TDSS Rootkit misery!

Shy n' Awkward · March 12, 2011

Hi,

I just joined this forum & apologize if I'm posting in the wrong place?

My computer (Dell 8100, Windows 7, 64 Bit) is infected with a malicious TDSS rootkit that redirects my browser searches to undesireable sites.

It has also disabled Windows Defender, so that everytime I try to launch it, the program closes instantly.

I've tried everything I can think of to remove it (Avast, Malwarebytes, TDSS Killer, Spybot search & destroy, Super Anti-spyware) & nothing is found, but I know something is there.

Please advise on how I can remove this evasive demon from my beautiful machine ;-)

Peace & Luv....

Removed email addy:

LDT

Edited March 13, 2011 by LDTate
Removed email addy

Shy n' Awkward · March 13, 2011

Please help..... :unsure:

Maniac · March 13, 2011

Hello Shy n' Awkward! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

The process of cleaning your system may take some time, so please be patient.
Follow my instructions step by step if there is a problem somewhere, stop and tell me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
If you don't know or can't understand something please ask.
Do not install or uninstall any software or hardware, while work on.
Keep me informed about any changes.
Post all of your log files, don't attach them.

Download DDS and save it to your desktop from here, here or here

Double click dds to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
[*]Save both reports to your desktop. Post them back to your topic.

Shy n' Awkward · March 13, 2011

Hello Shy n' Awkward! Welcome to Malwarebytes' Anti-Malware Forums!
My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:
The process of cleaning your system may take some time, so please be patient.
Follow my instructions step by step if there is a problem somewhere, stop and tell me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
If you don't know or can't understand something please ask.
Do not install or uninstall any software or hardware, while work on.
Keep me informed about any changes.
Post all of your log files, don't attach them.
Download DDS and save it to your desktop from here, here or here
Double click dds to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
[*]Save both reports to your desktop. Post them back to your topic.

Attach.zip

DDS.txt

Maniac · March 13, 2011

Post all of your log files, don't attach them.

Shy n' Awkward · March 13, 2011

My apologies...

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by TY at 17:52:41.47 on 13/03/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6103.4040 [GMT 0:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Windows\SysWOW64\MAFWDITray.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Users\TY\Desktop\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

uRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

uRun: [HCOSTX] rundll32 "C:\Users\TY\AppData\Roaming\linkinfo3.dll",gfut

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWDITray.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\TY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

StartupFolder: C:\Users\TY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

mRun-x64: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64

mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\TY\AppData\Roaming\Mozilla\Firefox\Profiles\uwahnnep.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: C:\Users\TY\AppData\Roaming\Mozilla\Firefox\Profiles\uwahnnep.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: C:\Users\TY\AppData\Roaming\Mozilla\Firefox\Profiles\uwahnnep.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-31 55280]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-7 505176]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-3-7 280408]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-3-7 22360]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-7 64344]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-3-7 42184]

R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-6 1636872]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-12 1153368]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-31 689472]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-31 248936]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-31 56344]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-31 271872]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-1-31 321064]

R3 MAFWPROFIRE;Service for M-Audio ProFire;C:\Windows\System32\drivers\MAudioProFire.sys [2009-9-23 287240]

R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;C:\Windows\System32\drivers\MAudioMIDISPORT.sys [2010-10-6 199176]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-31 86120]

R3 SynUSB64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2011-3-7 30352]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-7 136176]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-31 158976]

S3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;C:\Windows\System32\drivers\MAudioMIDISPORT_DFU.sys [2010-10-6 28680]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-8 1255736]

S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\System32\drivers\ymidusbx64.sys [2009-8-4 48200]

.

=============== Created Last 30 ================

.

