Please help [SOLVED]

[Chaos63]

I have 2 files that I cannot get rid of, IObit picks them up every time I scan, even after removal of them

[Chaos63]

360 Report

 

IObit Security 360

 

OS:Windows 7

Version:1.4.1.11

Define Version:1407

Time Elapsed:00:10:03

Objects Scanned:66161

Threats Found:2

 

|Name|Type|Description|ID|

Trojan.BuzusAovd - Quarantined, File, C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682\icfupgd.dll, 12-241

Trojan.BuzusAovd - Quarantined, File, C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\icfupgd.dll, 12-241

[Chaos63]

Dds

 

DDS (Ver_10-03-17.01) - NTFSX64

Run by Chaos at 10:14:12.15 on Tue 06/04/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.8189.6276 [GMT 10:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe

C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\McAfee\MSK\MskSrver.exe

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe

c:\PROGRA~2\mcafee.com\agent\mcagent.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Windows\vVX3000.exe

C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Logitech\SetPoint II\SetPointII.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLiteShellHlp.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files (x86)\Logitech\G35\G35.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\CyberLink\Shared Files\brs.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Chaos\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Chaos\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360.exe

C:\Windows\system32\taskhost.exe

C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Chaos\Desktop\dds.scr

C:\Windows\system32\conhost.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://mystart.incredimail.com/

uInternet Settings,ProxyServer = localhost:100

mWinlogon: Userinit=userinit.exe

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files (x86)\bitcomet\tools\BitCometBHO_1.3.7.16.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll

uRun: [Weather Tracker3] c:\program files (x86)\weatherzone tracker\weather_tracker.exe

uRun: [Google Update] "c:\users\chaos\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [incrediMail] c:\program files (x86)\incredimail\bin\IncMail.exe /c

uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun

uRun: [svchost.exe] c:\users\chaos\appdata\roaming\microsoft\svchost.exe

mRun: [Logitech G35] c:\program files (x86)\logitech\g35\G35.exe

mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Microsoft WinUpdate] c:\windows\system32\msupdte.exe

mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE

mRun: [RemoteControl9] "c:\program files (x86)\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files (x86)\cyberlink\powerdvd9\language\Language.exe"

mRun: [bDRegion] c:\program files (x86)\cyberlink\shared files\brs.exe

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [LifeCam] "c:\program files (x86)\microsoft lifecam\LifeExp.exe"

mRun: [iObit Security 360] "c:\program files (x86)\iobit\iobit security 360\IS360tray.exe" /autostart

dRun: [CtxfiReg] CTXFIREG.exe /FAIL1

dRun: [DelayShred] c:\progra~2\mcafee\mshr\shrcl.exe /p7 /q c:\users\chaos\appdata\local\temp\MPROJE~1.SH!

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\setpoi~1.lnk - c:\program files\logitech\setpoint ii\SetPointII.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableTaskMgr = 1 (0x1)

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files (x86)\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206

STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\SysWow64\DreamScene.dll

STS: {A9BA40A1-74F1-52BD-F434-00B15A2C8953} - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\MSKAPB~1.DLL

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO-X64: scriptproxy - No File

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun-x64: [CanonSolutionMenu] c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe /logon

mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"

mRun-x64: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"

mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE

mRun-x64: [VX3000] c:\windows\vVX3000.exe

mRun-x64: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"

STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\chaos\appdata\roaming\mozilla\firefox\profiles\wv1vtsj1.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://www.freeality.com/

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=

FF - plugin: c:\program files (x86)\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\users\chaos\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-3 308296]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/05 18:30:08];c:\program files (x86)\cyberlink\powerdvd9\000.fcl [2009-2-28 146928]

R2 IS360service;IS360service;c:\program files (x86)\iobit\iobit security 360\is360srv.exe [2010-3-27 311568]

R2 McProxy;McAfee Proxy Service;c:\program files (x86)\common files\mcafee\mcproxy\McProxy.exe [2009-8-3 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-16 155456]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-7-14 230424]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-7-14 1445912]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-7-14 95256]

R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-7-14 1613336]

R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2amd64.sys [2009-5-28 61712]

R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMamd64.sys [2009-5-28 376848]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-7-14 22408]

R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\drivers\LGPBTDD.sys [2009-7-1 30728]

R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2009-10-16 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-3 102472]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-3 49480]

R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclk64.sys [2009-9-15 42088]

S2 MSMQSVC;Message Queuing Service;c:\windows\system32\mqsv32.exe --> c:\windows\system32\mqsv32.exe [?]

