Jump to content
Sign in to follow this  
jboy_322

Help Please...Computer is acting up (multiple viruses)

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:35:24 PM, on 9/17/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

C:\Users\shawn\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\:filtered:.exe.exe" /runcleanupscript

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://216.220.227.130:8080/plugin/h263ctrl.cab

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: dlcc_device - - C:\Windows\system32\dlcccoms.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe

O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 8108 bytes

Share this post


Link to post
Share on other sites

Hello jboy_322,
My name is OCD, I will be helping you with your log today.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

I am checking over your HJT log now, I will post back shortly with instructions.

Share this post


Link to post
Share on other sites

Thank you OCD. Any help is much appreciated.

 

Some more information about the computer: there is some virus/malware thats blocking access to the internet from several programs. I am unable to use internet explorer, update windows, update AVG, etc. It had blocked Malwarebytes when I tried to install it from a flash drive, and I had to rename the .exe file to run it. Programs like AIM have internet access.

Share this post


Link to post
Share on other sites

Hello jboy_322,

  • You may want to print out these instructions for reference prior to proceeding.
  • This solution is specifically tailored for this particular problem, please do not attempt to use this solution on another computer.
  • If you have any questions, or are uncertain about any steps please ask 'before' proceeding.
- - - - - Next - - - - -

It is very important that you do not run any tools or attempt any fixes other than the ones I request.
Doing so can either delay our progress or render your computer inoperable. Malware removal can take numerous steps and tools to removal all threats.
Absence of symptoms does not necessarily mean you are clean. Please stay with the thread until I give you the all clean.
I appreciate your patience and understanding.

- - - - - Next - - - - -

Please tell me what Anti - Virus and Firewall you are using.

- - - - - Next - - - - -

Please run RootRepeal
  • Download RootRepeal from one of the following locations and save it to your desktop.
    Here
    Here
    or Here

  • Right click Posted Image on your desktop and select "Run As Administrator"

  • Click the Posted Image tab.

  • Click the Posted Image button.

  • In the Select Scan dialog, check

    Posted Image

  • Push Ok
  • Check the box for your main system drive (Usually C:), and press OK.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
- - - - - Next - - - - -

Please download DDS from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Right Click DDS icon and select "Run As Administrator" to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
- - - - - Next - - - - -

Reboot, on your next post please provide the following:
  • RootRepeal.txt
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.
  • Tell me how your computer is running at the moment.

Share this post


Link to post
Share on other sites

This computer is my brother's, so I'm trying to fix it for him.

 

For anti-virus it had Norton, however it is now expired and was not renewed.

Upon my receipt of the computer I attempted to install AVG, which gave me trouble, but installed sucessfully, however the virus/malware is blocking its access to the internet so it cannot update.

 

And for firewall, I believe its just the stock Windows Firewall unless Norton has something on its own

Share this post


Link to post
Share on other sites

DDS (Ver_09-07-30.01) - NTFSx86

Run by shawn at 11:39:50.31 on Wed 09/23/2009

Internet Explorer: 8.0.6001.18783

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1085 [GMT -4:00]

 

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\dlcccoms.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe

C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AVG\AVG8\avgupd.exe

C:\Windows\system32\msfeedssync.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\shawn\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uRun: [ssMonitorTool]

uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\:filtered:.exe.exe" /runcleanupscript

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://216.220.227.130:8080/plugin/h263ctrl.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

AppInit_DLLs: avgrsstx.dll

 

============= SERVICES / DRIVERS ===============

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-17 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-17 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-17 108552]

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20071002.003\IDSvix86.sys [2007-10-4 180272]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-17 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-17 297752]

R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-10 24652]

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-10-7 112688]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-10-30 37936]

 

=============== Created Last 30 ================

 

2009-09-17 23:28 <DIR> --d-h--- C:\$AVG8.VAULT$

2009-09-17 21:51 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-09-17 21:51 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys

2009-09-17 21:51 108,552 a------- c:\windows\system32\drivers\avgtdix.sys

2009-09-17 21:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-09-17 21:51 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-09-17 21:50 <DIR> --d----- c:\programdata\AVG Security Toolbar

