Random Playing Of Unknown Audio Files Virus While Using the Internet + HiJackThis Not Working Properly + System Restore Error!

Virus & Spyware

Virus & Spyware
Perspectives on PC security, including antivirus, anti-spyware and firewall solutions.

Random Playing Of Unknown Audio Files Virus While Using the Internet + HiJackThis Not Working Properly + System Restore Error!

This question is not answered

My computer is a giant mess as of today. I am very frustrated.

So, first, it was just this strange virus that popped out of seemingly nowhere! I was surfing the Internet when random audio started playing! They almost sounded like commercials or recordings. They play randomly and for no reason. I think it's a some type of malware that is hidden within a windows process because I can't find it when I look in the task manager, but when it plays, my CPU  usage goes up about 10%.  I tried running Avira, MalwareBytes Anti-Spyware and Super Anti Spyware. It found nothing. I'm not sure when this problem started because normally I have my volume on mute.

So, then I thought I tried to get a HiJackThis log, but when I ran it, it gave me an error saying it couldn't get into my host files. And when it was done scanning, the notepad log that popped up was empty! I had followed the instructions perfectly!

And so, I thought I should just give it a shot and try system restore, but it will only allow me to do a restore for today. If I try other days, it will not complete successfully. I got an error that some of my files are corrupted. I can't figure out what's wrong!

 

All Replies
  • I am surfing the internet as of now and all seems quiet, but I did do a system restore today. It only removed HiJackThis though, so I doubt it resolved the problem.

  • Apparently, my friends and family members who have owned a Dell Inspiron E1505 have all had problems with the hard drive failing. My computer is 3 years old and I thought I took pretty good care of it, but who knows.

  • Hi S.C. Smile

    Your symptoms in your first post don't sound good. To be honest, you may have a Master Boot Record rootkit on there. Have you had any other symptoms of malware such as redirects? My advice is to keep an eye on things. If you get any other symptoms, post a note on the Malware Removal Forum.


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • Hey, BugBatter!

    I haven't spoken to you in ages! I doubt you remember me! I used to visit this forum ALL the time. I think you even referred me to a site called CastleCops, if I'm correct? How are you doing?Maybe I should try to relearn that HiJackThis, eh?

    No, I haven't had any redirects, as far as I know. It's making me nervous. I was planning on buying a new computer soon, but I'm out of a job right now until school starts again, so this isn't the best time. What kind of symptoms should I be looking for?

  • Of course I remember you. Smile  You won't see all the components of that rootkit in HijackThis. You would be experiencing advertisements with sound, maybe redirects, and a few others that show up in specialized scans.  If that's it, it can be fixed. Three years isn't an extremely old computer.


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • Whatever happened to CasleCops? I googled it and it said it was closed.

     

    No redirects as of yet, but I have experienced another odd audio recording thing. It is incredibly annoying.

  • CastleCops closed in December 2008 when its owner took a position at Microsoft. Many of the former staff at CastleCops are now at SpywareHammer, a site that opened in September 2008.

    http://www.geek.com/articles/microsoft/castlecops-paul-laudanski-accepts-job-at-microsoft-20080613/


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • I'm still getting the random audio files. I just got 2. About 1 minute apart. I wish I knew what to do about it.

    So, Is Spywarehammer the same kind of site?? I might join it then.

  • Yes, SpywareHammer is similar to CastleCops. I suggest posting a log on the MalwareRemoval Forum here. Perhaps one of the helpers can assist you in finding out what the problem is.


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • It wouldn't let hiJackthis run, remember? That's part of my problem. It couldn't access the host files and when it finished, the notepad log that popped p was empty. 

  • So, I thought maybe it was a bug in firefox, so I re-downloaded  it. And still, the audio files play. But when I'm using Safari, it has been quiet. 

     

    So, I tried HiJackThis one more time and it still said it couldn't access  the host files and once it finished, it told me it couldn't find the HiJackThis log file. 

  • We can't see prior posts (except the last one) when we reply here, so I was not able to go back to your first post with symptoms without flipping pages. See if you can run DDS instead of HJT.

