Hi, I downloaded a pile of utilities trying to get this game to work on a VPN lan system and one or maybe more of them gave me malware. I've been able to root out two names, "fun moods" and "Starfield Technologies inc"
I spend a lot of time gaming and am basically twidling my thumbs till this is resolved so please help me get this fixed quickly! I will likely be up for several more hours and checking this post constantly.
The problems I was having are site redirects and being unable to connect to my Esea client or my Minecraft client, both of which require a connection to a .net site. I have since tried another .net site "whoisit.net" and I can connect to that one fine. When I try to connect through the clients it just says connection failed as if their servers were down. When I tried to connect via mozilla it redirected me to some hotel booking site. All of these problems started today by the way.
The names come from two places, "fun moods" was the only program on my program uninstaller list which I couldn't account for and was new so it is clearly related to this, especially since the post I will link later is directly complaining about it. "Starfield Technologies inc" is what claims to "verify" the redirected site. Not sure what it is actually called but I saw that name when I hovered over the little lock beside the site address.
I did what I usually do when this kind of thing happens, google search and then ape whatever fix seems closest to my problem, in this case it was a post on your forums:
http://forums.techguy.org/virus-othe...ods-virus.html
When that didn't entirely work I searched around and ran pretty much every anti-virus program I've ever heard of, I've been at it for hours now so forgive me if I forget a few, but here is a short list:
Hijack this
Some avast thing which was a scanner and remover but not a whole antivirus program (aswMBR.exe)
Super anti spyware
Zonealarm(which I have had running with both firewall and AV the whole time, even before the problems) *edit* I had to uninstall it to system restore and as you can see in the Hijack this report some things didn't get turned back on, but they have been off for all of 20 minutes max.
Tdsskiller.exe
Exterminate it(which I think was basically designed to try and scam people into paying for it)
Malware bytes trial
Killbox
Combofix
Some thing from the link which deletes temp and browser related files
As the link said I ran the browser deleter thing, killbox and combofix in safemode and in the order provided in the link.
I did follow the steps in the link right up to the part where it said to switch everything listed in "SERVICES.MSC" to manual.
I did that but I'm pretty sure I misinterpreted something because when I restarted my desktop was almost empty, background gone and it looked like I was running windows 95 or something. So I did a system restore and now I'm back to pretty much where I was before that step. *edit* The system restore was to 4 days ago so pretty much everything I installed today is broken or gone.
The good news is I seem to have at least broken the virus/malware as it is now just redirecting me to a blank page. The bad news is I can't connect to the sites still, and I can't connect to the gaming clients either.
As a side note maybe you can help me with AVG hijacking my address bar search I really hate their search engine and much prefer google but it hasn't been enough of an issue to really seek help with since I can use the google search toolbar thing or my google homepage.
Also the only toolbars I run are the bookmark one, navigation one and the google search thing which might actually be a part of mozilla and not a toolbar, so anything toolbar related I would be happy to be rid of.
Any help would be appreciated, I will now post the requested logs:
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Morgan at 22:52:32 on 2012-10-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5213 [GMT -4:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://find.localstrike.net/
uSearch Page = hxxp://find.localstrike.net/
mStart Page = hxxp://find.localstrike.net/
mSearch Page = hxxp://find.localstrike.net/
mDefault_Page_URL = hxxp://find.localstrike.net/
mDefault_Search_URL = hxxp://find.localstrike.net/
uURLSearchHooks: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{F29A4C4E-9141-4B26-8CC7-E2BBD56CE39F} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Morgan\AppData\Roaming\Mozilla\Firefox\Profiles\lx9f0rrr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6a5eb6ee-b6bb-453c-beaf-61385ca62786%7D&mid=d56aad7e87c947d0a747f18676bd3e97-ddaa07e70375761ec8f9fa5c3eb36305c1eb1d8f&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d= 2012-06-11%2014%3A12%3A16&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchrom ebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-22 19:50; {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-22 22:00; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
.
============= SERVICES / DRIVERS ===============
.
R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2012-8-14 157696]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-7-22 121936]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-23 283200]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2012-6-3 11864]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-7-22 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-7-22 61008]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827560]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-12-6 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-7-28 10278912]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-7-27 368640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 avast! Antivirus;avast! Antivirus;"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" --> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250808]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
S3 avast! Mail Scanner;avast! Mail Scanner;"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" --> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [?]
S3 avast! Web Scanner;avast! Web Scanner;"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" --> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [?]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-7 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-7 1255736]
.
=============== Created Last 30 ================
.
