Please Check And Advise

[jamesdtpafl]

i have constant issues with the machine reportimg not enough space, or that i do not have admin priivledgles, security center will not start, nor will defender, and new AV software or malware packages will not run/start or install correctly. Also posted is my hijack log

 

additionally a bios hdd password has been installed so i cannot use the recovery partition

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/24/2010 4:58:57 AM

System Uptime: 1/22/2011 11:55:08 AM (1 hours ago)

 

Motherboard: Acer | | JV50

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | U2E1 | 1188/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 233 GiB total, 200.872 GiB free.

D: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Broadcom NetXtreme Gigabit Ethernet

Device ID: PCI\VEN_14E4&DEV_1684&SUBSYS_013C1025&REV_10\4&2B38FC8B&0&00E0

Manufacturer: Broadcom

Name: Broadcom NetXtreme Gigabit Ethernet

PNP Device ID: PCI\VEN_14E4&DEV_1684&SUBSYS_013C1025&REV_10\4&2B38FC8B&0&00E0

Service: b57nd60a

 

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: USB Video Device

Device ID: USB\VID_064E&PID_A103&MI_00\6&E51765B&0&0000

Manufacturer: Microsoft

Name: Video WebCam

PNP Device ID: USB\VID_064E&PID_A103&MI_00\6&E51765B&0&0000

Service: usbvideo

 

Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318}

Description: Agere Systems HDA Modem

Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_11C10001&REV_1002\4&CD161C3&0&0101

Manufacturer: Agere

Name: Agere Systems HDA Modem

PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_11C10001&REV_1002\4&CD161C3&0&0101

Service: Modem

 

==== System Restore Points ===================

 

RP23: 12/2/2010 8:49:35 AM - Installed Kaspersky Anti-Virus 2011.

RP24: 12/2/2010 8:51:06 AM - Installed Kaspersky Anti-Virus 2011.

RP20: 12/2/2010 10:31:23 AM - Installed Kaspersky Anti-Virus 2011.

RP20: 12/4/2010 1:49:37 PM - Installed Microsoft Visual C++ 2005 Redistributable

RP21: 12/4/2010 1:50:35 PM - Installed BlackBerry USB and Modem Drivers.

RP20: 1/1/2011 8:32:32 PM - Removed ATI Stream SDK v2 Developer

RP20: 1/2/2011 5:29:48 PM - IObit Uninstaller RestorePoint

RP21: 1/2/2011 5:33:36 PM - IObit Uninstaller RestorePoint

RP20: 1/6/2011 5:51:26 PM - Advanced SystemCare RestorePoint

RP22: 1/15/2011 2:24:40 PM - Advanced SystemCare RestorePoint

RP20: 1/16/2011 4:28:55 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.

RP21: 1/16/2011 4:30:22 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.

RP22: 1/16/2011 5:58:08 AM - Configured YouCam

RP23: 1/16/2011 5:59:17 AM - Removed VC80CRTRedist - 8.0.50727.4053

RP24: 1/16/2011 5:59:52 AM - Removed Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

RP20: 1/19/2011 6:52:44 AM - Advanced SystemCare RestorePoint

 

==== Installed Programs ======================

 

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.3

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help English

CyberLink YouCam

Java Auto Updater

Java 6 Update 20

K-Lite Mega Codec Pack 6.1.0

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Nero 8 Micro

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

VC80CRTRedist - 8.0.50727.4053

 

==== Event Viewer Messages From Past Week ========

 

1/22/2011 9:50:39 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 24 time(s).

1/22/2011 9:50:25 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 23 time(s).

1/22/2011 9:50:16 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 22 time(s).

1/22/2011 9:50:14 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 21 time(s).

1/22/2011 9:50:12 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 20 time(s).

1/22/2011 9:50:06 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 19 time(s).

1/22/2011 9:48:14 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 18 time(s).

1/22/2011 9:48:04 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 17 time(s).

1/22/2011 9:48:03 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s).

1/22/2011 9:44:08 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).

1/22/2011 9:44:07 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).

1/22/2011 9:43:57 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).

1/22/2011 9:43:56 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).

1/22/2011 9:15:45 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).

