Security > Analysis and Malware Removal
"GFI Software Anti MalWare Service has stopped working"
Sojourner:
Only I don't have anything from GFI installed!
Running Vista with all current updates; AVG; AdAware; no firewall. It's a desktop with 6GB RAM and a terabyte HD.
Recently I installed SeaMonkey (since removed), some games off GoG.com (a paid game provider sort of like Steam, only without the overlord approach), Thunderbird, and possibly one other app (legit) that I can't recall off the top of my head. Also the update from AVG 2011 to 2012, and I accidentally got the 30-day "free trial" version instead of the "free" version (VERY annoying!). Also updated AdAware. I can't think of anything else new I've added to the computer. I removed all old versions of JAVA and installed the new versions (both 32 and 64 bit as I have apps that need each). To the best of my knowledge I deselected any leechware that was attached to anything I installed. (I define leechware to include anything packaged with legit software that isn't actually part of that software - stuff like versions of virus scanners like McAfree, all those toolbar thingies, stuff that wants to change your default search engine - even if it comes from a legit source, if its not part of what I'm installing its leechware)
There was some kind of registry checking software that ended up on my desktop, I only noticed it when I accidentally clicked on it and opened it and it started running. That did say GFI on it but I cancelled it as soon as it started running and immediately went to the Add/Remove programs thing (whatever they call it under Vista) and uninstalled it. However I continue to get these "GFI failed" messages.
There's nothing in the processes list of the task manager labeled GFI. I was getting these failure messages before uninstalling the registry checker labeled GFI but only rarely and it was not affecting the actual operation of the PC. Now the system boots noticeably more slowly, things hang, I can't keep an internet connection for more than a few minutes (when checked with the Windows repair utility it tells me there's nothing wrong yet I can't get out on it). After about 5 or 10 minutes, I get the GFI FAILED notification, the internet is fried at that point, but as long as I stay off the internet things seem to be OK. Dropbox still seems to work; but my MOG app (internet Radio) fails, Spotify (another internet radio) seems to work at least for awhile, and if it was started before the crash, uTorrent can download a file (I have not been downloading torrents nor have I opened a file downloaded in this way but I did run that just to check since Dropbox seems unaffected). Both Chrome and Firefox seem to be blocked however. (I have Ghostery, BetterPrivacy, and Adaware installed).
At first I assumed GFI had come as leechware with one of my recent legit software installations but looking around their website I didn't see any signs of a stand-alone registry checker, and their only "free trial" version is a business version - not the kind of thing I would expect to be leeched to any home software. Plus if it were legit, uninstalling should have taken care of the problem. Instead it seems to have made it much, much worse.
I did a full scan of all files with both AdAware and AVG - AdAware found a few tracking things, AVG found 8 more. All have been removed. I set AVG to do a rootkit scan but I don't remember how to trigger the scan on boot. Both AdAware and AVG are showing the system clean at this point.
The last time I had malware that nobody else had heard of, folks here knew what it was and how to get rid of it. I'm hoping somebody here will have some helpful ideas this time too.
Thanks.
EDIT: I remember the other app I installed - DROPBOX!
Sojourner:
Further information : I have contacted GFI software and the person with whom I spoke states that this is not a GFI product, that none of their evaluation software is being leeched to their knowledge, and that none of their software performs any registry checking whatsoever.
So it's looking like it's malware masquerading as a GFI product.
Corrine:
Hi, Sojourner.
Thank you for the excellent description of the problem. In order to determine if we are able to assist, please provide the requested logs as indicated in the Log Posting Instructions topic.
Thank you.