S2 NapAgMan;Network Access Protection Manager;c:\windows\system32\napaserv.exe --> c:\windows\system32\napaserv.exe [?]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-10-3 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-7-14 230424]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-7-14 1445912]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-7-14 95256]

S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2008-12-3 12744]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-7-14 16008]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-3 40904]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-31 1255736]

 

=============== Created Last 30 ================

 

2010-04-05 00:45:06 0 d-----w- c:\program files (x86)\Simon the Sorcerer 5

2010-04-04 00:16:40 0 d-----w- c:\programdata\WildTangent

2010-04-04 00:14:46 0 d-----w- c:\program files (x86)\FATE - The Traitor Soul

2010-04-02 23:01:58 0 d-----w- c:\programdata\Sun

2010-04-02 23:01:45 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-04-02 23:01:45 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-04-02 23:01:45 145184 ----a-w- c:\windows\syswow64\java.exe

2010-04-01 23:21:31 0 d-----w- c:\users\chaos\appdata\roaming\Magic3

2010-03-31 23:20:22 0 d-----w- c:\users\chaos\appdata\roaming\Settlement. Colossus

2010-03-30 23:30:02 0 d-----w- c:\windows\syswow64\Wat

2010-03-30 23:30:02 0 d-----w- c:\windows\system32\Wat

2010-03-30 05:49:19 0 d-----w- c:\program files (x86)\Just Cause 2

2010-03-30 05:09:27 0 d-----w- c:\users\chaos\appdata\roaming\Western Software Technologies

2010-03-30 00:49:15 0 d-----w- c:\users\chaos\appdata\roaming\One Thing Studios

2010-03-29 20:34:54 0 d-----w- c:\programdata\Logitech

2010-03-28 20:04:43 0 d-----w- c:\programdata\Redrum

2010-03-27 22:37:25 0 d-----w- c:\programdata\Particles

2010-03-27 09:42:32 0 d-----w- c:\users\chaos\appdata\roaming\GameMill Entertainment

2010-03-27 09:41:18 0 d-----w- c:\users\chaos\appdata\roaming\Specialbit

2010-03-25 05:33:44 0 d-----w- c:\users\chaos\appdata\roaming\Top Evidence

2010-03-25 05:33:44 0 d-----w- c:\programdata\Top Evidence

2010-03-24 22:36:53 0 d-----w- c:\program files (x86)\Datel

2010-03-24 21:06:46 0 d-----w- c:\programdata\Kingdom

2010-03-23 02:41:50 0 d-----w- c:\programdata\Sony Online Entertainment

2010-03-23 01:45:50 0 d-----w- c:\users\chaos\appdata\roaming\Playrix Entertainment