1/22/2011 9:11:23 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).

1/22/2011 9:07:27 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).

1/22/2011 9:07:23 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).

1/22/2011 9:04:55 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).

1/22/2011 8:47:10 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.

1/22/2011 8:33:23 AM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-Diagnostics-Networking/Operational.

1/22/2011 8:01:12 AM, Error: Service Control Manager [7034] - The Software Protection service terminated unexpectedly. It has done this 3 time(s).

1/22/2011 7:58:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Software Protection service, but this action failed with the following error: An instance of the service is already running.

1/22/2011 7:53:25 AM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/22/2011 7:53:09 AM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/22/2011 7:28:13 AM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-Audio/Operational.

1/22/2011 7:28:13 AM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-Audio/CaptureMonitor.

1/22/2011 7:25:35 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DisplayName with the following error: Insufficient system resources exist to complete the requested service.

1/22/2011 12:38:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).

1/22/2011 12:38:29 PM, Error: Service Control Manager [7023] - The Windows Search service terminated with the following error: The system cannot find the path specified.

1/22/2011 12:04:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).

1/22/2011 12:04:14 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-NetworkLocationWizard/Operational.

1/22/2011 11:58:22 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147024784

1/22/2011 11:57:54 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).

1/22/2011 11:57:32 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).

1/22/2011 11:57:01 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

1/22/2011 11:56:30 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

1/22/2011 11:55:46 AM, Error: Microsoft-Windows-TaskScheduler [701] - Task Scheduler service failed to start Task Compatibility module. Tasks may not be able to register on previous Window versions. Additional Data: Error Value: 2147942512.

1/22/2011 11:55:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8003d02cd0, 0xfffff80003fe24d8, 0xfffffa80040e1b40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012211-27175-01.

1/22/2011 11:55:27 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

1/22/2011 11:55:27 AM, Error: atikmdag [43029] - Display is not active

1/22/2011 11:13:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sppuinotify service.

1/22/2011 10:42:48 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

1/22/2011 10:41:48 AM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-International/Operational.

1/22/2011 10:41:06 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: There is not enough space on the disk.

1/22/2011 10:41:06 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: There is not enough space on the disk.

1/22/2011 10:41:06 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070070.

1/22/2011 10:40:59 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 37 time(s).

1/22/2011 10:40:28 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 36 time(s).

1/22/2011 10:38:56 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 35 time(s).

1/22/2011 10:28:31 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 34 time(s).

1/22/2011 10:28:23 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 33 time(s).

1/22/2011 10:28:21 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 32 time(s).

1/22/2011 10:27:00 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 31 time(s).

1/22/2011 10:26:47 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 30 time(s).

1/22/2011 10:26:44 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 29 time(s).

1/22/2011 10:26:25 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 28 time(s).

1/22/2011 10:25:41 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 27 time(s).

1/22/2011 10:24:15 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 26 time(s).

1/22/2011 10:23:25 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 25 time(s).

1/21/2011 2:19:11 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{AACBE400-25E0-4550-A1C6-CA42AD229D8D} because another computer on the network has the same name. The server could not start.

1/20/2011 12:06:18 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

1/20/2011 11:24:58 AM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.11.160. The computer with the IP address 192.168.3.138 did not allow the name to be claimed by this computer.

1/20/2011 1:44:41 AM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

1/20/2011 1:14:00 AM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.11.160. The computer with the IP address 192.168.3.138 did not allow the name to be claimed by this computer.

1/19/2011 7:24:44 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.11.160. The computer with the IP address 192.168.15.123 did not allow the name to be claimed by this computer.

1/19/2011 7:24:44 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.11.160. The computer with the IP address 192.168.15.123 did not allow the name to be claimed by this computer.

1/19/2011 7:07:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.

1/19/2011 6:52:56 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

1/19/2011 6:47:10 AM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-Kernel-EventTracing/Admin.

1/19/2011 6:23:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14329] - Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x800705aa'. If possible, reinstall Windows Media Player.

1/19/2011 6:22:59 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

1/15/2011 5:29:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8003d13e30, 0xfffff80003fe74d8, 0xfffffa80043691a0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011511-26941-01.

