:48 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-04-01 09:08:56 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 09:08:36 301664 ----a-w- c:\windows\system32\lvcodec2.dll
2011-04-01 09:07:02 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 09:07:02 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 09:06:56 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 08:56:20 39318 ----a-w- c:\windows\system32\Repository.reg
2010-08-02 11:08:37 25186816 ----a-w- c:\program files\Maxtor OneTouch III.msi
2009-12-09 19:50:20 2502808 ----a-w- c:\program files\cpuz_152_setup.exe
2009-10-22 23:55:45 289072 ----a-w- c:\program files\uTorrent.exe
.
============= FINISH: 9:05:01.74 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/10/2010 6:46:38 AM
System Uptime: 6/28/2011 7:20:03 AM (2 hours ago)
.
Motherboard: Dell Inc | | 0PP150
Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | Socket 775 | 2500/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 658 GiB total, 314.248 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 49 GiB total, 6.219 GiB free.
F: is FIXED (NTFS) - 184 GiB total, 0.222 GiB free.
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 233 GiB total, 188.296 GiB free.
M: is Removable
N: is Removable
O: is Removable
P: is FIXED (NTFS) - 149 GiB total, 138.886 GiB free.
Q: is FIXED (NTFS) - 0 GiB total, 0.058 GiB free.
T: is FIXED (NTFS) - 932 GiB total, 656.724 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Patriot Memory
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_PATRIOT_MEMORY&REV_PMAP#078A0BA50033&0#
Manufacturer:
Name: PATRIOT
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_PATRIOT_MEMORY&REV_PMAP#078A0BA50033&0#
Service: WUDFRd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avipbb
Device ID: ROOT\LEGACY_AVIPBB\0000
Manufacturer:
Name: avipbb
PNP Device ID: ROOT\LEGACY_AVIPBB\0000
Service: avipbb
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB CF Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#058F312D81B&1#
Manufacturer: Generic
Name: M:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#058F312D81B&1#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB MS Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#058F312D81B&3#
Manufacturer: Generic
Name: O:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#058F312D81B&3#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SD Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#058F312D81B&0#
Manufacturer: Generic
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#058F312D81B&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SM Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#058F312D81B&2#
Manufacturer: Generic
Name: N:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#058F312D81B&2#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP126: 6/9/2011 7:31:24 PM - Revo Uninstaller's restore point - ArcSoft MediaImpression for Kodak
RP128: 6/9/2011 7:32:36 PM - Removed MediaImpression
RP129: 6/20/2011 4:20:27 PM - Scheduled Checkpoint
RP131: 6/23/2011 8:51:40 AM - Windows Update
RP133: 6/26/2011 10:44:03 PM - Restore Operation
RP135: 6/27/2011 9:35:36 AM - Revo Uninstaller's restore point - Zune
RP137: 6/27/2011 10:07:22 AM - Installed Zune 4.7
RP138: 6/27/2011 12:41:09 PM - Windows Update
.
==== Installed Programs ======================
.
.
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Mobile Device Support
AVG 2011
Bonjour
CameraHelperMsi
City of Villains/City of Heroes (remove only)
Compatibility Pack for the 2007 Office system
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties
D3DX10
Driver Sweeper 2.1.0
EASEUS Data Recovery Wizard Professional 3.3.4
erLT
EVGA Precision 2.0.3
Facebook Plug-In
Free Realms
Glary Utilities 2.34.0.1190
Google Talk Plugin
iTunes
Java Auto Updater
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Maxtor OneTouch III
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Enterprise 2007
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 4.0b7 (x86 en-US)
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
NVIDIA 3D Vision Driver 260.99
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
Octoshape add-in for Adobe Flash Player
OpenAL
oZone3D.Net FurMark v1.8.2
Picasa 3
Portal 2
QuickTime
Recuva
Retrospect Express HD 1.1
Revo Uninstaller 1.92
Roblox for Kyle
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
The Witcher Enhanced Edition Director's Cut
TrueCrypt
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnciper
TurboTax 2010 wrapper
Video Card Stability Test
Windows Home Server Connector
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Updater Component
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
6/28/2011 8:51:37 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
6/28/2011 8:21:20 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/28/2011 7:24:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
6/28/2011 7:21:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb pdwr
6/28/2011 7:20:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x993e7c82, 0xb2847858, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062811-49873-01.
6/28/2011 7:20:52 AM, Error: Service Control Manager [7000] - The avgntflt service failed to start due to the following error: The system cannot find the file specified.
6/28/2011 7:17:34 AM, Error: Service Control Manager [7022] - The Server service hung on starting.
6/28/2011 7:17:34 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
6/28/2011 7:15:21 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 4 time(s).
6/28/2011 7:15:21 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 8 time(s).
6/28/2011 7:15:21 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s).
6/28/2011 7:15:21 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2011 7:15:21 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2011 4:50:42 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 7 time(s).
6/28/2011 4:22:25 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