2010-03-23 01:36:08 0 d-----w- c:\program files (x86)\Phantom EFX

2010-03-22 22:26:05 343 ----a-w- c:\users\chaos\Isidiada.pgs

2010-03-22 15:46:50 0 d-----w- c:\programdata\MySQL

2010-03-21 04:12:46 0 d-----w- c:\users\chaos\appdata\roaming\Skunk Studios

2010-03-21 03:42:23 0 d-sh--r- c:\programdata\Orneon

2010-03-21 03:42:23 0 d-----w- c:\users\chaos\appdata\roaming\Orneon

2010-03-21 01:27:59 0 d-----w- c:\users\chaos\appdata\roaming\User Protection

2010-03-21 01:16:07 0 d-----w- c:\program files (x86)\User Protection

2010-03-21 01:04:16 0 d-----w- c:\program files (x86)\Avanquest Software

2010-03-21 01:03:07 0 d-----w- c:\programdata\Avanquest Software

2010-03-20 22:57:32 0 d-----w- c:\users\chaos\appdata\roaming\Jetdogs Studios

2010-03-20 13:27:41 0 d-----w- c:\users\chaos\appdata\roaming\BoneTown

2010-03-20 13:14:45 0 d-----w- c:\program files (x86)\BoneTown

2010-03-19 23:33:00 5120 ----a-w- c:\windows\syswow64\napaserv.exe

2010-03-19 23:33:00 511558 ----a-w- c:\windows\syswow64\pragnt18.dll

2010-03-19 23:21:18 0 d-----w- c:\users\chaos\appdata\roaming\Big Fish Games

2010-03-18 22:49:53 0 d-----w- c:\windows\Engineering Mystery of the Ancient Clock

2010-03-18 02:40:32 0 d-----w- c:\users\chaos\appdata\roaming\Command and Conquer 4

2010-03-18 02:28:50 0 d-----w- c:\programdata\Electronic Arts

2010-03-15 10:34:58 0 d-----w- c:\users\chaos\appdata\roaming\20000Leagues

2010-03-15 10:34:58 0 d-----w- c:\programdata\20000Leagues

2010-03-15 10:34:19 0 d-----w- c:\users\chaos\appdata\roaming\Roaming

2010-03-14 02:03:45 0 d-----w- c:\program files (x86)\Mangled Eye Studios

2010-03-14 01:47:39 0 d-----w- c:\program files (x86)\Warhammer 40000 Dawn of War II - Chaos Rising

2010-03-13 10:02:23 0 d-----w- c:\users\chaos\appdata\roaming\QB9

2010-03-13 09:16:40 0 d-----w- c:\users\chaos\appdata\roaming\uTorrent

2010-03-12 23:21:03 0 d-----w- c:\users\chaos\appdata\roaming\G-HeadGames

2010-03-12 13:08:22 0 d-----w- c:\users\chaos\appdata\roaming\The Inquisitor

2010-03-12 13:08:22 0 d-----w- c:\programdata\The Inquisitor

2010-03-12 13:07:45 0 d-----w- c:\program files (x86)\Wolfgang Holbeins The Inquisitor

2010-03-12 07:19:17 0 d-----w- c:\users\chaos\appdata\roaming\TheScruffs

2010-03-12 07:19:16 0 d-sh--w- c:\windows\ftpcache

2010-03-12 07:18:51 0 d-----w- c:\windows\The Scruffs

2010-03-12 07:01:01 0 d-----w- c:\users\chaos\appdata\roaming\Fireglow Games

2010-03-12 06:48:59 0 d-----w- c:\users\chaos\appdata\roaming\SulusGames

2010-03-11 23:33:42 0 d-----w- c:\users\chaos\appdata\roaming\PoBros

2010-03-11 23:14:44 0 d-----w- c:\users\chaos\appdata\roaming\DarkParablesBriarRose_BFG

2010-03-11 22:53:15 0 d-----w- c:\users\chaos\appdata\roaming\ShinyTales

2010-03-11 22:48:39 0 d-----w- c:\program files (x86)\PobRos

2010-03-10 00:01:41 0 d-----w- c:\program files (x86)\Ashampoo

2010-03-09 09:01:04 0 d-----w- c:\users\chaos\appdata\roaming\GameInvest

2010-03-09 04:12:41 0 d-----w- c:\programdata\CanonIJ

2010-03-09 04:11:46 0 d--h--w- c:\programdata\CanonIJScan

2010-03-09 01:33:06 0 d-----w- c:\users\chaos\appdata\roaming\MemoryClinic

2010-03-07 19:55:02 0 d-----w- c:\program files (x86)\Blu-ray to DVD Pro

 

==================== Find3M ====================

 

2010-03-08 17:28:20 411368 ----a-w- c:\windows\syswow64\deploytk.dll

2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll

2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll

2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-02-19 04:08:34 95661 ----a-w- c:\program files (x86)\DefUser.ini