2011-03-13 03:40:42 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch

2011-03-13 03:40:40 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2011-03-13 03:40:40 -------- d-----w- C:\PROGRA~3\Kaspersky Lab

2011-03-13 03:39:17 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files

2011-03-13 02:52:49 -------- d-----w- C:\Windows\System32\SPReview

2011-03-13 02:51:57 -------- d-----w- C:\Windows\System32\EventProviders

2011-03-13 02:51:54 -------- d-----w- C:\451c73e67f5293a18208045ca90b

2011-03-12 19:50:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-03-12 19:50:27 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

2011-03-12 15:08:21 -------- d-----w- C:\Users\TY\AppData\Roaming\SUPERAntiSpyware.com

2011-03-12 15:08:21 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com

2011-03-12 15:08:17 -------- d-----w- C:\PROGRA~3\!SASCORE

2011-03-12 15:08:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-03-12 14:51:27 -------- d-----w- C:\Users\TY\AppData\Local\Diagnostics

2011-03-12 02:52:06 -------- d-----w- C:\Users\TY\AppData\Roaming\Malwarebytes

2011-03-12 02:52:02 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-12 02:52:01 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-03-12 02:51:58 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-03-12 02:51:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-03-11 23:26:07 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK

2011-03-11 23:00:48 155648 --sha-r- C:\Users\TY\AppData\Roaming\linkinfo3.dll

2011-03-11 20:26:24 7119360 ----a-w- C:\Windows\SysWow64\PSP McQ.dll

2011-03-11 20:26:24 5126144 ----a-w- C:\Windows\SysWow64\PSP RetroQ.dll

2011-03-11 20:26:23 9474048 ----a-w- C:\Windows\SysWow64\PSP ClassicQex.dll

2011-03-11 20:26:23 7629824 ----a-w- C:\Windows\SysWow64\PSP preQursor.dll

2011-03-11 20:26:23 3873792 ----a-w- C:\Windows\SysWow64\PSP ConsoleQ.dll

2011-03-11 20:26:23 3620352 ----a-w- C:\Windows\SysWow64\PSP ClassicQ.dll

2011-03-11 19:16:03 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{76F2930D-3001-4F1D-A264-D77F4E371530}\mpengine.dll

2011-03-11 11:35:01 7444480 ----a-w- C:\Windows\SysWow64\PSP Xenon.dll

2011-03-11 10:51:14 -------- d-----w- C:\Program Files\VSTPlugins

2011-03-11 10:51:14 -------- d-----w- C:\Program Files\PSPaudioware

2011-03-09 07:21:32 -------- d-----w- C:\Users\TY\AppData\Roaming\Waves Audio

2011-03-09 04:29:28 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe

2011-03-09 02:56:14 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai

2011-03-08 23:33:45 -------- dc-h--w- C:\PROGRA~3\{081C1B30-F7B3-4C08-8E9D-0792B23B12F4}

2011-03-08 22:26:57 -------- d-----w- C:\Users\TY\AppData\Local\Native Instruments

2011-03-08 22:26:40 -------- d-----w- C:\Program Files\Common Files\Native Instruments

2011-03-08 21:06:10 -------- d-----w- C:\Program Files (x86)\Native Instruments

2011-03-08 13:04:33 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments

2011-03-08 13:04:20 61440 ----a-w- C:\Windows\SysWow64\NI_DFD_1_5.dll

2011-03-08 13:04:20 393216 ----a-w- C:\Windows\SysWow64\NI_IRC_1_2.dll

2011-03-08 13:04:20 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll

2011-03-08 13:04:20 1870336 ----a-w- C:\Windows\SysWow64\bconvert.dll

2011-03-08 12:59:33 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-03-08 05:28:20 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-03-08 05:28:20 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-03-08 05:26:39 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2011-03-08 05:26:39 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2011-03-08 05:26:39 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2011-03-08 05:26:39 444752 ----a-w- C:\Windows\System32\mscoree.dll

2011-03-08 05:26:39 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2011-03-08 05:26:39 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2011-03-08 05:26:39 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2011-03-08 05:26:39 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-03-08 05:26:39 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-03-08 05:26:39 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2011-03-08 03:21:02 714752 ----a-w- C:\Windows\System32\kerberos.dll

