Operating memory » taskhost.exe(2408) - a variant of Win32/Spy.Zbot.ZR trojan - unable to clean
Not a clue on how to get rid of it. DDS and Attach:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.0.0
Run by David at 19:35:37 on 2011-12-07
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3326.1518 [GMT 0:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Steam] "j:\steam\steam.exe" -silent
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [PlayNC Launcher]
uRun: [WhatPulse] c:\program files\whatpulse\WhatPulse.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [{938B4F4F-1FEC-83D9-D888-69DC2B8D7093}] c:\users\david\appdata\roaming\emagn\ciigkiz.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF818} - hxxp://stable.heroesandgenerals.com/retox.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1F09797B-A2F9-41E2-9E03-5F62638433F6} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Hosts: 255.255.255.255 easyanticheat.se # misleading site
Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
Hosts: 255.255.255.255 easyanticheat.com # misleading site
Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
Hosts: 255.255.255.255 easyanticheat.org # misleading site
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\hjql9jji.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tumblr.com/dashboard
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\battlelog web plugins\0.80.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.0\npesnsonar.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\david\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-3 218688]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2011-11-14 50728]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-12-07 19:01:06 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b1a45612-dd6a-4311-a9b1-bb9d4d76a01f}\offreg.dll
2011-12-07 18:59:56 -------- d-----w- c:\users\david\appdata\local\{54D37641-0F9B-45E2-9D75-8FFB7A174D93}
2011-12-07 18:59:39 -------- d-----w- c:\users\david\appdata\local\{857AC716-7341-4024-A063-5BFA658CB7E7}
2011-12-07 18:32:02 -------- d-----w- c:\users\david\appdata\roaming\Emagn
2011-12-07 18:32:02 -------- d-----w- c:\users\david\appdata\roaming\Baax
2011-12-07 17:59:25 -------- d-----w- c:\users\david\appdata\local\usercfgnt5
2011-12-07 14:51:51 -------- d-----w- c:\users\david\appdata\local\{82914AB4-415D-4640-B559-D41C6D762732}
2011-12-07 14:51:33 -------- d-----w- c:\users\david\appdata\local\{F74ADF0D-3F95-43B8-ADA0-B6CB4C099B0F}
2011-12-07 01:41:27 -------- d-----w- c:\program files\OpenTTD
2011-12-07 01:35:11 -------- d-----w- c:\users\david\appdata\local\{594C05E8-3037-428D-AD7C-DAF12637A795}
2011-12-07 01:34:56 -------- d-----w- c:\users\david\appdata\local\{A1ED8C78-8E6A-415E-B3E7-F22C0856B008}
2011-12-06 14:53:26 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b1a45612-dd6a-4311-a9b1-bb9d4d76a01f}\mpengine.dll
2011-12-06 14:51:58 -------- d-----w- c:\users\david\appdata\local\{AD60E936-4DA1-4AC8-9750-800EB5987835}
2011-12-06 14:51:43 -------- d-----w- c:\users\david\appdata\local\{78BAF971-E753-42BB-895D-8BEAFB3FA6F5}
2011-12-05 14:29:22 -------- d-----w- c:\users\david\appdata\local\{C5C3E6FD-CBC2-4D0F-A10B-200739D63324}
2011-12-05 14:29:07 -------- d-----w- c:\users\david\appdata\local\{D8677748-AA2D-4BC8-802A-E646B60A6CC0}
2011-12-05 12:14:30 -------- d-----w- c:\users\david\appdata\local\{DDEFCCEA-837B-4CFC-AF0D-EA9EB2E8096D}
2011-12-05 12:14:15 -------- d-----w- c:\users\david\appdata\local\{2DD11290-7237-4058-92CC-AF65B82468AC}
2011-12-03 22:52:48 -------- d-----w- c:\users\david\appdata\local\{06CEE8FE-BEBB-4746-A28B-3D8487BB3305}
2011-12-03 22:52:37 -------- d-----w- c:\users\david\appdata\local\{BA56371D-6A62-4BA6-BA3C-34D68D4ED35F}