    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.
    • Click Yes at the prompt for Optional Scan.
    • When done, DDS will open two (2) logs

    1. DDS.txt
    2. Attach.txt

    • Save both reports to your desktop.
    • Copy/paste both logs to your post on the forum. Do not attach them.
    • Close the program window, and delete the program from your desktop.

    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • Just a thought....

    Are you by any chance using Vista? The User Account Control protects the HOSTS file on Vista.  Also make sure you are not having Spybot or another security program lock your HOSTS file so that it cannot be accessed/changed.


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • Okay, BugBatter. I saved the logs to my desktop. It ran fine. Here are the logs. This is the first one:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/18/2010 6:47:28 PM
    System Uptime: 7/29/2010 12:56:18 PM (3 hours ago)

    Motherboard: Dell Inc. |  | 0KD882
    Processor: Genuine Intel(R) CPU           T2080  @ 1.73GHz | Microprocessor | 1733/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 74 GiB total, 54.642 GiB free.
    D: is CDROM ()
    F: is FIXED (FAT32) - 298 GiB total, 286.905 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP60: 7/13/2010 7:50:48 PM - Installed DirectX
    RP61: 7/14/2010 11:54:54 PM - Windows Update
    RP62: 7/22/2010 5:19:09 PM - Scheduled Checkpoint
    RP63: 7/27/2010 8:54:23 PM - Installed HiJackThis
    RP64: 7/27/2010 9:07:23 PM - Restore Operation
    RP65: 7/27/2010 9:12:58 PM - Installed HiJackThis
    RP66: 7/27/2010 9:19:19 PM - Restore Operation
    RP67: 7/29/2010 1:52:54 PM - Installed HiJackThis

    ==== Installed Programs ======================

    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.3.3
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Bonjour
    Comodo HopSurf
    COMODO Internet Security
    COMODO livePCsupport
    Digsby
    Google Update Helper
    HiJackThis
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    LogiPTC Toolbar
    Malwarebytes' Anti-Malware
    Microangelo Toolset 6
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MobileMe Control Panel
    Mozilla Firefox (3.6.8)
    MSVCRT
    My.Freeze.com Toolbar (Remove Toolbar Only)
    PDF Settings CS5
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    RICOH R5U8xx Media Driver ver.3.62.02
    Safari
    Samsung Master
    Samsung USB Driver
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB980376)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB982135)
    SUPERAntiSpyware
    TeamViewer 5
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb2202131)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    WinPatrol
    Yahoo! Install Manager
    Yahoo! Widgets

    ==== Event Viewer Messages From Past Week ========

    7/29/2010 2:07:24 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user Steph-PC\Steph SID (S-1-5-21-1618236451-3443550869-734106329-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/28/2010 7:10:29 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
    7/28/2010 7:00:25 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    7/27/2010 9:30:07 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.
    7/27/2010 9:18:36 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.
    7/27/2010 8:35:56 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
    7/27/2010 8:35:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/27/2010 8:35:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/27/2010 8:35:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    7/27/2010 8:35:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/27/2010 8:35:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/27/2010 8:35:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/27/2010 8:35:36 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD avipbb cmdGuard cmdHlp CSC DfsC discache inspect NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr ssmdrv tdx vwififlt Wanarpv6 WfpLwf
    7/27/2010 8:35:34 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
    7/27/2010 8:35:34 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
    7/27/2010 8:35:34 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
    7/27/2010 8:35:34 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
    7/27/2010 8:35:34 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
    7/27/2010 8:35:34 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
    7/27/2010 8:35:34 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
    7/27/2010 8:35:34 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
    7/27/2010 8:35:34 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
    7/27/2010 8:35:34 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
    7/25/2010 10:57:26 PM, Error: Service Control Manager [7023]  - The SPP Notification Service service terminated with the following error:  Access is denied.
    7/22/2010 6:04:14 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer5 service.

    ==== End Of File ===========================

     

     

  • And the second one. Sorry, it wouldn't post both of them at once.