2009-09-17 21:50 <DIR> --d----- c:\progra~2\AVG Security Toolbar

2009-09-17 21:50 <DIR> --d----- c:\programdata\avg8

2009-09-17 21:50 <DIR> --d----- c:\program files\AVG

2009-09-17 21:50 <DIR> --d----- c:\progra~2\avg8

2009-09-17 20:20 <DIR> --d----- c:\program files\trend micro

2009-09-17 19:59 <DIR> --d----- c:\users\shawn\appdata\roaming\Malwarebytes

2009-09-17 19:57 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-17 19:57 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-09-17 19:57 <DIR> --d----- c:\programdata\Malwarebytes

2009-09-17 19:57 <DIR> --d----- c:\progra~2\Malwarebytes

2009-09-17 19:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-09-15 15:15 <DIR> --d----- c:\users\shawn\appdata\roaming\AVG8

 

==================== Find3M ====================

 

2009-09-15 14:16 38,711 a------- c:\users\shawn\appdata\roaming\nvModes.dat

2009-08-08 13:00 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-08-03 19:41 174 a--sh--- c:\program files\desktop.ini

2009-08-03 19:33 51,200 a------- c:\windows\inf\infpub.dat

2009-08-03 19:33 143,360 a------- c:\windows\inf\infstrng.dat

2009-08-03 19:33 86,016 a------- c:\windows\inf\infstor.dat

2009-08-03 19:21 665,600 a------- c:\windows\inf\drvindex.dat

2009-08-03 18:29 101,888 a------- c:\windows\system32\ifxcardm.dll

2009-08-03 18:29 82,432 a------- c:\windows\system32\axaltocm.dll

2007-10-17 23:15 0 a------- c:\users\shawn\appdata\roaming\wklnhst.dat

2007-09-07 09:05 247,608 a------- c:\users\shawn\jre-1_5_0_07-windows-i586-p-iftw.exe

2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2009-06-12 13:26 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

2009-06-12 13:26 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat

2009-05-28 10:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat

2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat

2009-06-11 03:12 245,760 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\cookies\index.dat

2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat

2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

 

============= FINISH: 11:41:43.35 ===============

 

I dont believe the Administrator of this board has given me access to Attach a file to my post

Access to the internet is back as of now :)

Edited by jboy_322

Share this post


Link to post
Share on other sites

jboy_322,

 

Please go ahead and copy and paste the following logs:

Attach.txt RootRepeal.txt

Share this post


Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-07-30.01)

 

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/2/2007 2:40:04 AM

System Uptime: 9/18/2009 11:34:56 PM (108 hours ago)

 

Motherboard: Quanta | | 30BC

Processor: Intel® Core2 CPU T5300 @ 1.73GHz | U2E1 | 800/533mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 141 GiB total, 77.567 GiB free.

D: is FIXED (NTFS) - 8 GiB total, 1.746 GiB free.

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP694: 8/3/2009 6:12:26 PM - Windows Vista Service Pack 1

RP695: 8/3/2009 7:48:16 PM - Removed NBC Direct Beta

RP696: 8/3/2009 7:50:07 PM - Removed NBC Direct Beta

RP697: 8/3/2009 7:52:54 PM - Removed Rhapsody Player Engine

RP699: 8/3/2009 8:00:12 PM - Configured VeohTV BETA

RP700: 8/5/2009 7:44:13 PM - Scheduled Checkpoint

RP701: 8/8/2009 2:01:50 PM - Scheduled Checkpoint

RP703: 8/11/2009 9:16:15 AM - Windows Defender Checkpoint

RP704: 8/19/2009 7:00:52 PM - Scheduled Checkpoint

RP705: 9/14/2009 7:26:23 PM - Scheduled Checkpoint

RP707: 9/15/2009 2:40:22 PM - Windows Defender Checkpoint

RP708: 9/17/2009 6:07:20 PM - Scheduled Checkpoint

RP710: 9/17/2009 7:47:19 PM - Windows Defender Checkpoint

RP711: 9/17/2009 8:34:00 PM - Windows Update

RP712: 9/17/2009 9:49:57 PM - Installed AVG 8.5

RP713: 9/19/2009 12:19:43 AM - Scheduled Checkpoint

RP714: 9/20/2009 11:39:20 AM - Scheduled Checkpoint

 

==== Installed Programs ======================

 