2011-03-08 03:21:02 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-03-08 03:21:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-03-08 03:21:01 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-03-08 03:20:59 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-03-08 03:20:59 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2011-03-08 03:20:59 148992 ----a-w- C:\Windows\System32\t2embed.dll

2011-03-08 03:20:59 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2011-03-08 03:20:58 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2011-03-08 03:20:58 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

2011-03-08 03:20:58 2085376 ----a-w- C:\Windows\System32\ole32.dll

2011-03-08 03:20:58 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll

2011-03-08 03:18:45 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-03-08 03:17:57 395776 ----a-w- C:\Windows\System32\webio.dll

2011-03-08 03:17:57 314368 ----a-w- C:\Windows\SysWow64\webio.dll

2011-03-08 03:17:57 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2011-03-08 03:17:56 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-03-08 03:17:56 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-03-08 03:17:25 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2011-03-08 03:17:24 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2011-03-08 03:15:24 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2011-03-08 03:15:24 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-03-08 03:15:24 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-03-08 03:15:24 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2011-03-08 03:15:24 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-03-08 03:10:38 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-03-08 03:10:28 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2011-03-08 03:10:16 -------- d-----w- C:\Windows\SysWow64\Wat

2011-03-08 03:10:16 -------- d-----w- C:\Windows\System32\Wat

2011-03-08 03:09:47 -------- d-----w- C:\Users\TY\AppData\Local\CAPCOM

2011-03-08 01:39:28 -------- d-----w- C:\Windows\SysWow64\xlive

2011-03-08 01:39:28 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2011-03-08 00:59:09 -------- d-----w- C:\Program Files (x86)\URS

2011-03-07 23:56:08 -------- d-----w- C:\Users\TY\AppData\Roaming\iZotope

2011-03-07 23:44:16 -------- d-----w- C:\Program Files (x86)\Common Files\VST3

2011-03-07 23:44:15 -------- d-----w- C:\Program Files (x86)\Steinberg

2011-03-07 23:44:15 -------- d-----w- C:\Program Files (x86)\iZotope

2011-03-07 22:52:12 -------- d-----w- C:\Users\TY\AppData\Roaming\Voxengo

2011-03-07 22:13:34 -------- d-----w- C:\Users\TY\AppData\Roaming\Philipp Winterberg

2011-03-07 22:13:31 -------- d-----w- C:\Program Files (x86)\RarZilla Free Unrar

2011-03-07 21:49:11 -------- d-----w- C:\Windows\PCHEALTH

2011-03-07 21:47:09 -------- d-----w- C:\Users\TY\AppData\Local\Microsoft Help

2011-03-07 18:19:18 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-03-07 17:08:38 -------- d-----w- C:\Users\TY\AppData\Local\Adobe

2011-03-07 16:44:49 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-03-07 16:17:16 -------- d-----w- C:\Users\TY\AppData\Roaming\FrostWire

2011-03-07 16:17:01 -------- d-----w- C:\Program Files (x86)\FrostWire

2011-03-07 16:14:56 2892 ----a-w- C:\Windows\SysWow64\audcon.sys

2011-03-07 16:12:47 -------- d-----w- C:\Program Files (x86)\Syncrosoft

2011-03-07 16:12:36 30352 ----a-w- C:\Windows\System32\drivers\synusb64.sys

2011-03-07 16:12:36 -------- d-----w- C:\Program Files (x86)\eLicenser

2011-03-07 16:12:36 -------- d-----w- C:\PROGRA~3\eLicenser

2011-03-07 15:55:49 53248 ----a-r- C:\Users\TY\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-03-07 15:55:32 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2011-03-07 15:54:24 -------- d-----w- C:\Users\TY\AppData\Roaming\Logishrd

2011-03-07 15:38:08 -------- d-----w- C:\Program Files\Yamaha

2011-03-07 15:37:54 -------- d-----w- C:\Users\TY\AppData\Local\Downloaded Installations