2010-02-18 17:13:34 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll

2010-02-16 06:23:54 834544 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-02-16 05:41:55 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2010-02-16 05:41:55 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys

2010-02-03 23:01:14 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2010-02-03 23:01:14 74072 ----a-w- c:\windows\syswow64\XAPOFX1_4.dll

2010-02-03 23:01:14 530776 ----a-w- c:\windows\system32\XAudio2_6.dll

2010-02-03 23:01:14 528216 ----a-w- c:\windows\syswow64\XAudio2_6.dll

2010-02-03 23:01:14 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2010-02-03 23:01:14 238936 ----a-w- c:\windows\syswow64\xactengine3_6.dll

2010-02-03 23:01:14 22360 ----a-w- c:\windows\syswow64\X3DAudio1_7.dll

2010-02-03 23:01:14 176984 ----a-w- c:\windows\system32\xactengine3_6.dll

2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll

2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll

2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll

2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll

2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe

2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe

2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe

2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe

2010-01-13 13:41:50 87083218 ----a-w- c:\users\chaos\appdata\roaming\MatchmakerSetup.exe

2010-01-11 12:19:00 159336 ----a-w- c:\windows\system32\nvvsvc.exe

2010-01-11 12:19:00 14822504 ----a-w- c:\windows\system32\nvcpl.dll

2010-01-11 12:19:00 116328 ----a-w- c:\windows\system32\nvmctray.dll

2010-01-11 12:19:00 1037416 ----a-w- c:\windows\system32\nvsvc64.dll

2009-10-10 12:08:32 77 ----a-w- c:\program files (x86)\hotdog.ini

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

 

============= FINISH: 10:14:29.80 ===============

[Chaos63]

Attach txt

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 27/09/2009 9:04:25 PM

System Uptime: 4/06/2010 9:56:57 AM (-1415 hours ago)

 

Motherboard: Gigabyte Technology Co., Ltd. | | EX58-EXTREME

Processor: Intel® Core i7 CPU 975 @ 3.33GHz | Socket 1366 | 3458/133mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 279 GiB total, 116.167 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 932 GiB total, 680.348 GiB free.

F: is CDROM ()

G: is CDROM ()

H: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: Realtek High Definition Audio

Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001\4&730555E&0&0201

Manufacturer: Realtek

Name: Realtek High Definition Audio

PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0885&SUBSYS_1458A002&REV_1001\4&730555E&0&0201

Service: IntcAzAudAddService

 

==== System Restore Points ===================

 

RP111: 5/04/2010 11:05:48 AM - Maybe a Virus :P

 

==== Installed Programs ======================

 

 

10 Days To Save The World 1.00

1001 Nights The Adventures of Sinbad

1912 Titanic Mystery

20,000 Leagues Under the Sea 1.00

3DMark Vantage

3DMark06

AAC Decoder

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9

Adrianne Stone Hidden Relics

Advanced SystemCare 3

Age Of Oracles-Tara's Journey .

Alabama Smith in Escape From Pompeii 1.00

Alabama Smith in the Quest of Fate 1.00

Alexandra Fortune Mystery of the Lunar Archipelago 1.00

Alice in Wonderland 1.00

Amazing Adventures 2 - Around the World

Amazing Adventures The Caribbean Secret

Amazing Adventures The Lost Tomb 1.0.0.5

Amazing Pyramids 1.00

American Adventure

Ankh The Lost Treasures 1.00

Annies Millions

Apparitions Kotsmine Hills 1.00

Apple Application Support

Apple Software Update

Ashampoo Burning Studio 2010

µTorrent

AutoUpdate

Autumn's Treasures The Jade Coin 1.00

AVI Splitter

Awakening - The Dreamless Castle .

Babylonia .

Be Richer .

Becky Brogan-The MysteryOf Meane Manor .

Big Fish Games Client

BitComet 1.17

Blood Ties .