1/15/2011 4:48:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.

1/15/2011 3:53:35 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 39 time(s).

1/15/2011 3:53:27 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 38 time(s).

1/15/2011 3:16:41 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s).

1/15/2011 2:41:37 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational.

1/15/2011 2:25:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 40 time(s).

1/15/2011 2:16:35 PM, Error: Service Control Manager [7023] - The Block Level Backup Engine Service service terminated with the following error: %%-2147024784

 

==== End Of File ===========================

 

 

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Owner at 12:38:11.19 on Sat 01/22/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4091.2544 [GMT -5:00]

 

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\slui.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Owner\Downloads\Vuze_Installer.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Owner\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

mRun: [iObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

 

============= SERVICES / DRIVERS ===============

 

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]

S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2009-8-18 6037504]

S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-23 287232]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

 

=============== Created Last 30 ================

 

2011-01-13 07:10:14 -------- d-----w- C:\Program Files\ATI Technologies

2011-01-10 02:04:32 -------- d-----w- C:\Program Files (x86)\Wise PC Engineer

2011-01-10 01:44:47 -------- dc----w- C:\Users\Owner\AppData\Local\MigWiz

2011-01-09 23:31:05 -------- d-----w- C:\Program Files (x86)\Wise Registry Cleaner

2011-01-09 22:49:27 65072 ----a-w- C:\Windows\System32\drivers\TfFsMon.sys

2011-01-09 22:49:27 59880 ----a-w- C:\Windows\System32\drivers\TfSysMon.sys

2011-01-09 22:49:27 41888 ----a-w- C:\Windows\System32\drivers\TfNetMon.sys

2011-01-09 22:49:25 -------- d-----w- C:\Program Files (x86)\ThreatFire

2011-01-09 22:49:25 -------- d-----w- C:\PROGRA~3\PC Tools

2011-01-09 12:04:42 -------- d-----w- C:\Users\Owner\AppData\Roaming\ErrorTeck

2011-01-09 12:04:37 -------- d--h--w- C:\Windows\PIF

2011-01-09 12:04:36 -------- d-----w- C:\Program Files (x86)\ErrorTeck

2011-01-09 11:13:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\Uniblue

2011-01-09 11:13:00 -------- d-----w- C:\Program Files (x86)\Uniblue

2011-01-08 03:18:06 -------- d-----w- C:\MGADiagToolOutput

2011-01-03 07:43:29 -------- d-----w- C:\Users\Owner\AppData\Local\DeskShare

2011-01-03 07:41:57 -------- d-----w- C:\PROGRA~3\firebird

2011-01-03 07:41:47 -------- d-----w- C:\PROGRA~3\Deskshare

2011-01-03 07:41:38 -------- d-----w- C:\Windows\XSxS

2011-01-03 07:41:38 -------- d-----w- C:\Users\Owner\AppData\Local\Xenocode

2011-01-03 07:41:38 -------- d-----w- C:\Program Files (x86)\Xenocode

2011-01-03 04:29:24 -------- d-----w- C:\Users\Owner\AppData\Roaming\ManyCam

2011-01-03 04:21:02 -------- d-----w- C:\PROGRA~3\wskrnl

2011-01-03 04:18:16 1257472 ----a-w- C:\Windows\SysWow64\actmon.exe

2011-01-03 04:18:04 -------- d-----w- C:\PROGRA~3\srvprc

2011-01-03 04:13:14 6144 ----a-w- C:\temp\pchook.dll

2011-01-03 04:13:14 50688 ----a-w- C:\temp\pwdcrack.exe

2011-01-03 04:13:00 -------- d-----w- C:\temp

2011-01-03 03:08:12 3 ----a-w- C:\Windows\client.dll

2011-01-03 03:08:12 19 ----a-w- C:\Windows\MCLDR.dll

2011-01-02 22:40:00 118784 ----a-w- C:\Windows\svrfont.exe

2011-01-02 22:20:28 -------- d-----w- C:\Program Files (x86)\NetServices

2011-01-02 22:19:54 -------- d-----w- C:\Program Files (x86)\Accessories

2011-01-02 21:37:10 152848 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX

2011-01-02 21:37:10 1081616 ----a-w- C:\Windows\SysWow64\Mscomctl.ocx

2011-01-02 21:37:10 -------- d-----w- C:\Program Files (x86)\Common Files\Deskshare Shared

2011-01-02 21:37:09 -------- d-----w- C:\Program Files (x86)\Deskshare

2010-12-30 07:07:05 428352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\StubInstaller.exe

 

==================== Find3M ====================

 

2010-11-29 22:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-11-26 21:04:10 455680 ----a-w- C:\Windows\System32\deployJava1.dll

2010-11-26 21:03:24 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-11-24 12:54:28 0 ----a-w- C:\Windows\ativpsrm.bin

2010-11-03 00:33:34 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl

2010-11-03 00:33:22 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll

2010-11-03 00:33:22 2096232 ----a-w- C:\Windows\System32\RtPgEx64.dll

2010-11-03 00:33:10 2536040 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2010-11-03 00:33:00 618600 ----a-w- C:\Windows\System32\RtkApi64.dll

2010-11-03 00:33:00 2654824 ----a-w- C:\Windows\System32\RtkAPO64.dll

2010-11-03 00:33:00 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll

2010-10-29 15:05:34 118464 ----a-w- C:\Windows\System32\SFSS_APO.dll

2010-10-28 15:46:00 1251944 ----a-w- C:\Windows\RtlExUpd.dll

2010-10-27 02:55:30 143360 ----a-w- C:\Windows\System32\atiapfxx.exe

2010-10-27 02:55:22 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2010-10-27 02:54:22 645120 ----a-w- C:\Windows\System32\aticfx64.dll

2010-10-27 02:14:58 58880 ----a-w- C:\Windows\System32\coinst.dll

2010-10-27 02:14:42 14848 ----a-w- C:\Windows\System32\atig6pxx.dll

2010-10-27 02:14:40 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2010-10-27 02:14:40 12800 ----a-w- C:\Windows\System32\atiglpxx.dll

2010-10-27 02:14:36 31744 ----a-w- C:\Windows\System32\atig6txx.dll

2010-10-27 02:14:30 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2010-10-27 02:14:22 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2010-10-27 02:13:42 39936 ----a-w- C:\Windows\System32\atiuxp64.dll

2010-10-27 02:13:34 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2010-10-27 02:13:28 37888 ----a-w- C:\Windows\System32\atiu9p64.dll

2010-10-27 02:13:22 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2010-10-26 18:03:04 1937312 ----a-w- C:\Windows\System32\FMAPO64.dll

2010-10-26 14:16:00 1716368 ----a-w- C:\Windows\System32\R4EEP64A.dll

2010-10-26 14:15:58 72336 ----a-w- C:\Windows\System32\R4EEG64A.dll

2010-10-26 14:15:58 419472 ----a-w- C:\Windows\System32\R4EED64A.dll

2010-10-26 14:15:58 125584 ----a-w- C:\Windows\System32\R4EEL64A.dll

2010-10-26 14:15:56 106640 ----a-w- C:\Windows\System32\R4EEA64A.dll

 

============= FINISH: 12:40:08.85 ===============

 

 

IObit Security 360

 

OS:Windows 7

Version:1.5.0.13

Define Version:2406

Time Elapsed:00:10:07

Objects Scanned:67198

Threats Found:2

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:owner@imrworldwide.com/cgi-bin, 7-1507

Tracking Cookies, Cookies, Cookie:owner@quantserve.com/, 7-2072

 

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 9:15:30, on 2011-1-22

 

Running processes:

C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\IObit\IObit Security 360\a_hijackscan.exe

 

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_20 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O23 - Service: AMD External Events Utility (AMD External Events Utility) - Unknown -

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -

O23 - Service: Diagnostic Policy Service (DPS) - Unknown -

O23 - Service: Group Policy Client (gpsvc) - Unknown -

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -

O23 - Service: Security Accounts Manager (SamSs) - Unknown -

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -

O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -

O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

 

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

Wise Registry Cleaner

 

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

 

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

 

Further reading: XP Fixes Myth #1: Registry Cleaners

************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*****************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.