2011-12-01 08:42:13 -------- d-----w- c:\users\david\appdata\local\{35E85A45-7894-46D9-8711-DF5716C05ACC}
2011-12-01 08:41:55 -------- d-----w- c:\users\david\appdata\local\{08CA1972-8828-40D3-9F20-6600DE4C1B8A}
2011-11-30 14:40:08 -------- d-----w- c:\users\david\appdata\local\{5169F4B5-3592-4515-90C1-FE7140E10B88}
2011-11-30 14:39:53 -------- d-----w- c:\users\david\appdata\local\{9D87BFC0-3CEC-48E2-80DE-29039D659F75}
2011-11-29 18:08:50 -------- d-----w- c:\users\david\appdata\local\Spotify
2011-11-29 18:08:27 -------- d-----w- c:\users\david\appdata\roaming\Spotify
2011-11-29 14:12:56 -------- d-----w- c:\users\david\appdata\local\{1DE770F2-AE4C-47EF-B213-49B8F8582F47}
2011-11-29 14:12:45 -------- d-----w- c:\users\david\appdata\local\{896634CF-48E9-4CEB-8434-DCFAC0FC217E}
2011-11-28 17:16:33 -------- d-----w- c:\users\david\appdata\local\{09E72264-27D8-4225-98C8-679340635F1D}
2011-11-28 17:16:12 -------- d-----w- c:\users\david\appdata\local\{3F647CED-4273-4783-9F01-3FA334BA75FA}
2011-11-27 20:36:08 -------- d-----w- c:\users\david\appdata\local\{B5D97A39-FBFB-4D96-814C-A7E6801AD456}
2011-11-27 20:35:42 -------- d-----w- c:\users\david\appdata\local\{97EDECC9-37EE-4E1E-81AD-7D4F9C876BC6}
2011-11-26 15:47:41 -------- d-----w- c:\users\david\appdata\local\{50C5C775-4A17-4D0F-9D5E-8792C1E191E1}
2011-11-26 15:47:27 -------- d-----w- c:\users\david\appdata\local\{EBB65060-89D4-4227-9403-9697C054052A}
2011-11-25 18:21:41 -------- d-----w- c:\users\david\appdata\local\{3FB0F0B6-C622-4FA8-A71E-7BCB6520B375}
2011-11-25 18:21:25 -------- d-----w- c:\users\david\appdata\local\{B3A143C6-84AA-40C2-B6BE-A73E51D6418D}
2011-11-25 08:33:41 -------- d-----w- c:\users\david\appdata\local\{EEC91F2E-5B15-4633-9625-156D7B5347F3}
2011-11-25 08:33:26 -------- d-----w- c:\users\david\appdata\local\{6D584597-CBCE-4B62-9FCF-7AEC7759D5B1}
2011-11-24 16:58:54 -------- d-----w- c:\users\david\appdata\local\{3A82176B-E4C5-4193-86CC-226AA0B18850}
2011-11-24 16:58:33 -------- d-----w- c:\users\david\appdata\local\{7DA438B4-674E-4EDB-B3C4-672945060EC4}
2011-11-23 22:41:26 -------- d-----w- c:\users\david\appdata\local\{6CF72881-6B3A-402C-ADB5-F2284AD90721}
2011-11-23 22:41:07 -------- d-----w- c:\users\david\appdata\local\{7AF33D5A-566F-48F8-ABE4-94A039A03538}
2011-11-23 14:38:47 -------- d-----w- c:\users\david\appdata\local\{8B886B6F-5FE3-4A4A-9A32-E9CA02821AF3}
2011-11-23 14:38:28 -------- d-----w- c:\users\david\appdata\local\{1B124BAE-AFC6-46E4-9145-FE3D101B301B}
2011-11-22 17:14:51 -------- d-----w- c:\users\david\appdata\local\{653ED9DC-2F24-4158-BD04-D508E54A3D15}
2011-11-22 17:14:35 -------- d-----w- c:\users\david\appdata\local\{D0D6047C-4D4F-4607-AE06-32A2286BB443}
2011-11-21 15:30:23 -------- d-----w- c:\users\david\appdata\local\{684616DF-4B4C-4353-804F-B72507BFC054}
2011-11-21 15:30:08 -------- d-----w- c:\users\david\appdata\local\{FD2BC2FC-6EA2-4450-9464-24ADE31563A5}
2011-11-20 19:13:57 -------- d-----w- c:\users\david\appdata\local\{DF3C5E1C-6B3A-4E37-AF94-893D789113EB}
2011-11-20 19:13:31 -------- d-----w- c:\users\david\appdata\local\{4CBDF50A-5D10-45A4-BCD0-C400E9F42F45}
2011-11-19 22:17:19 -------- d-----w- c:\users\david\appdata\local\{4DBC39F0-6B12-4084-9899-5C7464E25586}
2011-11-19 22:17:03 -------- d-----w- c:\users\david\appdata\local\{3679BD34-E9D9-40FD-AAB3-8FB0335FC66B}
2011-11-19 13:49:11 -------- d-----w- c:\users\david\appdata\local\{773108FE-8FA3-49E2-BC0B-42F471C15507}
2011-11-19 13:48:58 -------- d-----w- c:\users\david\appdata\local\{35B1FFA5-A11E-4FBC-9EC9-68E6F278B1F2}
2011-11-18 22:42:15 -------- d-----w- c:\users\david\appdata\local\{CC04A68F-E499-4734-808E-66B6B7FF7C23}
2011-11-18 22:41:59 -------- d-----w- c:\users\david\appdata\local\{F73C05AF-B9EA-4A54-A733-56124330E498}