2012-10-23 02:47:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{99245519-2605-4FB0-ADB6-C28294809D78}\offreg.dll
2012-10-23 01:58:12 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{99245519-2605-4FB0-ADB6-C28294809D78}\mpengine.dll
2012-10-23 01:08:19 -------- d-----w- C:\Windows\System32\%LocalAppData%
2012-10-23 00:19:22 -------- d-----w- C:\Users\Morgan\AppData\Roaming\Curiolab
2012-10-22 23:44:01 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-10-22 23:11:15 -------- d-----w- C:\Users\Morgan\AppData\Local\AMD
2012-10-22 22:50:35 -------- d-----w- C:\!KillBox
2012-10-22 21:13:17 -------- d-----w- C:\Users\Morgan\AppData\Local\Google
2012-10-22 20:56:27 -------- d-----w- C:\Users\Morgan\AppData\Local\DayZCommander
2012-10-22 20:55:23 -------- d-----w- C:\Program Files (x86)\Tunngle
2012-10-22 20:54:28 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios
2012-10-22 20:51:19 -------- d-----w- C:\Users\Morgan\AppData\Local\ArmA 2 OA
2012-10-22 20:40:40 -------- d-----w- C:\Users\Morgan\AppData\Local\ArmA 2
2012-10-22 17:09:06 -------- d-----w- C:\Program Files (x86)\ArmA 2
2012-10-21 18:48:14 -------- d-----w- C:\Program Files\ESEA
2012-10-10 22:15:04 -------- d-----w- C:\Users\Morgan\AppData\Roaming\FastStone
2012-10-10 22:14:17 -------- d-----w- C:\Program Files (x86)\FastStone Image Viewer
2012-10-10 21:56:54 -------- d-----w- C:\TEMP
2012-10-10 07:00:37 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 07:00:26 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-10 07:00:25 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-10 07:00:25 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-10 06:58:37 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 06:58:37 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 06:58:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 06:58:01 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 06:57:50 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 06:57:50 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 06:55:31 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 06:55:31 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 06:55:30 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 06:55:30 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 06:55:30 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 06:55:30 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-09-26 04:07:51 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
.
==================== Find3M ====================
.
2012-10-10 08:00:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 08:00:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-05 15:42:26 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-05 15:42:26 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-05 15:42:26 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 22:35:11 0 ----a-w- C:\Windows\ativpsrm.bin
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-28 02:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-28 02:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-28 02:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-28 02:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-28 02:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-28 02:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
.
============= FINISH: 22:53:02.92 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/6/2011 2:45:31 AM
System Uptime: 10/22/2012 10:04:07 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A785T-M
Processor: AMD Phenom(tm) II X6 1090T Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 126.055 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP166: 10/18/2012 1:24:06 PM - Installed Java 7 Update 9
RP167: 10/22/2012 4:53:53 PM - Installed DayZ Commander
RP168: 10/22/2012 4:55:38 PM - Device Driver Package Install: TAP-Win32 Provider V9 (Tunngle) Network adapters
RP169: 10/22/2012 5:16:53 PM - Installed Virtual CD v10 Demo
RP170: 10/22/2012 6:45:07 PM - Removed Virtual CD v10 Demo
RP171: 10/22/2012 7:43:03 PM - Installed HiJackThis
RP172: 10/22/2012 7:48:39 PM - Installed Java(TM) 6 Update 34
RP173: 10/22/2012 8:42:58 PM - Removed Java(TM) 6 Update 34
RP174: 10/22/2012 8:44:45 PM - Installed Java(TM) 6 Update 34
RP175: 10/22/2012 9:11:30 PM - Restore Operation
RP176: 10/22/2012 9:57:44 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
AC3Filter (remove only)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Arcanum
Ares 2.1.8
ARMA 2: Free
ArmA II Launcher
Baldur's Gate
Battle.net
BattlEye (A2Free) Uninstall
BitComet 1.30 64-bit
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Clan 'Mech Pak
Counter-Strike
Counter-Strike: Source
Crimsonland
D3DX10
DAEMON Tools Lite
Diablo II
Diablo III
Divine Wind version 5.1
DivX Setup
Driver Fusion
Dungeons of Dredmor
Endless.Space
Europa Universalis III
Fallout New Vegas
FastStone Image Viewer 4.6
Fort Zombie
Free Window Registry Repair
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 29 (64-bit)
Java(TM) 6 Update 33
JavaFX 2.1.1
Just Cause 2
Magic The Gathering
Magic The Gathering - Duels of the Planeswalkers 2012
Magic The Gathering - Duels of the Planeswalkers 2013
MagicTG
MechWarrior Black Knight
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.0
Mozilla Firefox 16.0.1 (x86 en-US)
MSVCRT
Pcsx2 0.9.6
Pharaoh
Raidcall
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek HDMI Audio Driver for ATI
RealUpgrade 1.1
Revo Uninstaller 1.94
Saints Row The Third
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Steam
SUPERAntiSpyware
Team Fortress 2
The Walking Dead (c) 3 version 1
UltraISO Premium V9.52
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
Warcraft III
WarZone Client
WarZone Client v1.0.41
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (64-bit)
World of Battles
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
10/22/2012 9:44:28 PM, Error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).