    DDS (Ver_10-03-17.01) - NTFSx86 
    Run by Steph at 15:58:05.56 on Thu 07/29/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.1526.651 [GMT -4:00]

    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\StikyNot.exe
    F:\Program Files\ObjectDock\ObjectDock.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Users\Steph\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: LogiPTC Toolbar: {2e07b018-9dae-4adc-83d2-c2543b1998eb} - c:\program files\logiptc\tbLogi.dll
    mURLSearchHooks: LogiPTC Toolbar: {2e07b018-9dae-4adc-83d2-c2543b1998eb} - c:\program files\logiptc\tbLogi.dll
    BHO: My.Freeze.com Toolbar: {0bd6f992-62ad-47f7-aca6-299729be4e2b} - c:\program files\myfreezetoolbar\myfreezedx.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: LogiPTC Toolbar: {2e07b018-9dae-4adc-83d2-c2543b1998eb} - c:\program files\logiptc\tbLogi.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Updater For My.Freeze.com Toolbar: {c26cd490-5f01-41e3-b150-eb29f19da056} - c:\program files\myfreezetoolbar\auxi\myfreezetoolbAu.dll
    BHO: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: LogiPTC Toolbar: {2e07b018-9dae-4adc-83d2-c2543b1998eb} - c:\program files\logiptc\tbLogi.dll
    TB: HopSurf toolbar: {e9fab13d-4600-49e1-90d1-ee961c859d39} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
    TB: My.Freeze.com Toolbar: {0bd6f992-62ad-47f7-aca6-299729be4e2b} - c:\program files\myfreezetoolbar\myfreezedx.dll
    uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
    uRun: [Yahoo! Widgets] f:\program files\yahoo!\widgets\YahooWidgets.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    StartupFolder: c:\users\steph\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - f:\program files\objectdock\ObjectDock.exe
    StartupFolder: c:\users\steph\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - e:\program files\yahoo!\widgets\YahooWidgets.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    AppInit_DLLs:  c:\windows\system32\guard32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\steph\appdata\roaming\mozilla\firefox\profiles\kw7hq2ty.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2532785&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - LogiPTC Customized Web Search
    FF - component: c:\users\steph\appdata\roaming\mozilla\firefox\profiles\kw7hq2ty.default\extensions\{2e07b018-9dae-4adc-83d2-c2543b1998eb}\components\FFExternalAlert.dll
    FF - component: c:\users\steph\appdata\roaming\mozilla\firefox\profiles\kw7hq2ty.default\extensions\{2e07b018-9dae-4adc-83d2-c2543b1998eb}\components\RadioWMPCore.dll
    FF - component: c:\users\steph\appdata\roaming\mozilla\firefox\profiles\kw7hq2ty.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
    FF - component: c:\users\steph\appdata\roaming\mozilla\firefox\profiles\kw7hq2ty.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type",                  5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 224240]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 30112]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-30 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-30 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-30 60936]
    R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
    R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-7 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-18 1343400]