2011-11-18 15:47:28 -------- d-----w- c:\users\david\appdata\local\{1E42B338-4FD2-454A-91A6-3E893C225E62}
2011-11-18 15:47:17 -------- d-----w- c:\users\david\appdata\local\{E21B3614-41AA-48E9-B781-E19719B44A3A}
2011-11-17 21:05:01 -------- d-----w- c:\users\david\appdata\local\{CD4E38EB-D6BD-4483-8F5F-CD55ABB9B399}
2011-11-17 21:04:49 -------- d-----w- c:\users\david\appdata\local\{1CD3AB6B-D94C-4F4C-85A0-F437A0705715}
2011-11-17 13:25:41 -------- d-----w- c:\users\david\appdata\local\{C2B30BE8-1CBF-4084-A4C5-3C1979F4D933}
2011-11-17 13:25:26 -------- d-----w- c:\users\david\appdata\local\{E576F7DF-3AFA-4F60-A595-3D79EC776651}
2011-11-16 16:17:42 -------- d-----w- c:\users\david\appdata\local\{15779D7D-6878-4B7D-8691-2461127424EA}
2011-11-16 16:17:24 -------- d-----w- c:\users\david\appdata\local\{07642E9B-1294-49B4-9F7E-37E1673BD4A2}
2011-11-15 21:21:01 -------- d-----w- c:\users\david\appdata\local\{47456668-70B9-4911-8F3F-6987624F7090}
2011-11-15 21:20:49 -------- d-----w- c:\users\david\appdata\local\{B2FCD6DA-21A9-472D-B201-AF4A8DA2A58C}
2011-11-15 11:35:00 -------- d-----w- c:\users\david\appdata\local\{2B2D71BC-B15F-4A0F-AC59-CA04216A3429}
2011-11-15 11:34:46 -------- d-----w- c:\users\david\appdata\local\{50D3ED5C-0673-48D1-B4B7-41EB734BFECB}
2011-11-14 20:45:43 -------- d-----w- c:\users\david\appdata\local\{D540B508-0B64-4050-A5D1-B45D600CEEBC}
2011-11-14 20:45:28 -------- d-----w- c:\users\david\appdata\local\{5C863224-AD9D-4BEB-A41F-B7B03F61C79B}
2011-11-14 14:01:46 -------- d-----w- c:\program files\SHOUTcast
2011-11-14 13:18:15 -------- d-----w- c:\users\david\appdata\roaming\fretsonfire
2011-11-14 13:09:35 50728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2011-11-14 13:09:35 -------- d-----w- c:\program files\Virtual Audio Cable
2011-11-14 12:25:50 -------- d-----w- c:\users\david\appdata\roaming\fofix
2011-11-14 12:06:43 -------- d-----w- c:\program files\Frets on Fire
2011-11-14 11:45:05 -------- d-----w- c:\users\david\appdata\local\{DF6B706F-8313-43FE-8EC8-0E534D96D5F8}
2011-11-14 11:44:48 -------- d-----w- c:\users\david\appdata\local\{DD9C9C42-A87D-4964-93A0-E95E8C2B3C59}
2011-11-13 20:05:21 -------- d-----w- c:\users\david\appdata\local\{81F4AFA9-60A6-4215-9A9A-59603577F86B}
2011-11-13 20:05:05 -------- d-----w- c:\users\david\appdata\local\{DFC7666C-CB04-4316-900B-24CE00D7E7FD}
2011-11-12 22:27:55 -------- d-----w- c:\users\david\appdata\local\{30E0060A-6AD6-46C5-8357-DB21FBB4DB13}
2011-11-12 22:27:30 -------- d-----w- c:\users\david\appdata\local\{D6BC573D-48D8-4986-9604-23B44EF1FE10}
2011-11-11 00:19:58 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-11-10 16:09:03 -------- d-----w- c:\users\david\appdata\local\{7968F864-2D38-485A-B01B-1E5B20A7F38C}
2011-11-10 16:08:47 -------- d-----w- c:\users\david\appdata\local\{1E85A1CE-D369-4C03-8468-EDCF2B0B443B}
2011-11-09 22:34:30 -------- d-----w- c:\users\david\appdata\local\{0D214E98-F9FF-4958-93C8-5B4D4ED2B275}
2011-11-09 09:57:39 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:57:37 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 09:57:36 2339840 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 08:13:59 -------- d-----w- c:\users\david\appdata\local\{9246D305-0F12-4571-A2B4-B047BA8D9CBC}
2011-11-09 08:13:42 -------- d-----w- c:\users\david\appdata\local\{190394F3-9232-4542-84C3-273FBC40A63C}
2011-11-08 15:56:18 -------- d-----w- c:\users\david\appdata\local\{7A713DB7-511A-4004-8267-5DD145202FB8}
2011-11-08 15:55:58 -------- d-----w- c:\users\david\appdata\local\{E64B87AE-8F57-46A7-AC29-E9327A8F50CE}
2011-11-07 22:29:31 -------- d-----w- c:\users\david\appdata\local\{CF67FF5B-987C-465B-80EC-5CC2E6491F99}
2011-11-07 22:29:15 -------- d-----w- c:\users\david\appdata\local\{3B69317C-0DB2-4E7E-8BD3-6BD2E6679D70}
.