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9

Adobe Shockwave Player

AIM 6

AOL Instant Messenger

AppCore

Apple Software Update

ArcSoft Magic-i 3

ArcSoft VideoImpression 2

ArcSoft WebCam Companion 2

AudibleManager

AV

AVG 8.5

AXIS Camera Server Control

BitPim 1.0.6

ccCommon

Conexant HD Audio

Creative MediaSource

Creative Removable Disk Manager

Creative System Information

Creative Zen Vision M

DivX Web Player

ESU for Microsoft Vista

HDAUDIO Soft Data Fax Modem with SmartCP

HP Active Support Library

HP Active Support Library 32 bit components

HP Button Manager

HP Customer Experience Enhancements

HP Doc Viewer

HP Easy Setup - Frontend

HP Help and Support

HP Photosmart Essential 2.0

HP Photosmart Essential2.5

HP Quick Launch Buttons 6.20 B1

HP QuickPlay 3.2

HP Total Care Advisor

HP Update

HP User Guides 0082

HP Webcam User’s Guide

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

Java SE Runtime Environment 6

LightScribe 1.4.136.1

LimeWire 5.1.3

LiveUpdate 3.2 (Symantec Corporation)

LiveUpdate Notice (Symantec Corporation)

Malwarebytes' Anti-Malware

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Move Media Player

MSCU for Microsoft Vista

MSRedist

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

muvee autoProducer 6.0

My HP Games

Norton AntiVirus

Norton Confidential Browser Component

Norton Confidential Web Protection Component

Norton Internet Security

Norton Internet Security (Symantec Corporation)

Norton PC Checkup

Norton Protection Center

Norton Security Scan

Norton Security Scan (Symantec Corporation)

NVIDIA Drivers

OpenCASE Media Agent

OpenOffice.org 2.2

PSSWCORE

QuickTime

Rescue Me screensaver

Rhapsody Player Engine

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Roxio MyDVD Basic v9

SAMSUNG CDMA Modem Driver Set

SPBBC 32bit

Symantec Real Time Storage Protection Component

SymNet

Synaptics Pointing Device Driver

TBS WMP Plug-in

VC80CRTRedist - 8.0.50727.762

Viewpoint Media Player

Winamp (remove only)

Windows Media Player Firefox Plugin

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

 

==== Event Viewer Messages From Past Week ========

 

9/18/2009 11:34:12 PM, Error: Service Control Manager [7016] - The MgiSvr service has reported an invalid current state 32.

9/17/2009 8:12:47 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001B779D2F55 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

9/17/2009 8:00:43 PM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find message text for message number 0xMBAMSwissArmy in the message file for The system cannot find message text for message number 0x%1 in the message file for %2..

9/17/2009 7:56:43 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.

9/17/2009 7:56:43 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.

9/17/2009 7:55:52 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

9/17/2009 7:55:51 PM, Error: Service Control Manager [7023] - The Secure Socket Tunneling Protocol Service service terminated with the following error: The RPC server is unavailable.

9/17/2009 7:55:51 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The RPC server is unavailable.

9/17/2009 7:49:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.114 for the Network Card with network address 001B779D2F55 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

9/17/2009 7:45:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 001B779D2F55 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

 

==== End Of File ===========================

 

 

DDS (Ver_09-07-30.01) - NTFSx86

Run by shawn at 11:39:50.31 on Wed 09/23/2009

Internet Explorer: 8.0.6001.18783

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1085 [GMT -4:00]

 

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\dlcccoms.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe

C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AVG\AVG8\avgupd.exe

C:\Windows\system32\msfeedssync.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\shawn\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uRun: [ssMonitorTool]

uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\:filtered:.exe.exe" /runcleanupscript

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://216.220.227.130:8080/plugin/h263ctrl.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

AppInit_DLLs: avgrsstx.dll

 

============= SERVICES / DRIVERS ===============

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-17 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-17 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-17 108552]

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20071002.003\IDSvix86.sys [2007-10-4 180272]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-17 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-17 297752]

R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-10 24652]

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-10-7 112688]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-10-30 37936]

 

=============== Created Last 30 ================

 

2009-09-17 23:28 <DIR> --d-h--- C:\$AVG8.VAULT$

2009-09-17 21:51 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-09-17 21:51 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys

2009-09-17 21:51 108,552 a------- c:\windows\system32\drivers\avgtdix.sys

2009-09-17 21:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-09-17 21:51 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-09-17 21:50 <DIR> --d----- c:\programdata\AVG Security Toolbar

2009-09-17 21:50 <DIR> --d----- c:\progra~2\AVG Security Toolbar

2009-09-17 21:50 <DIR> --d----- c:\programdata\avg8

2009-09-17 21:50 <DIR> --d----- c:\program files\AVG

2009-09-17 21:50 <DIR> --d----- c:\progra~2\avg8

2009-09-17 20:20 <DIR> --d----- c:\program files\trend micro

2009-09-17 19:59 <DIR> --d----- c:\users\shawn\appdata\roaming\Malwarebytes

2009-09-17 19:57 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-17 19:57 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-09-17 19:57 <DIR> --d----- c:\programdata\Malwarebytes

2009-09-17 19:57 <DIR> --d----- c:\progra~2\Malwarebytes

2009-09-17 19:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-09-15 15:15 <DIR> --d----- c:\users\shawn\appdata\roaming\AVG8

 

==================== Find3M ====================

 

2009-09-15 14:16 38,711 a------- c:\users\shawn\appdata\roaming\nvModes.dat

2009-08-08 13:00 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-08-03 19:41 174 a--sh--- c:\program files\desktop.ini

2009-08-03 19:33 51,200 a------- c:\windows\inf\infpub.dat

2009-08-03 19:33 143,360 a------- c:\windows\inf\infstrng.dat

2009-08-03 19:33 86,016 a------- c:\windows\inf\infstor.dat

2009-08-03 19:21 665,600 a------- c:\windows\inf\drvindex.dat

2009-08-03 18:29 101,888 a------- c:\windows\system32\ifxcardm.dll

2009-08-03 18:29 82,432 a------- c:\windows\system32\axaltocm.dll

2007-10-17 23:15 0 a------- c:\users\shawn\appdata\roaming\wklnhst.dat

2007-09-07 09:05 247,608 a------- c:\users\shawn\jre-1_5_0_07-windows-i586-p-iftw.exe

2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2009-06-12 13:26 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

2009-06-12 13:26 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat

2009-05-28 10:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat

2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat

2009-06-11 03:12 245,760 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\cookies\index.dat

2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat

2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

 

============= FINISH: 11:41:43.35 ===============

Share this post


Link to post
Share on other sites

jboy_322,

You have supplied me with these logs:
DDS.txt
Attach.txt


But I still need the RootRepeal.txt log

- - - - - Next - - - - -

Please run RootRepeal

  • Download RootRepeal from one of the following locations and save it to your desktop.
    Here
    Here
    or Here

  • Open Posted Image on your desktop.

  • Click the Posted Image tab.

  • Click the Posted Image button.

  • In the Select Scan dialog, check

    Posted Image

  • Push Ok
  • Check the box for your main system drive (Usually C:), and press OK.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
- - - - - Next - - - - -

Reboot, on your next post please provide the following:
RootRepeal.txt Tell me how your computer is running at the moment.

Share this post


Link to post
Share on other sites

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/09/23 11:32

Program Version: Version 1.3.5.0

Windows Version: Windows Vista SP1

==================================================

 

Drivers

-------------------

Name: dump_dumpata.sys

Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys

Address: 0x8DC6B000 Size: 45056 File Visible: No Signed: -

Status: -

 

Name: dump_msahci.sys

Image Path: C:\Windows\System32\Drivers\dump_msahci.sys

Address: 0x8DC76000 Size: 40960 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0xA63B0000 Size: 49152 File Visible: No Signed: -

Status: -

 

Processes

-------------------

Path: System

PID: 4 Status: Locked to the Windows API!

 

Path: C:\Windows\System32\audiodg.exe

PID: 1280 Status: Locked to the Windows API!