Blu-ray to DVD Pro ver 1.30

BoneTown

Bonjour

Broken Hearts - A Soldier's Duty 1.00

Cajun Cop

Call of Duty Modern Warfare 2

Campfire Legends The Hookman 1.00

Canon Easy-WebPrint EX

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 3.0

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

City Style 1.00

Conan Stats ( Remove only)

Concentration 1.00

ConvertXtoDVD 2.2.3.258

Creative Audio Control Panel

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

Curse of the Pharaoh - Napoleons Secret 1.00

Curse of the Pharaoh Tears of Sekhmet 1.00

CyberLink PowerDVD 9

DAEMON Tools Toolbar

Dark Parables Curse of Briar Rose Collectors Edition 1.00

Dark Salvation

Dark Tales - Edgar Allan Poes Murders in the Rue Morgue Collectors Edition 1.00

Destination Treasure Island

Diamon Jones: Eye of the Dragon

Divinity II - Ego Draconis

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Version Checker

DivX Web Player

Doors of the Mind Inner Mysteries 1.00

Dr. Wise Medical Mysteries 1.00

Dracula Files 1.00

Dragon Age: Origins

Drawn The Painted Tower 1.00

Dream Day Wedding 6 Bella Italia 1.00

dreamkiller

DVD Photo Slideshow Pro 7.94

e-tax 2009

EA Download Manager

EA Download Manager UI

Echoes of the Past Royal House of Stone 1.00

Edens Quest - The Hunt for Akua

Elementals - The Magic Key

Engineering Mystery of the Ancient Clock

erLT

Escape from Lost Island % CompanyName%

Escape the Museum 2 1.00

EVE Online (remove only)

Evoly

Fast Food Empire (UK) 1.0

FATE - The Traitor Soul

Fishdom Frosty Splash

Fishdom Harvest Splash 1.00

Fishdom Spooky Splash

Flux Family Secrets - The Ripple Effect 1.00

FLV Player X 1.0.1

Futuremark SystemInfo

Gardenscapes 1.00

Gemini Lost .

GHOST Hunters-The Haunting Of Majesty Manor .

Ghost Pirates

Ghost Town Mysteries Bodie

Google Chrome

H.264 Decoder

Harlequin Presents-Hidden Object Of Desire .

Haunted Hotel 2 - Believe the Lies 1.00

Haunted Manor Lord of Mirrors Collectors Edition 1.00

HdO Adventure Hollywood

Hell's Kitchen

Hidden Expedition - Amazon 1.11

Hidden Identity 1.00

Hidden Magic .

Hidden Mysteries The Fateful Voyage Titanic 1.00

Hidden World Of Art 1.00

Hide & Secret

Hoyle Puzzle & Board Games 2010 (remove only)

Hoyle Slots 2010 (remove only)

I Spy Spooky Mansion

ILLUSION ???????????!

ILLUSION Sexy???3

IncrediMail

IncrediMail 2.0

Insider Tales The Secret Of Casanova 1.00

Insider Tales The Stolen Venus 1.00

Insider Tales Vanished In Rome

IObit Security 360

iSkysoft Video Converter(Build 2.2.1.0)

Island The Lost Medallion 1.00

It's All About Masks 1.00

iTunes

Jane Angel Templar Mystery 1.00

Java Auto Updater

Java 6 Update 19

Jetsetter 1.00

Jewel Match 2

Jewel Quest Mysteries

Jewel Quest Mysteries - Curse of the Emerald Tear

Jewel Quest Mysteries 2Trail of the Midnight Heart

Jewels of Cleopatra 2 Aztec Mysteries 1.00

Jigsaw Kittens 1.00

Junk Mail filter update

K-Lite Mega Codec Pack 1.25

Kellie Stanford - Turn of Fate

Kitchen Brigade .

Legends Of The Wild West-Golden Hill .

LimeWire PRO 4.18.8

Little Things .

Lost City Of Aquatica .

Lost City of Z - Special Edition

Lost City of Z 1.00

Lost in Reefs

Lost Realms The Curse of Babylon 1.00

Lost Secrets - Ancient Mysteries

LoveChess Demo v1.3b

Mae Q'West and the Sign of the Stars 1.00

Magic Academy II .