6/28/2011 4:22:24 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 6 time(s).
6/28/2011 3:10:17 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
6/28/2011 3:08:17 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 5 time(s).
6/28/2011 2:16:49 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s).
6/28/2011 12:59:51 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/28/2011 12:56:50 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
6/28/2011 12:54:51 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
6/28/2011 12:54:51 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2011 12:54:51 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2011 12:54:51 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2011 12:54:51 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2011 12:54:51 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2011 12:54:51 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2011 12:54:51 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2011 12:54:50 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2011 12:54:50 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2011 12:54:50 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2011 12:54:50 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2011 12:14:42 AM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed
6/28/2011 12:12:41 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2011 12:12:41 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2011 1:23:55 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
6/28/2011 1:23:55 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
6/28/2011 1:23:55 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
6/28/2011 1:23:55 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
6/28/2011 1:23:55 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
6/28/2011 1:23:55 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
6/28/2011 1:23:55 AM, Error: Service Control Manager [7034] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 3 time(s).
6/28/2011 1:23:55 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
6/28/2011 1:23:55 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
6/28/2011 1:23:55 AM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
6/27/2011 8:36:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
6/27/2011 8:33:28 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/27/2011 3:46:20 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 12 time(s).
6/27/2011 3:06:07 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 11 time(s).
6/27/2011 2:48:26 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 10 time(s).
6/27/2011 2:33:08 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 9 time(s).
6/27/2011 12:37:55 PM, Error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
6/27/2011 12:33:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WHSConnector service.
6/27/2011 1:25:19 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
6/27/2011 1:25:19 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/27/2011 1:25:19 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/26/2011 11:58:57 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
6/26/2011 11:43:51 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
6/26/2011 11:31:15 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/26/2011 11:31:15 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/26/2011 10:57:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/26/2011 10:57:25 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/26/2011 10:57:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/26/2011 10:44:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
6/26/2011 10:30:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Distributed Transaction Coordinator service to connect.
6/26/2011 10:30:44 PM, Error: Service Control Manager [7000] - The Distributed Transaction Coordinator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/23/2011 9:30:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
6/23/2011 9:28:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
6/23/2011 9:25:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x00000008, 0x80dff750, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062311-89731-01.
6/23/2011 8:48:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
6/23/2011 8:48:43 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/23/2011 8:00:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CertPropSvc service.
6/23/2011 8:00:54 PM, Error: Service Control Manager [7000] - The Certificate Propagation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/23/2011 7:48:09 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JEREMYSHPMINI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8B1CBC79-591B-4714-B1FB-15A8. The master browser is stopping or an election is being forced.
6/23/2011 2:24:17 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk8\DR8.
6/23/2011 10:43:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e4 (0x00000001, 0x80eb5ca8, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062311-50840-01.
6/23/2011 10:34:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
6/23/2011 10:34:22 PM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
6/23/2011 10:34:22 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/23/2011 10:32:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
6/23/2011 10:32:30 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/22/2011 6:59:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e4 (0x00000001, 0x80ea9ca8, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062211-58453-01.
6/22/2011 12:48:10 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The pipe has been ended.
6/22/2011 1:54:16 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
6/22/2011 1:54:16 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
6/21/2011 11:44:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
.
==== End Of File ===========================