==================== Find3M ====================
.
2011-11-15 10:08:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-19 10:13:45 72 ----a-w- c:\windows\Vue 7.5 xStream.reg
2011-10-19 10:13:45 70 ----a-w- c:\windows\Vue 7 xStream.reg
2011-10-19 10:13:45 70 ----a-w- c:\windows\Vue 6 xStream.reg
2011-10-17 22:02:26 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-10-17 22:02:21 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-10-17 22:02:21 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-10-17 15:16:45 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-10-04 03:13:26 138056 ----a-w- c:\users\david\appdata\roaming\PnkBstrK.sys
2011-10-04 03:12:52 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-22 11:29:58 321856 ----a-w- c:\windows\system32\nvStreaming.exe
.
============= FINISH: 19:40:31.76 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 20/05/2011 21:34:24
System Uptime: 07/12/2011 18:58:21 (1 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 172.481 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 14.661 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 932 GiB total, 141.351 GiB free.
K: is CDROM ()
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP253: 25/11/2011 18:22:39 - Windows Update
RP254: 29/11/2011 14:13:02 - Windows Update
RP255: 02/12/2011 15:55:53 - Windows Update
RP256: 06/12/2011 14:52:53 - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 255.255.255.255 easyanticheat.se # misleading site
Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
Hosts: 255.255.255.255 easyanticheat.com # misleading site
Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
Hosts: 255.255.255.255 easyanticheat.org # misleading site
Hosts: 255.255.255.255 www.easyanticheat.org # misleading site
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
0 A.D.
4chan Image Downloader
7-Zip 9.20
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.0.1)
Age of Empires Online
aioprnt
aioscnnr
APB Reloaded
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARMA 2
ARMA 2: British Armed Forces - Data cache removal
ARMA 2: Private Military Company - Data cache removal
Autodesk 3ds Max 2012 32-bit - English
Autodesk Backburner 2012.0.0
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Medium Resolution Image Library 2012
Back to the Future: Ep 1 - It's About Time
Back to the Future: Ep 2 - Get Tannen!