10/22/2012 9:16:41 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
10/22/2012 8:58:09 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2012 8:50:04 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
10/22/2012 7:55:34 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/22/2012 7:55:34 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
10/22/2012 7:02:00 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/22/2012 6:53:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
10/22/2012 6:52:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/22/2012 6:52:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/22/2012 6:52:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/22/2012 6:52:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/22/2012 6:52:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/22/2012 6:52:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/22/2012 6:52:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC discache kl2 KLIF NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Vsdatant Wanarpv6 WfpLwf ws2ifsl
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/22/2012 6:51:57 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/22/2012 6:38:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
10/22/2012 6:33:39 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/22/2012 6:14:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC discache kl2 KLIF NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vdrv1000 Vsdatant Wanarpv6 WfpLwf
10/22/2012 5:47:59 PM, Error: Service Control Manager [7034] - The Virtual CD v10 Management Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2012 10:04:52 PM, Error: Service Control Manager [7000] - The vToolbarUpdater11.0.2 service failed to start due to the following error: The system cannot find the file specified.
10/22/2012 10:04:52 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
10/22/2012 10:04:49 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The system cannot find the file specified.
10/19/2012 2:47:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0).
10/18/2012 1:03:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD FUEL Service service to connect.
10/18/2012 1:03:51 PM, Error: Service Control Manager [7000] - The AMD FUEL Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/17/2012 1:38:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/17/2012 1:38:27 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/17/2012 1:38:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:31:44 PM, on 10/22/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Morgan\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.localstrike.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.worldwinner.com
O15 - Trusted Zone: http://www.worldwinner.com
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (file missing)
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 8976 bytes
I spend a lot of time gaming and am basically twidling my thumbs till this is resolved so please help me get this fixed quickly! I will likely be up for several more hours and checking this post constantly.
The problems I was having are site redirects and being unable to connect to my Esea client or my Minecraft client, both of which require a connection to a .net site. I have since tried another .net site "whoisit.net" and I can connect to that one fine. When I try to connect through the clients it just says connection failed as if their servers were down. When I tried to connect via mozilla it redirected me to some hotel booking site. All of these problems started today by the way.
The names come from two places, "fun moods" was the only program on my program uninstaller list which I couldn't account for and was new so it is clearly related to this, especially since the post I will link later is directly complaining about it. "Starfield Technologies inc" is what claims to "verify" the redirected site. Not sure what it is actually called but I saw that name when I hovered over the little lock beside the site address.
I did what I usually do when this kind of thing happens, google search and then ape whatever fix seems closest to my problem, in this case it was a post on your forums:
http://forums.techguy.org/virus-othe...ods-virus.html
When that didn't entirely work I searched around and ran pretty much every anti-virus program I've ever heard of, I've been at it for hours now so forgive me if I forget a few, but here is a short list:
Hijack this
Some avast thing which was a scanner and remover but not a whole antivirus program (aswMBR.exe)
Super anti spyware
Zonealarm(which I have had running with both firewall and AV the whole time, even before the problems) *edit* I had to uninstall it to system restore and as you can see in the Hijack this report some things didn't get turned back on, but they have been off for all of 20 minutes max.
Tdsskiller.exe
Exterminate it(which I think was basically designed to try and scam people into paying for it)
Malware bytes trial
Killbox
Combofix
Some thing from the link which deletes temp and browser related files
As the link said I ran the browser deleter thing, killbox and combofix in safemode and in the order provided in the link.
I did follow the steps in the link right up to the part where it said to switch everything listed in "SERVICES.MSC" to manual.
I did that but I'm pretty sure I misinterpreted something because when I restarted my desktop was almost empty, background gone and it looked like I was running windows 95 or something. So I did a system restore and now I'm back to pretty much where I was before that step. *edit* The system restore was to 4 days ago so pretty much everything I installed today is broken or gone.