Magic Encyclopedia 3 Illusions 1.00

Magic Encyclopedia Moon Light 1.00

Magic ISO Maker v5.5 (build 0265)

Magic Match-The Genies Journey .

Magic Match The Genies Journey

MagicDisc 2.7.106

Majesty 2: The Fantasy Kingdom Sim

Many Years Ago 1.00

Marooned 1.00

Mary Kay Andrews - The Fixer Upper

Mass Effect 2

Masters Of Mystery-Blood Of Betrayal .

Masters Of Mystery Crime Of Fashion 1.00

Mata Hari

McAfee SecurityCenter

Memory Clinic 1.00

Microsoft Choice Guard

Microsoft Corporation

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft XML Parser

Millennium Secrets Emerald Curse 1.00

Minds Eye Secrets Of The Forgotten 1.00

Mini Ninjas 1.0

Mishap An Accidental Haunting 1.00

MKV Splitter

Mortimer Beckett and the Lost King Premium Edition 1.00

Mortimer Beckett and the Secrets of Spooky Manor 1.00

Mozilla Firefox (3.6)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Murder, She Wrote 1.00

Mysterious City Cairo 1.00

Mysterious City Vegas

Mystery Age The Imperial Staff 1.00

Mystery Case Files - Huntsville 1.00

Mystery Case Files Dire Grove Collectors Edition (Updated) 1.1.5

Mystery Masterpiece - The Moonstone 1.00

Mystery of Cleopatra 1.00

Mystery of Unicorn Castle

Mystery Stories - Berlin Nights FINAL 1.00

Natalie Brooks - Mystery at Hillcrest High

NCsoft Launcher

NecroVisioN Patch 1.1

NecroVisioN Patch 1.2

Neptune's Secret 1.00

Nero 8 Essentials

neroxml

Nick Chase and the Deadly Diamond 1.00

Nightfall Mysteries Curse of the Opera 1.00

Nora Roberts Vision In White

Nora Roberts Vision In White 1.00

NVIDIA GAME System Software 2.8.1

NVIDIA Performance

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NVIDIA System Monitor

NVIDIA System Update

OpenAL

Pando Media Booster

Pathfinders Lost at Sea 1.00

PhotoMail Maker

Pirateville 1.00

Plumeboom Park 1.00

Pocahontas - Princess of Powhatan 1.00

Poser Pro

Potion Bar 1.00

PowerISO

Princess Isabella A Witch's Curse 1.00

PuppetShow Mystery of Joyville 1.00

QuickTime

Ranch Rush

Real Crimes Jack the Ripper

Real Crimes The Unicorn Killer

Realtek High Definition Audio Driver

redist

Redrum Dead Diary 1.00

Reincarnations - Awakening

Rescue at Rajini Island 1.00

Romance of Rome

Route 66 .

Sacred 2

Samantha Swift and the Mystery From Atlantis 1.00

Sarah Maribu and The Lost World

Save Our Spirit 1.00

Season of Mystery The Cherry Blossom Murders 1.00

Secret Mission 2 - The Forgotten Island

Secret Missions - Mata Hari and the Kaiser's Submarines 1.00

Section 8

Settlement Colossus 1.00

Shutter Island 1.00

Simon the Sorcerer - Who'd Even Want Contact?!

Sinking Island

Smart Defrag

Something Special 1.00

Soul Link

Stone of Destiny

Strange Cases The Tarot Card Mystery 1.00

Sultan's Labyrinth - A Royal SacrificeJust For Fun Games

Sultan of Persia

Sunset Studio Love on the High Seas 1.00

Superior Save 1.00

Tales of Monkey Island - Launch of the Screaming Narwhal

Tales of Monkey Island - Rise of the Pirate God

Tales of Monkey Island - The Siege of Spinner Cay

Tales of Monkey Island - The Trial and Execution of Guybrush Threepwood

The Clumsys 2 Butterfly Effect 1.00

The Conjurer 1.00

The Dark Hills of Cherai 1.00

The Dream Voyagers 1.00

The Enchanted Kingdom Elisas Adventure 1.00

The Fall Trilogy 1.00

The Jolly Gang's Spooky Adventure .