Back to the Future: Ep 3 - Citizen Brown
Back to the Future: Ep 4 - Double Visions
Back to the Future: Ep 5 - OUTATIME
Battlefield 2
Battlefield 3™ Open Beta
Battlelog Web Plugins
BattlEye for OA Uninstall
Blender
Bonjour
Borderlands
Brothers in Arms: Earned in Blood
Brothers in Arms: Hell's Highway
Brothers in Arms: Road to Hill 30
C4USelfUpdater
Call of Duty
Call of Duty - United Offensive
Call of Duty 2
Call of Duty 4: Modern Warfare
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: United Offensive
center
Cities in Motion
Command and Conquer 3: Kane's Wrath
Command and Conquer 3: Tiberium Wars
Company of Heroes: Tales of Valor
Composite 2012
CorsixTH Beta 6
Counter-Strike
Counter-Strike: Global Offensive Beta
Counter-Strike: Source
CraftBukkit v8.0
Crazy Taxi
Crazy Taxi 1.0
Creative Centrale
Creative Software Update
D3DX10
DAEMON Tools Lite
Dawn of War - Dark Crusade Mod Tools 1.20
DC Universe Online
Dead Island
Dell Resource CD
Delta Force: Black Hawk Down
Delta Force: Black Hawk Down - Team Sabre
Dino D-Day
DisplayFusion 3.3.1
Dungeon Defenders
Dungeons & Dragons: Daggerdale
Eastern Front
Empire: Total War
ESET NOD32 Antivirus
ESN Sonar
essentials
exPressit SE
EZ Vinyl/Tape Converter 7.4 by MixMeister
Far Cry 2
Fortix
Fraps (remove only)
Frets On Fire
Galcon Fusion
Garry's Mod
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Grand Theft Auto: San Andreas
Gravitron 2
GUN
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
HeroClix
iTunes
Java Auto Updater
Java(TM) 6 Update 27
Java(TM) 7
JumpStart 4th Grade v1.2
KeyHoleTV
Killing Floor
Kodak AIO Printer
KODAK AiO Software
Kohan II: Kings of War
Last.fm 1.5.4.27091
League of Legends
Left 4 Dead
Left 4 Dead 2
LogMeIn Hamachi
Mafia II
Malwarebytes' Anti-Malware version 1.51.1.1800
ManyCam 2.6.60 (remove only)
Men of War
Messenger Plus! 5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
mIRC
Mount & Blade
Mount & Blade: Warband
MountMusket Battalion
Mozilla Firefox 8.0 (x86 en-GB)
Mp3tag v2.49
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble(PR edition) and Murmur(PR edition)
Napoleon: Total War
NCsoft Launcher
Neverwinter Nights 2: Platinum
Nuclear Dawn Beta
Numen: Contest of Heroes
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 285.38
NVIDIA 3D Vision Driver 285.38
NVIDIA Control Panel 285.38
NVIDIA Display Control Panel
NVIDIA Graphics Driver 285.38
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.5.20
NVIDIA Update Components
ocr
OpenAL
OpenRA
OpenTTD 1.1.4
Origin
Paint.NET v3.5.8
Pando Media Booster
PDF Settings CS5
Portal
Portal 2 - The Final Hours
PreReq
Project Reality
PunkBuster Services
PVSonyDll
Python 2.7.2
QuickTime
Rags Suite
Rainmeter
realMyst
REAPER
Red Faction: Armageddon
Red Orchestra 2: Heroes of Stalingrad
RollerCoaster Tycoon 3: Platinum!
Runaway: The Dream of the Turtle
Rusty Hearts
S.T.A.L.K.E.R.: Call of Pripyat
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SEGA Bass Fishing
SEGA Genesis & Mega Drive Classics
Sequence
SHOUTcast DNAS Server v2
Sid Meier's Civilization V
SigmaTel Audio
SimCity 4 Deluxe
Skype Click to Call
Skype™ 5.5
Sol Survivor
Sonic Adventure DX
Source SDK
Source SDK Base 2007
Space Channel 5: Part 2
Spotify
Spybot - Search & Destroy
Star Wars - Battlefront II
Steam
Stellar Impact
Synergy
System Requirements Lab
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
Team Fortress 2
TeamSpeak 3 Client
Terraria
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
The Void
TrackMania United
Transformers: War for Cybertron
TRAUMA
Tropico 4 - Demo
Ubisoft Game Launcher
Unity Web Player
Unreal Development Kit
Unreal Development Kit: 2011-05
Unreal Tournament 2004
Unreal Tournament 3: Black Edition
Unreal Tournament: Game of the Year Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
Virtual Audio Cable 4.10
VLC media player 1.1.9
Vue 9.5 xStream 32bit
Vue 9.5 xStream plugins 32bit
Vuze
Warhammer 40,000: Dawn of War – Dark Crusade
Warhammer 40,000: Dawn of War – Winter Assault
WhatPulse 1.7
WIDCOMM Bluetooth Software 6.0.1.4300
Winamp
Winamp Detector Plug-in
Windows Driver Package - Logitech HIDClass (10/16/2006 1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 beta 1 (32-bit)
World of Tanks v.0.6.4
Zombie Panic Source
.
==== Event Viewer Messages From Past Week ========
.
07/12/2011 18:59:22, Error: bowser [8003] - The master browser has received a server announcement from the computer FUZ2Y-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A8F5CAAD-58AE-44AC-8742-C2896AF9E. The master browser is stopping or an election is being forced.
07/12/2011 01:34:41, Error: bowser [8003] - The master browser has received a server announcement from the computer LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A8F5CAAD-58AE-44AC-8742-C2896AF9E8A. The master browser is stopping or an election is being forced.
07/12/2011 01:30:56, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
06/12/2011 18:57:46, Error: Service Control Manager [7034] - The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).
06/12/2011 14:49:44, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 5.247.58.30. The computer with the IP address 5.136.223.62 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
Thanks