The good news is I seem to have at least broken the virus/malware as it is now just redirecting me to a blank page. The bad news is I can't connect to the sites still, and I can't connect to the gaming clients either.
As a side note maybe you can help me with AVG hijacking my address bar search I really hate their search engine and much prefer google but it hasn't been enough of an issue to really seek help with since I can use the google search toolbar thing or my google homepage.
Also the only toolbars I run are the bookmark one, navigation one and the google search thing which might actually be a part of mozilla and not a toolbar, so anything toolbar related I would be happy to be rid of.
Any help would be appreciated, I will now post the requested logs:
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Morgan at 22:52:32 on 2012-10-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5213 [GMT -4:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://find.localstrike.net/
uSearch Page = hxxp://find.localstrike.net/
mStart Page = hxxp://find.localstrike.net/
mSearch Page = hxxp://find.localstrike.net/
mDefault_Page_URL = hxxp://find.localstrike.net/
mDefault_Search_URL = hxxp://find.localstrike.net/
uURLSearchHooks: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{F29A4C4E-9141-4B26-8CC7-E2BBD56CE39F} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Morgan\AppData\Roaming\Mozilla\Firefox\Profiles\lx9f0rrr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6a5eb6ee-b6bb-453c-beaf-61385ca62786%7D&mid=d56aad7e87c947d0a747f18676bd3e97-ddaa07e70375761ec8f9fa5c3eb36305c1eb1d8f&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d= 2012-06-11%2014%3A12%3A16&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchrom ebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-22 19:50; {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-22 22:00; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
.
============= SERVICES / DRIVERS ===============
.
R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2012-8-14 157696]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-7-22 121936]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-23 283200]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2012-6-3 11864]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-7-22 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-7-22 61008]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827560]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-12-6 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-7-28 10278912]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-7-27 368640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 avast! Antivirus;avast! Antivirus;"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" --> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250808]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
S3 avast! Mail Scanner;avast! Mail Scanner;"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" --> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [?]
S3 avast! Web Scanner;avast! Web Scanner;"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" --> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [?]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-7 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-7 1255736]
.
=============== Created Last 30 ================
.
2012-10-23 02:47:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{99245519-2605-4FB0-ADB6-C28294809D78}\offreg.dll
2012-10-23 01:58:12 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{99245519-2605-4FB0-ADB6-C28294809D78}\mpengine.dll
2012-10-23 01:08:19 -------- d-----w- C:\Windows\System32\%LocalAppData%
2012-10-23 00:19:22 -------- d-----w- C:\Users\Morgan\AppData\Roaming\Curiolab
2012-10-22 23:44:01 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-10-22 23:11:15 -------- d-----w- C:\Users\Morgan\AppData\Local\AMD
2012-10-22 22:50:35 -------- d-----w- C:\!KillBox
2012-10-22 21:13:17 -------- d-----w- C:\Users\Morgan\AppData\Local\Google
2012-10-22 20:56:27 -------- d-----w- C:\Users\Morgan\AppData\Local\DayZCommander
2012-10-22 20:55:23 -------- d-----w- C:\Program Files (x86)\Tunngle
2012-10-22 20:54:28 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios
2012-10-22 20:51:19 -------- d-----w- C:\Users\Morgan\AppData\Local\ArmA 2 OA
2012-10-22 20:40:40 -------- d-----w- C:\Users\Morgan\AppData\Local\ArmA 2
2012-10-22 17:09:06 -------- d-----w- C:\Program Files (x86)\ArmA 2
2012-10-21 18:48:14 -------- d-----w- C:\Program Files\ESEA
2012-10-10 22:15:04 -------- d-----w- C:\Users\Morgan\AppData\Roaming\FastStone
2012-10-10 22:14:17 -------- d-----w- C:\Program Files (x86)\FastStone Image Viewer
2012-10-10 21:56:54 -------- d-----w- C:\TEMP
2012-10-10 07:00:37 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 07:00:26 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-10 07:00:25 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-10 07:00:25 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-10 06:58:37 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 06:58:37 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 06:58:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 06:58:01 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 06:57:50 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 06:57:50 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 06:55:31 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 06:55:31 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 06:55:30 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 06:55:30 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 06:55:30 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 06:55:30 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-09-26 04:07:51 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
.
==================== Find3M ====================
.
2012-10-10 08:00:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 08:00:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-05 15:42:26 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-05 15:42:26 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-05 15:42:26 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 22:35:11 0 ----a-w- C:\Windows\ativpsrm.bin
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-28 02:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-28 02:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-28 02:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-28 02:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-28 02:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-28 02:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
.