The Legend Of Sanna .

The Lost Cases of 221B Baker St 1.00

The Lost Cases of Sherlock Holmes 2 1.00

The Lost Inca Prophecy .

The Mirror Mysteries

The Mystery Of The Crystal Portal

The Mystery of the Crystal Portal Beyond the Horizon 1.00

The Mystery of the Crystal Portal 1.00

The Nightshift Code 1.00

The Otherside Realm of Eons 1.10

The Return of Monte Cristo

The Rise of Atlantis 1.00

The Scruffs

The Search for Amelia Earhart 1.00

The Secrets of Da Vinci

The Serpent of Isis

The Tarots Misfortune 1.00

TheTreasuresOfMontezuma2

Three Cards to Deadtime 1.00

Time Machine 1.00

Time Riddles The Mansion 1.00

Torchlight

Townopolis GOLD 1.00

Tradewinds Odyssey 1.00

Trapped The Abduction 1.00

Treasure Seekers - Visions of Gold FINAL 1.00

Treasures of the Far East

Ubisoft Game Launcher

Ultra Video Joiner 5.2.0108

Unexpected Journey 1.00

Valerie Porter And The Scarlet Scandal .

Vampire Saga Pandoras Box 1.00

Vampireville 1.00

VC80CRTRedist - 8.0.50727.4053

VCRedistSetup

Venetica

Veronica Rivers - The Order Of Conspiracy 1.00

Visual C++ 8.0 Runtime Setup Package (x64)

VLC media player 1.0.5

Weatherzone Tracker v2.04

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

WinRAR archiver

Wisegal

Wizard Land

Wolfgang Holbeins The Inquisitor % CompanyName%

X-Change

X-Change 2

X-Change 3

Yin-Yang - X-Change Alternateive

Youda Legend - The Curse of the Amsterdam Diamond 1.00

YouTube Downloader 2.5.3

 

==== Event Viewer Messages From Past Week ========

 

6/04/2010 9:57:09 AM, Error: volmgr [46] - Crash dump initialization failed!

6/04/2010 9:55:21 AM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).

5/04/2010 11:06:27 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

5/04/2010 1:46:04 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.

4/04/2010 1:01:42 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

31/03/2010 9:59:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk MPFP NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr sptd Tcpip tdx Wanarpv6 WfpLwf

31/03/2010 9:59:59 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

31/03/2010 9:59:59 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

31/03/2010 9:59:59 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

31/03/2010 9:59:59 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

31/03/2010 9:59:59 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

31/03/2010 9:59:59 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

31/03/2010 9:59:59 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

31/03/2010 9:59:59 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

31/03/2010 9:59:59 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

31/03/2010 9:59:59 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

31/03/2010 9:59:59 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

31/03/2010 9:59:58 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

31/03/2010 9:59:34 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .

31/03/2010 10:04:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

31/03/2010 10:04:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

31/03/2010 10:02:09 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

31/03/2010 10:00:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

31/03/2010 10:00:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

31/03/2010 10:00:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

31/03/2010 10:00:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

31/03/2010 10:00:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

31/03/2010 10:00:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/04/2010 7:12:00 AM, Error: Service Control Manager [7000] - The McAfee Inc. mferkdk service failed to start due to the following error: The specified procedure could not be found.

 

==== End Of File ===========================

[evilfantasy]

Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and logs posted for each one)

 

* Copy the file path in the below Code box:

C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385   _none_5e6da7259d4ac682\icfupgd.dll

* At the upload site, click once inside the window next to Browse.

* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.

* Next click Submit file

* Your file will possibly be entered into a queue which normally takes less than a minute to clear.

* This will perform a scan across multiple different virus scanning engines.

* Important: Wait for all of the scanning engines to complete.

* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

 

Also scan this file and post the link to the results.

 

C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe   18dc440\icfupgd.dll

[enoskype]

FYI,

 

icfupgd.dll reports as Trojan.BuzusAovd - it is a window file! [sOLVED by db 1408]

 

Cheers.