    =============== Created Last 30 ================

    2010-07-28 01:33:27    65536    --sha-w-    c:\users\steph\ntuser.dat{6fcbd2f5-99e7-11df-9c56-0019b96d560c}.TM.blf
    2010-07-28 01:33:27    524288    --sha-w-    c:\users\steph\ntuser.dat{6fcbd2f5-99e7-11df-9c56-0019b96d560c}.TMContainer00000000000000000002.regtrans-ms
    2010-07-28 01:33:27    524288    --sha-w-    c:\users\steph\ntuser.dat{6fcbd2f5-99e7-11df-9c56-0019b96d560c}.TMContainer00000000000000000001.regtrans-ms
    2010-07-28 01:14:24    0    d-----w-    c:\program files\Trend Micro
    2010-07-28 01:10:22    524288    --sha-w-    c:\users\steph\ntuser.dat{adcabb4e-99e1-11df-ae61-0019b96d560c}.TMContainer00000000000000000002.regtrans-ms
    2010-07-28 01:10:22    524288    --sha-w-    c:\users\steph\ntuser.dat{adcabb4e-99e1-11df-ae61-0019b96d560c}.TMContainer00000000000000000001.regtrans-ms
    2010-07-28 01:10:21    65536    --sha-w-    c:\users\steph\ntuser.dat{adcabb4e-99e1-11df-ae61-0019b96d560c}.TM.blf
    2010-07-27 23:17:30    0    d-----w-    c:\users\steph\appdata\roaming\Malwarebytes
    2010-07-27 23:17:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-27 23:17:03    0    d-----w-    c:\programdata\Malwarebytes
    2010-07-27 23:17:02    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2010-07-27 23:17:02    0    d-----w-    c:\program files\Malwarebytes' Anti-Malware
    2010-07-13 23:53:09    0    d-----w-    c:\program files\Microsoft
    2010-07-13 23:52:47    0    d-----w-    c:\program files\Windows Live SkyDrive
    2010-07-13 23:51:19    3426072    ----a-w-    c:\windows\system32\d3dx9_32.dll
    2010-07-13 23:50:27    0    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
    2010-07-13 23:38:37    0    d-----w-    c:\program files\common files\Windows Live
    2010-07-13 11:19:52    292864    ----a-w-    c:\windows\system32\apphelp.dll
    2010-07-07 00:40:10    0    d-----w-    c:\program files\Yahoo!
    2010-07-06 02:14:04    0    d-----w-    c:\users\steph\appdata\roaming\Icons and Cursors
    2010-07-06 02:03:07    0    d-----w-    c:\users\steph\appdata\roaming\GetRightToGo

    ==================== Find3M  ====================

    2010-07-04 13:20:26    91836    ----a-w-    c:\windows\fonts\Movie Filmstrip_1.ttf
    2010-07-04 13:20:26    91836    ----a-w-    c:\windows\fonts\Movie Filmstrip_0.ttf
    2010-07-04 13:20:26    91836    ----a-w-    c:\windows\fonts\Movie Filmstrip.ttf
    2010-06-18 03:46:58    499712    ----a-w-    c:\windows\system32\msvcp71.dll
    2010-06-18 03:46:58    348160    ----a-w-    c:\windows\system32\msvcr71.dll
    2010-06-09 17:06:00    224240    ----a-w-    c:\windows\system32\drivers\cmdGuard.sys
    2010-06-03 14:32:20    278288    ----a-w-    c:\windows\system32\guard32.dll
    2010-06-03 14:32:14    30112    ----a-w-    c:\windows\system32\drivers\cmdhlp.sys
    2010-06-03 14:32:13    16744    ----a-w-    c:\windows\system32\drivers\cmderd.sys
    2010-05-27 07:24:13    34304    ----a-w-    c:\windows\system32\atmlib.dll
    2010-05-27 03:49:37    293888    ----a-w-    c:\windows\system32\atmfd.dll
    2010-05-21 05:18:06    977920    ----a-w-    c:\windows\system32\wininet.dll
    2010-05-18 20:35:16    91424    ----a-w-    c:\windows\system32\dnssd.dll
    2010-05-18 20:35:16    107808    ----a-w-    c:\windows\system32\dns-sd.exe
    2010-05-15 21:45:34    78456    ----a-w-    c:\windows\fonts\Vtks black.ttf
    2010-05-12 15:21:16    221568    ------w-    c:\windows\system32\MpSigStub.exe
    2010-05-12 11:37:04    774736    ----a-w-    c:\windows\fonts\Bandung Hardcore GP.otf
    2010-05-09 09:14:55    641536    ----a-w-    c:\windows\system32\CPFilters.dll
    2010-05-09 09:14:50    417792    ----a-w-    c:\windows\system32\msdri.dll
    2010-05-01 14:49:25    2326528    ----a-w-    c:\windows\system32\win32k.sys
    2009-07-14 04:56:42    31548    ----a-w-    c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42    31548    ----a-w-    c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42    291294    ----a-w-    c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42    291294    ----a-w-    c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57    174    --sha-w-    c:\program files\desktop.ini
    2009-07-14 00:34:40    291294    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40    291294    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38    31548    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38    31548    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35    9633792    --sha-r-    c:\windows\fonts\StaticCache.dat
    2010-04-20 14:11:33    245760    --sha-w-    c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:14:45    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 15:59:29.80 ===============