Sojourner:
OK first here is DDS.TXT
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by Sojourner at 13:46:33 on 2012-06-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.4505 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Sojourner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Utilities\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\PROGRA~2\UTILIT~1\AD-AWA~1\AdAware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Utilities\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.dell.com
uStart Page = hxxp://www.dell.com
mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d6a4} - mscoree.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [MUpdates] C:\Users\Sojourner\AppData\Roaming\MCommon\MUpdates_new.exe
uRun: [Spotify Web Helper] "C:\Users\Sojourner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\Media\Quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Utilities\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: C:\Users\SOJOUR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sojourner\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B1AC72A0-692E-4DBD-B6BD-83266810345A} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d6a4} - mscoree.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\Media\Quicktime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Utilities\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sojourner\AppData\Roaming\Mozilla\Firefox\Profiles\6ae0q1en.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://www.kingarthurflour.com/customerservice/promotions.html|http://www.jigidi.com/login.php|http://www.jigzone.com/|http://www.allexperts.com/expertx.cgi
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Media\Quicktime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\Media\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\Media\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\Media\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\Media\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Media\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\Media\Quicktime\Plugins\npqtplugin7.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Utilities\VLC\npvlc.dll
FF - plugin: C:\Program Files\Utilities\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Utilities\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Utilities\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2011-6-17 25832]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys --> C:\Windows\system32\DRIVERS\point64k.sys [?]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys --> C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-11 88576]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-5-13 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2012-06-14 16:31:33 -------- d-----w- C:\Users\Sojourner\AppData\Local\Thunderbird
2012-06-14 05:23:15 -------- d-----w- C:\Users\Sojourner\AppData\Roaming\Nico Mak Computing
2012-06-14 05:23:12 18760 ----a-w- C:\Windows\System32\roboot64.exe
2012-06-14 05:23:08 -------- d-----w- C:\Program Files (x86)\WinZip Registry Optimizer
2012-06-14 05:20:38 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 05:20:36 2767360 ----a-w- C:\Windows\System32\win32k.sys
2012-06-11 10:04:42 -------- d-----w- C:\Program Files (x86)\Dropbox
2012-06-09 16:21:53 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-06-08 07:40:49 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-06-08 07:39:58 129144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-08 06:27:24 -------- d-----w- C:\Users\Sojourner\AppData\Local\adawarebp
2012-06-07 14:53:46 -------- d-----w- C:\Users\Sojourner\AppData\Local\adaware
2012-06-07 14:53:31 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-06-07 14:53:09 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-06-07 14:53:09 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-06-07 14:53:08 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-06-07 14:51:04 -------- d-----w- C:\Users\Sojourner\AppData\Roaming\Ad-Aware Antivirus
2012-06-06 08:56:56 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-03 07:07:03 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-31 09:39:10 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-06-08 07:39:41 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-06-08 07:39:41 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-06 08:56:32 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-03 07:06:25 687560 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-31 09:39:10 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-19 09:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
.
============= FINISH: 13:46:56.88 ===============
Sojourner:
Now here is ATTACH.TXT
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/12/2011 11:18:19 AM
System Uptime: 6/15/2012 1:14:53 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0R849J
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 242.664 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7.609 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP365: 5/24/2012 12:00:02 AM - Scheduled Checkpoint
RP366: 5/30/2012 12:40:13 AM - Scheduled Checkpoint
RP367: 5/31/2012 1:33:31 AM - Scheduled Checkpoint
RP368: 6/1/2012 10:59:23 AM - Scheduled Checkpoint
RP369: 6/2/2012 4:37:28 AM - Scheduled Checkpoint
RP370: 6/3/2012 - Scheduled Checkpoint
RP371: 6/3/2012 2:56:42 AM - Removed Java(TM) 6 Update 22
RP372: 6/3/2012 2:57:11 AM - Removed Java(TM) 6 Update 29
RP373: 6/3/2012 2:57:57 AM - Removed Java(TM) 6 Update 31 (64-bit)
RP374: 6/3/2012 3:06:12 AM - Installed Java(TM) 7 Update 4
RP375: 6/4/2012 12:36:46 PM - Scheduled Checkpoint
RP376: 6/5/2012 2:36:43 PM - Scheduled Checkpoint
RP377: 6/6/2012 4:56:02 AM - Installed Java(TM) 7 Update 4 (64-bit)
RP378: 6/7/2012 2:50:54 AM - Windows Update
RP379: 6/7/2012 10:48:23 AM - Removed Ad-Aware
RP380: 6/7/2012 10:53:11 AM - Device Driver Package Install: GFI Software Network Service
RP381: 6/8/2012 6:19:23 AM - Scheduled Checkpoint
RP382: 6/9/2012 12:00:01 AM - Scheduled Checkpoint
RP383: 6/9/2012 12:21:20 PM - Windows Update
RP384: 6/9/2012 3:33:17 PM - Windows Update
RP385: 6/14/2012 2:04:40 AM - Scheduled Checkpoint
RP386: 6/14/2012 8:35:17 AM - Windows Update
RP387: 6/14/2012 9:59:15 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
AbiWord 2.8.6
ActiveState ActivePython 2.7.2.5 (32-bit)
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
Aquaria
ATI Catalyst Control Center
Avadon: The Black Fortress
Avidemux 2.5
Baldur's Gate(TM) II - Shadows of Amn(TM) Bonus CD
Baldur's Gate(TM) II - Throne of Bhaal (TM)
Banctec Service Agreement
Bastion
Bejeweled Deluxe
BitPim 1.0.7
calibre
Canon MP Navigator EX 2.1
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Desktop Icon Position Saver (64-bit)
Dragon Age II
Dragon Age: Origins
Dragon Age: Origins - Awakening
Dragonsphere
Dropbox
Dungeon Defenders
Equalify v2.1.2 (admin setup)
Europa Universalis III
gImageReader
GIMP 2.6.11
Google Book Downloader
Google Chrome
Guild Wars
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Indeo® Software
Indiana Jones and the Fate of Atlantis
Indiana Jones and the Last Crusade
Java Auto Updater
Java(TM) 7 Update 4
King's Bounty: Armored Princess
King's Bounty: Crossworlds
King's Bounty: The Legend
Loom
Lugaru HD
Lure of the Temptress
Magicka
Malwarebytes' Anti-Malware
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Mobipocket Creator 4.2
MOG
Monkey Island 2: Special Edition
Mount & Blade
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird 13.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
Oblivion mod manager 1.1.12
OpenOffice.org 3.3
PDF ePub DRM Removal
Pidgin
Planescape Torment
Psychonauts
Python 2.7 pycrypto-2.3
Quest for Glory II: Trial by Fire (2.0)
Quest for Glory Pack
QuickTime
Real Myst
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recettear: An Item Shop's Tale
Riven
Runes of Magic
Sacred Gold
Sam & Max 101: Culture Shock
Sam & Max 102: Situation: Comedy
Sam & Max 103: The Mole, the Mob and the Meatball
Sam & Max 104: Abe Lincoln Must Die!
Sam & Max 105: Reality 2.0
Sam & Max 106: Bright Side of the Moon
Sam & Max 201: Ice Station Santa
Sam & Max 202: Moai Better Blues
Sam & Max 203: Night of the Raving Dead
Sam & Max 204: Chariots of the Dogs
Sam & Max 205: What's New Beelzebub?
Sam & Max 301: The Penal Zone
Sam & Max 302: The Tomb of Sammun-Mak
Sam & Max 303: They Stole Max's Brain!
Sam & Max 304: Beyond the Alley of the Dolls
Sam & Max 305: The City that Dares not Sleep
Samorost 2
Samsung PC Studio 3 USB Driver Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Segoe UI
Sid Meier's Civilization III: Complete
Sid Meier's Civilization IV
Sid Meier's Civilization V
Sid Meier's Civilization V SDK
SimpleOCR 3.1
Skins
SpeedFan (remove only)
Spotify
Steam
StreamTransport version: 1.0.2.2171
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay
Tales of Monkey Island: Chapter 3 - Lair of the Leviathan
Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood
Tales of Monkey Island: Chapter 5 - Rise of the Pirate God
Tesseract-OCR 3.01 - open source OCR engine
The Dig
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
The Longest Journey
The Secret of Monkey Island: Special Edition
The Whispered World
The Witcher 2
The Witcher 2: Bonus Content
The Witcher: Enhanced Edition
Titan Quest
Titan Quest: Immortal Throne
Torchlight
TRAUMA
Treasure Adventure Game
Trine
Ultima 4 - Quest of the Avatar
Unofficial Oblivion Patch v3.2.0
Unofficial Official Mods Patch v15
Unofficial Shivering Isles Patch v1.4.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
X3: Reunion
.
==== Event Viewer Messages From Past Week ========
.
6/15/2012 7:26:57 AM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s).
6/15/2012 1:11:36 AM, Error: EventLog [6008] - The previous system shutdown at 1:09:38 AM on 6/15/2012 was unexpected.
6/14/2012 10:06:34 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
6/14/2012 1:09:13 AM, Error: EventLog [6008] - The previous system shutdown at 1:07:16 AM on 6/14/2012 was unexpected.
6/11/2012 4:06:41 PM, Error: EventLog [6008] - The previous system shutdown at 4:04:56 PM on 6/11/2012 was unexpected.
.
==== End Of File ===========================
Navigation
[0] Message Index
[#] Next page
Go to full version