Any help would be appreciated. I do NOT Want to re-image this PC.

Thank you for your time
Pumpkinhead
Active Member
 
Posts: 4
Joined: June 28th, 2011, 9:50 am
Advertisement
Register to Remove

Re: Infection ! Browser Hijacked and Blue Screens

Unread postby MWR 3 day Mod » July 1st, 2011, 5:14 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Infection ! Browser Hijacked and Blue Screens

Unread postby Scolabar » July 3rd, 2011, 3:27 pm

Hi Pumpkinhead,

Firstly, welcome to the Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.

I am currently working under the guidance of the MRU teachers, everything I post to you, will need to be reviewed by them.
This additional review process can add some extra time to my responses, but hopefully not too much.
;)

Please note the following important guidelines before proceeding:
  1. The instructions that will be provided are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
    !
  2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
  3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
    Absence of symptoms does not necessarily mean that everything is clear.
  5. DO NOT run any other fix or removal tools unless instructed to do so!
  6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Please Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Infection ! Browser Hijacked and Blue Screens

Unread postby Pumpkinhead » July 4th, 2011, 10:40 am

Hi Scolabar,

Thank you for your time and attention to my problem.
I am beginning the backup process today and I will post when that is completed.

Thanks,
Pumpkinhead
Pumpkinhead
Active Member
 
Posts: 4
Joined: June 28th, 2011, 9:50 am

Re: Infection ! Browser Hijacked and Blue Screens

Unread postby Scolabar » July 4th, 2011, 11:52 am

Hi Pumpkinhead,

Thank you for the update. :)

Please bear with us. I am waiting for a Teacher to check over my next set of instructions. As you will no doubt appreciate, the Teachers are very busy.

Thank you again for your patience.

Scolabar
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Infection ! Browser Hijacked and Blue Screens

Unread postby Scolabar » July 7th, 2011, 11:23 pm

Hi Pumpkinhead,

Apologies for the delay and thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Business Use Computer?

Entries in your DDS log lead me to believe that this computer may be being used for business purposes.
Please could you confirm if this is the case? If the computer is not used for business purposes please proceed with Step 2.

Step 2:
Advisory - P2P Software Present!

IMPORTANT There appear to be signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.

    uTorrent

As long as you have the P2P program(s) installed, as per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program please indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:

Remove P2P Program(s)
  1. Click on Start > Control Panel and double-click on Programs and Features.
  2. Scroll down the list and locate the following program:

      uTorrent

  3. Right-click on the program and select the Uninstall option.
    Repeat instructions 2 and 3 for each of the programs listed.
  4. When the program(s) have been uninstalled Close the Programs and Features and Control Panel windows.

Please Note:
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program itself, may be safe but the files may not. Therefore use P2P software at your own risk! Keep in mind that this practice may be the source of your current malware infestation.

Reference citing risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step 3:
MGA Diagnostics

  1. Please download this tool from Microsoft and Save it to your Desktop.
  2. Double-click on the MGADiag.exe icon to launch the program.
    Vista - W7 users: Right-click on MGADiag.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
    If you receive an Open File Security Warning click on the Run button.
  3. Click on the Continue button to proceed.
  4. The program will now run. It will take a short while to complete its diagnosis, please be patient.
  5. When it has finished click on the Copy button.
  6. Open Notepad by clicking Start > Run, type in Notepad then click OK.
  7. Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
  8. Click on the OK button to exit the MGA Diagnostics program.
  9. Then Copy and Paste the entire contents of mgadiag.txt into your next reply.