============= FINISH: 22:53:02.92 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/6/2011 2:45:31 AM
System Uptime: 10/22/2012 10:04:07 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A785T-M
Processor: AMD Phenom(tm) II X6 1090T Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 126.055 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP166: 10/18/2012 1:24:06 PM - Installed Java 7 Update 9
RP167: 10/22/2012 4:53:53 PM - Installed DayZ Commander
RP168: 10/22/2012 4:55:38 PM - Device Driver Package Install: TAP-Win32 Provider V9 (Tunngle) Network adapters
RP169: 10/22/2012 5:16:53 PM - Installed Virtual CD v10 Demo
RP170: 10/22/2012 6:45:07 PM - Removed Virtual CD v10 Demo
RP171: 10/22/2012 7:43:03 PM - Installed HiJackThis
RP172: 10/22/2012 7:48:39 PM - Installed Java(TM) 6 Update 34
RP173: 10/22/2012 8:42:58 PM - Removed Java(TM) 6 Update 34
RP174: 10/22/2012 8:44:45 PM - Installed Java(TM) 6 Update 34
RP175: 10/22/2012 9:11:30 PM - Restore Operation
RP176: 10/22/2012 9:57:44 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
AC3Filter (remove only)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Arcanum
Ares 2.1.8
ARMA 2: Free
ArmA II Launcher
Baldur's Gate
Battle.net
BattlEye (A2Free) Uninstall
BitComet 1.30 64-bit
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Clan 'Mech Pak
Counter-Strike
Counter-Strike: Source
Crimsonland
D3DX10
DAEMON Tools Lite
Diablo II
Diablo III
Divine Wind version 5.1
DivX Setup
Driver Fusion
Dungeons of Dredmor
Endless.Space
Europa Universalis III
Fallout New Vegas
FastStone Image Viewer 4.6
Fort Zombie
Free Window Registry Repair
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 29 (64-bit)
Java(TM) 6 Update 33
JavaFX 2.1.1
Just Cause 2
Magic The Gathering
Magic The Gathering - Duels of the Planeswalkers 2012
Magic The Gathering - Duels of the Planeswalkers 2013
MagicTG
MechWarrior Black Knight
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.0
Mozilla Firefox 16.0.1 (x86 en-US)
MSVCRT
Pcsx2 0.9.6
Pharaoh
Raidcall
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek HDMI Audio Driver for ATI
RealUpgrade 1.1
Revo Uninstaller 1.94
Saints Row The Third
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Steam
SUPERAntiSpyware
Team Fortress 2
The Walking Dead (c) 3 version 1
UltraISO Premium V9.52
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
Warcraft III
WarZone Client
WarZone Client v1.0.41
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (64-bit)
World of Battles
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
10/22/2012 9:44:28 PM, Error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).
10/22/2012 9:16:41 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
10/22/2012 8:58:09 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2012 8:50:04 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
10/22/2012 7:55:34 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/22/2012 7:55:34 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
10/22/2012 7:02:00 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/22/2012 6:53:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
10/22/2012 6:52:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/22/2012 6:52:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/22/2012 6:52:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/22/2012 6:52:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/22/2012 6:52:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/22/2012 6:52:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/22/2012 6:52:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC discache kl2 KLIF NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Vsdatant Wanarpv6 WfpLwf ws2ifsl
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/22/2012 6:52:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/22/2012 6:51:57 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/22/2012 6:38:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
10/22/2012 6:33:39 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/22/2012 6:14:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC discache kl2 KLIF NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vdrv1000 Vsdatant Wanarpv6 WfpLwf
10/22/2012 5:47:59 PM, Error: Service Control Manager [7034] - The Virtual CD v10 Management Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2012 10:04:52 PM, Error: Service Control Manager [7000] - The vToolbarUpdater11.0.2 service failed to start due to the following error: The system cannot find the file specified.
10/22/2012 10:04:52 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
10/22/2012 10:04:49 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The system cannot find the file specified.
10/19/2012 2:47:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0).
10/18/2012 1:03:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD FUEL Service service to connect.
10/18/2012 1:03:51 PM, Error: Service Control Manager [7000] - The AMD FUEL Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/17/2012 1:38:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/17/2012 1:38:27 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/17/2012 1:38:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:31:44 PM, on 10/22/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Morgan\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.localstrike.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.worldwinner.com
O15 - Trusted Zone: http://www.worldwinner.com
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (file missing)
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 8976 bytes