2011-03-07 15:16:42 -------- d-----w- C:\PROGRA~3\Syncrosoft

2011-03-07 15:15:51 -------- d-----w- C:\PROGRA~3\VST3 Presets

2011-03-07 15:04:13 -------- d-----w- C:\Program Files\Common Files\Steinberg

2011-03-07 15:04:13 -------- d-----w- C:\PROGRA~3\Steinberg

2011-03-07 15:03:22 -------- d-----w- C:\Users\TY\AppData\Roaming\Steinberg

2011-03-07 15:03:22 -------- d-----w- C:\Program Files\Steinberg

2011-03-07 15:03:20 1708544 ----a-w- C:\Windows\System32\synsoacc.dll

2011-03-07 15:03:07 86016 ----a-w- C:\Windows\SysWow64\SYNSOPOS.exe

2011-03-07 15:03:06 401462 ----a-w- C:\Windows\SysWow64\temp.000

2011-03-07 15:03:01 147456 ----a-w- C:\Windows\SysWow64\SynsoLChk.dll

2011-03-07 15:03:01 1277952 ----a-w- C:\Windows\SysWow64\SYNSOACC.dll

2011-03-07 14:55:33 -------- d-----w- C:\Program Files (x86)\Medea International Ltd

2011-03-07 14:49:40 -------- d-----w- C:\Program Files\Canon

2011-03-07 14:48:16 82944 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9A.DLL

2011-03-07 14:48:16 27648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9A.DLL

2011-03-07 14:47:58 279040 ----a-w- C:\Windows\System32\CNMLM9A.DLL

2011-03-07 14:46:42 -------- d-----w- C:\Program Files (x86)\Canon

2011-03-07 14:36:23 -------- d-----w- C:\Program Files (x86)\KORG

2011-03-07 14:35:48 -------- d-----w- C:\Windows\Downloaded Installations

2011-03-07 14:33:17 -------- d-----w- C:\Users\TY\AppData\Local\Apple Computer

2011-03-07 14:33:13 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2011-03-07 14:33:13 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2011-03-07 14:33:13 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2011-03-07 14:33:03 -------- d-----w- C:\Program Files\iPod

2011-03-07 14:33:02 -------- d-----w- C:\Program Files\iTunes

2011-03-07 14:33:02 -------- d-----w- C:\Program Files (x86)\iTunes

2011-03-07 14:33:02 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-03-07 14:17:01 -------- d-----w- C:\Users\TY\AppData\Local\ODUI

2011-03-07 14:16:59 -------- d-----w- C:\Users\TY\AppData\Roaming\Stardock

2011-03-07 14:16:59 -------- d-----w- C:\Users\TY\AppData\Local\Stardock

2011-03-07 14:16:55 -------- dc-h--w- C:\PROGRA~3\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}

2011-03-07 14:16:53 -------- d-----w- C:\Program Files (x86)\Stardock

2011-03-07 14:16:41 -------- d-----w- C:\Users\TY\AppData\Local\PackageAware

2011-03-07 13:58:51 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-03-07 13:58:49 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-03-07 13:58:16 40648 ----a-w- C:\Windows\avastSS.scr

2011-03-07 13:58:13 -------- d-----w- C:\Program Files\AVAST Software

2011-03-07 13:58:13 -------- d-----w- C:\PROGRA~3\AVAST Software

2011-03-07 13:56:37 -------- d-----w- C:\Program Files (x86)\M-Audio

2011-03-07 13:53:03 -------- d-----w- C:\Program Files\M-Audio

2011-03-07 13:53:03 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign

2011-03-07 13:47:29 -------- d-----w- C:\Users\TY\AppData\Local\Google

2011-03-07 13:18:48 -------- d-----w- C:\Users\TY\My Backup Files

2011-03-07 13:04:15 -------- d-sh--w- C:\System Recovery

2011-03-07 13:02:12 -------- d-----w- C:\Users\TY\AppData\Local\VirtualStore

2011-02-18 16:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2011-02-18 16:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll

.