Step 4:
CKScanner

  1. Please download CKScanner and Save it to your Desktop.
    Make sure that CKScanner.exe is on your Desktop before running the application!
  2. Double-click on the CKScanner.exe icon to launch the program and then click on the Search For Files button.
    Vista - W7 users: Right-click on CKScanner.exe and select "Run As Administrator" to launch the program. If you receive a UAC prompt, please allow it.
  3. When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
    A text file will be created on your desktop named ckfiles.txt.
  4. Click on the Exit button to close the program.
  5. Double-click on the ckfiles.txt file to open it.
  6. Then Copy and Paste the entire contents of the file into your next reply.

Step 5:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. mgadiag.txt.
  3. ckfiles.txt.
  4. Do you have the original Windows installation media for your PC?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Infection ! Browser Hijacked and Blue Screens

Unread postby Pumpkinhead » July 8th, 2011, 12:34 am

Scolabar,
Thanks for getting back to me. I understand you all are busy there and it is a holiday week

1) Personal computer. I am int he I.T. Field as Desktop support. And being the geek in the family I am often called upon to help friend and family. So I do have some diagnostic tools on my home PC.

2) uTorrent is now gone. It did not show up under "uninstall Programs" nor when I tried "Revo Uninstaller". So I manually deleted it.

3) mgadiag:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-DQWD2-3HKQ7-FJQ4Q
Windows Product Key Hash: FASLfJyx3pyFgaqqdXrOX4FGXm4=
Windows Product ID: 00359-OEM-8702121-23943
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {B5804147-8540-4BC8-839E-29ECB29EE63D}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.110408-1631
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B5804147-8540-4BC8-839E-29ECB29EE63D}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-FJQ4Q</PKey><PID>00359-OEM-8702121-23943</PID><PIDType>3</PIDType><SID>S-1-5-21-973073816-903045554-1731954593</SID><SYSTEM><Manufacturer>Dell Inc</Manufacturer><Model>XPS 630i</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.8 </Version><SMBIOSVersion major="2" minor="5"/><Date>20080715000000.000000+000</Date></BIOS><HWID>D25B3807018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>MC09 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7B1256F45BDD6D0</Val><Hash>/lJq3DEOmRqcwYlCTCZ654Q2uvE=</Hash><Pid>81599-872-7939086-65267</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 586bc076-c93d-429a-afe5-a69fbc644e88
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00174-021-223943-02-1033-7600.0000-2532010
Installation ID: 007226587686813316401983585800941806448481947682216496
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: FJQ4Q
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 7/8/2011 12:20:27 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:9:2011 10:51
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEAAgABAAEAAwADAAAAAQABAAEAeqgmSbxTKmtIJBo+Kr2AfUzq2q7KLOQuqXmMJExY

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL MC09
FACP DELL MC09
HPET DELL MC09
BOOT DELL MC09
MCFG DELL MC09
SLIC DELL MC09


4) ckfiles:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\autorun.exe
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\diskeeper-semthex.nfo
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\diskeeper2008.pro.premier.cracked.by.semthex.part1.rar
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\diskeeper2008.pro.premier.cracked.by.semthex.part2.rar
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\diskeeper2008_propremier.exe
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\crack\license.dal
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\crack\tab.dll
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\x64\license.rtf
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\x64\readme.txt
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\x64\setup.exe
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\x86\license.rtf
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\x86\readme.txt
c:\users\kyle\diskeeper2008.pro.premier.cracked.by.semthex\x86\setup.exe
scanner sequence 3.EH.11.EVNANE

5) Yes I have the original install disk: Windows 7 Home Premium ( OEM Systems Builders Pack)

THANK YOU !
Pumpkinhead
Active Member
 
Posts: 4
Joined: June 28th, 2011, 9:50 am

Re: Infection ! Browser Hijacked and Blue Screens

Unread postby Scolabar » July 8th, 2011, 3:13 pm

Pumpkinhead,

Checking through your logs I can detect that you have downloaded keygen/cracked software and that you are actively using it.

May I draw your attention to THIS TOPIC.
If your helper detects the presence of cracked software on your computer, your topic will be closed.

Scolabar
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Infection ! Browser Hijacked and Blue Screens

Unread postby deltalima » July 8th, 2011, 3:26 pm

Due to use of cracked software, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware