20 Apr 2011   #11

Windows 7 Ultimate 64 bit

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please post both reports in your next reply (no attachments please).

20 Apr 2011   #12
darren loyden

windows 7 Home Premium 32 bit.

DDS (Ver_11-03-05.01) - NTFSx86
Run by Darren at 13:04:22.40 on 20/04/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3003.1818 [GMT 1:00]
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ 3\program\soffice.exe
C:\Program Files\ 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GR469A~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\darren\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\users\darren\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\ 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone:
Trusted Zone:
Trusted Zone:
Trusted Zone:
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GRA32A~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GR469A~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\users\darren\appdata\local\temp\sas_selfextract\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\users\darren\appdata\local\temp\sas_selfextract\saskutil.sys [2010-5-10 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-2-20 142592]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSr v.exe [2009-3-2 81920]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-20 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-20 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-20 61960]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-2-20 227896]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-2-20 328808]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-1-12 125672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-2-20 13336]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-3-9 366000]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-2-20 174592]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-8 1343400]
=============== Created Last 30 ================
2011-04-19 18:52:40 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-04-19 18:52:40 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-04-19 18:47:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-04-19 18:45:30 -------- d-----w- c:\users\darren\appdata\local\Microsoft Help
2011-04-19 18:39:45 -------- d-----w- c:\users\darren\appdata\local\{B1A4F74C-4668-44F7-BE28-0012032EB9C9}
2011-04-19 16:53:23 -------- d-----w- c:\users\darren\appdata\local\{46F7BE74-6F9E-470D-A47D-1960370430B9}
2011-04-11 10:42:18 -------- d-----w- c:\users\darren\appdata\local\{27F0E6CB-1CE7-4B75-8CE6-C750AA089576}
2011-04-11 09:13:57 -------- d-----w- c:\users\darren\appdata\local\{EE7E03C5-55C0-4828-AFA1-E0023CEAE468}
2011-04-09 17:32:15 -------- d-----w- c:\users\darren\appdata\local\{D5E9809B-8280-45BB-A9DD-DCA842450C65}
2011-04-09 12:37:13 -------- d-----w- c:\users\darren\appdata\local\{8E59E928-9355-4A41-BFD9-186CEE737FAB}
2011-04-05 07:15:03 -------- d-----w- c:\users\darren\appdata\local\{21786894-F745-42FE-B611-ACC627C38E09}
2011-04-04 16:08:17 -------- d-----w- c:\program files\CCleaner
2011-04-04 11:20:06 -------- d-----w- c:\users\darren\appdata\local\{AA2B77FE-3CC7-4008-826B-AD12F808952A}
2011-03-30 21:33:43 -------- d-----w- c:\program files\AutoHotkey
2011-03-29 19:03:36 -------- d-----w- c:\users\darren\appdata\local\{B28E043C-FF49-4EC0-80DF-581F6013358E}
2011-03-27 14:01:31 -------- d-----w- C:\BraCa Soft
2011-03-23 17:10:36 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-03-23 10:37:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
==================== Find3M ====================
2011-03-16 10:31:18 138056 ----a-w- c:\users\darren\appdata\roaming\PnkBstrK.sys
2011-03-16 10:31:04 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-16 10:31:00 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-16 10:30:56 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-03 07:49:02 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-03-03 07:45:02 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2011-02-20 20:39:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-20 12:29:31 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-07 17:45:52 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-07 17:39:02 4166551 ----a-w- c:\windows\system32\ffmpeg.dll
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
============= FINISH: 13:05:20.79 ===============

DDS (Ver_11-03-05.01)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/02/2011 11:57:01
System Uptime: 20/04/2011 12:59:27 (1 hours ago)
Motherboard: Hewlett-Packard | | 3069
Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz | CPU | 1895/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 298 GiB total, 274.779 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP56: 20/04/2011 00:45:21 - test
==== Installed Programs ======================
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Atheros Driver Installation Program
Avira AntiVir Personal - Free Antivirus
Battlefield Heroes
CyberLink YouCam
ERUNT 1.1j
Football Manager 2011
Google Chrome
HP DVD Play 3.7
HP Quick Launch Buttons
HPAsset component for HP Active Support Library
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
LightScribe System Software
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
NVIDIA PhysX v8.09.04
ocr 3.3
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Sandboxie 3.52
Spyware Terminator
Synaptics Pointing Device Driver
Veetle TV 0.9.18
Windows 7 Codec Pack 2.9.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
==== End Of File ===========================
20 Apr 2011   #13

Windows 7 Ultimate 64 bit

Avira (and Windows Defender) malware definitions files are outdated. No surprise, the computer was offline for more than a week.

Let's try scanning your computer using a Avira AntiVir Rescue Disk

Instructions are available at this link:
Avira AntiVir Rescue Disk Download to clean Virus and Malware

If you have any problems running the Avira Rescue Disk, please give F-Secure a try.
Free F-Secure Rescue Bootable CD to Clean Virus and Malware
20 Apr 2011   #14
darren loyden

windows 7 Home Premium 32 bit.

Ok i will follow these steps and report back, downloading the file on another computer now and i will burn to disk. thanks so much for your help thus far.
20 Apr 2011   #15

Windows 7 Ultimate 64 bit

You're welcome.

Keep us posted
20 Apr 2011   #16
darren loyden

windows 7 Home Premium 32 bit.

A quick question, Ive downloaded the ISO, do i need to download both files? ie ISO and SFX? also, once downloaded and extracted to desktop, do i simply burn the folder to disk? thanks and apologies for my lack of ability
20 Apr 2011   #17

Windows 7 Ultimate 64 bit

You only need to download the ISO.

Detailed instructions for burning an ISO in Windows 7 can be found here
Burn Disc Image - ISO or IMG file
20 Apr 2011   #18
darren loyden

windows 7 Home Premium 32 bit.

I've just finished running Avira rescue disk and it has come back with no viruses. The only thing it found where registry files and missing files. Im at a loss with what to do, is a windows reinstall the only option i now have? Thanks!
20 Apr 2011   #19

Windows 7 Professional 64 Bit SP1

Since you seem to have done many advanced virus/malware checks, have you tried this out: SFC /SCANNOW Command - System File Checker ? (option #2 is the most convenient.) I used this a couple of months ago to fix my guest computer's loss of connectivity.

Quote   Quote: Originally Posted by darren loyden View Post
I've just finished running Avira rescue disk and it has come back with no viruses. The only thing it found where registry files and missing files. Im at a loss with what to do, is a windows reinstall the only option i now have? Thanks!
20 Apr 2011   #20

Windows 7 Ultimate 64 bit

Before doing anything else, backup any important files/folders. Don't skip the backup.

As Fayla suggested, you can try sfc /scannow

If that doesn't resolve the issues...

This is what I would try, if it were my computer:

1. I would download SP1 using another computer and save it to a Flash Drive.

2. Uninstall Spyware Terminator, SuperAntispyware and Avira. Disable Windows Defender. This step is to keep those drivers and services from running.

3. Next, I would uninstall all the Windows updates going back to and including SP1.

4. Clean out any temp files (you have ccleaner installed).

5. Disable Windows Firewall.

6. Defrag the hard drive.

7. And as a last step, install SP1 using the Flash Drive (in the hopes that the missing files will be replaced and registry errors repaired).

If this does not work, then you will have to do either a repair install or clean install - so backup anything you care about first!