==================== Find3M ====================

.

2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-02 21:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-01-31 20:28:00 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll

2011-01-07 08:07:24 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 07:31:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-01-07 07:31:10 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys

2010-12-23 06:07:50 1118720 ----a-w- C:\Windows\System32\sbe.dll

2010-12-23 06:07:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2010-12-23 06:07:49 723968 ----a-w- C:\Windows\System32\EncDec.dll

2010-12-23 06:02:33 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2010-12-23 05:28:29 850432 ----a-w- C:\Windows\SysWow64\sbe.dll

2010-12-23 05:28:28 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2010-12-23 05:28:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2010-12-23 05:24:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll

2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll

2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll

2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll

2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll

2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll

2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll

2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll

2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll

2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll

2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll

2010-12-18 06:12:28 3138048 ----a-w- C:\Windows\System32\mstscax.dll

2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-12-18 06:08:15 1097216 ----a-w- C:\Windows\System32\mstsc.exe

2010-12-18 05:30:20 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll

2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-12-18 05:26:55 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe

2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec

2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 17:53:24.23 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 07/03/2011 12:59:07

System Uptime: 13/03/2011 17:40:42 (0 hours ago)

.

Motherboard: Dell Inc. | | 0G3HR7

Processor: Intel® Core i7 CPU 870 @ 2.93GHz | CPU 1 | 2934/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 919 GiB total, 814.205 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP45: 13/03/2011 02:52:28 - Windows 7 Service Pack 1

RP46: 13/03/2011 03:39:53 - Installed Kaspersky PURE.

RP48: 13/03/2011 16:31:30 - Windows Defender Checkpoint

RP49: 13/03/2011 17:31:25 - Restore Operation

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Dreamweaver CS5

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader 9.4.2

Akamai NetSession Interface

Apple Application Support

Apple Software Update

avast! Free Antivirus

Canon iP4600 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

CD-LabelPrint

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

DirectXInstallService

eLicenser Control

EMC 10 Content

eReg

exPressit SE

FrostWire 4.21.3

Google Toolbar for Internet Explorer

Google Update Helper

iZotope Alloy

iZotope Nectar

iZotope Ozone 4

Java Auto Updater

Java 6 Update 24

KORG R3 Sound Editor

Lexicon PSP 42 1.6.1 64bit

Malwarebytes' Anti-Malware

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office 2010

Microsoft Office Basic 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox (3.6.15)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia Card Reader

Native Instruments Battery 3

NI Service Center

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

ObjectDock Free

PDF Settings CS5

PSP Neon 1.5.1 64bit

PSP sQuad 1.5.1 64bit

PSP sQuad 1.5.2 64bit

PSP VintageWarmer2 2.5.1 64bit

PSP Xenon 1.3.0 64bit

QuickTime

RarZilla Free Unrar

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Skype Toolbars

Skype

Maniac · March 13, 2011

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Going over your logs I noticed that you have FrostWire installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
They are a security risk which can make your computer susceptible to a smorgasbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall FrostWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update" tab and select Check for Updates.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your next reply, please post the following logs:

Malwarebytes' Anti-Malware log
a new fresh DDS log only

Shy n' Awkward · March 13, 2011

Step 1
I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.
Step 2
Going over your logs I noticed that you have FrostWire installed.
Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
They are a security risk which can make your computer susceptible to a smorgasbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall FrostWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
Step 3
Launch Malwarebytes' Anti-Malware
Go to Update" tab and select Check for Updates.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
In your next reply, please post the following logs:
Malwarebytes' Anti-Malware log
a new fresh DDS log only

As requested..

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6044

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

13/03/2011 20:25:17

mbam-log-2011-03-13 (20-25-17).txt

Scan type: Quick scan

Objects scanned: 163951

Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by TY at 20:27:22.58 on 13/03/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6103.4397 [GMT 0:00]