 

SSDT

-------------------

#: 013 Function Name: NtAlertResumeThread

Status: Hooked by "<unknown>" at address 0x86d63980

 

#: 014 Function Name: NtAlertThread

Status: Hooked by "<unknown>" at address 0x86d63a60

 

#: 018 Function Name: NtAllocateVirtualMemory

Status: Hooked by "<unknown>" at address 0x86dd1c78

 

#: 054 Function Name: NtConnectPort

Status: Hooked by "<unknown>" at address 0x86d0f468

 

#: 067 Function Name: NtCreateMutant

Status: Hooked by "<unknown>" at address 0x86d636d0

 

#: 078 Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0x86dd1e08

 

#: 147 Function Name: NtFreeVirtualMemory

Status: Hooked by "<unknown>" at address 0x86d99ef0

 

#: 156 Function Name: NtImpersonateAnonymousToken

Status: Hooked by "<unknown>" at address 0x86d637c0

 

#: 158 Function Name: NtImpersonateThread

Status: Hooked by "<unknown>" at address 0x86d638a0

 

#: 177 Function Name: NtMapViewOfSection

Status: Hooked by "<unknown>" at address 0x86d99df0

 

#: 184 Function Name: NtOpenEvent

Status: Hooked by "<unknown>" at address 0x86d635f0

 

#: 195 Function Name: NtOpenProcessToken

Status: Hooked by "<unknown>" at address 0x86dd1d48

 

#: 202 Function Name: NtOpenThreadToken

Status: Hooked by "<unknown>" at address 0x86d63f38

 

#: 282 Function Name: NtResumeThread

Status: Hooked by "<unknown>" at address 0x86dcfd78

 

#: 289 Function Name: NtSetContextThread

Status: Hooked by "<unknown>" at address 0x86d63e58

 

#: 305 Function Name: NtSetInformationProcess

Status: Hooked by "<unknown>" at address 0x86d99c20

 

#: 306 Function Name: NtSetInformationThread

Status: Hooked by "<unknown>" at address 0x86d63d68

 

#: 330 Function Name: NtSuspendProcess

Status: Hooked by "<unknown>" at address 0x86d63510

 

#: 331 Function Name: NtSuspendThread

Status: Hooked by "<unknown>" at address 0x86d63ba8

 

#: 334 Function Name: NtTerminateProcess

Status: Hooked by "<unknown>" at address 0x86dd56e8

 

#: 335 Function Name: NtTerminateThread

Status: Hooked by "<unknown>" at address 0x86d63c88

 

#: 348 Function Name: NtUnmapViewOfSection

Status: Hooked by "<unknown>" at address 0x86d99d10

 

#: 358 Function Name: NtWriteVirtualMemory

Status: Hooked by "<unknown>" at address 0x86d99fc0

 

==EOF==

 

Computer seems better, its allowing Windows to update and IE to access the internet now.

Share this post


Link to post
Share on other sites

jboy_322,

You have a couple of questionable programs running:

LimeWire 5.1.3
Viewpoint Media Player


You are using a P2P program called LimeWire 5.1.3. Please see this topic for more information:
Perils of P2P File Sharing

P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

Additional information can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx
http://www.internetworldstats.com/articles/art053.htm

I would recommend that you uninstall LimeWire 5.1.3, however that choice is up to you.
If you wish to keep it, please do not use it until your computer is cleaned.

- - - - - Next - - - - -

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself.

Please go to Start Menu > Control Panel > Add/ Remove Programs
Scroll Down and locate the following programs:
  • LimeWire 5.1.3
Viewpoint / Viewpoint Manager / Viewpoint Media PlayerSelect the program, then select remove.
(if the program is not listed don't be alarmed, just continue)
NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

- - - - - Next - - - - -

Earlier you stated your AVG could not be updated. This may be because your computer still thinks Norton is your registered AV/FW.
This can cause difficulty with AVG running/updating. Please choose which of the two, Norton or AVG you would like to keep.

Remove Norton or Symantec Products

Note : You should first attempt to remove your Norton/Symantec product using Add/Remove Programs in the Windows Control Panel (Programs and Features, in Windows Vista). This is the best method.

Uninstall anything with Norton or Symantec in the name

After uninstalling using Windows Add/Remove Programs, run the Norton Removal Tool to ensure successful removal of all Norton references.

If no entries are present in the Windows Add/Remove Programs you still need to run Norton Removal Tool below.

Please go to http://service1.symantec.com/Support/tsgen...005033108162039 and select the product you have
  • Download the Norton Removal Tool.
  • Save the file to the Windows desktop.
  • On the Windows desktop, double-click the Norton Removal Tool icon.
  • Follow the on-screen instructions.
    Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.
- - - - - Next - - - - -

To remove AVG, please do the same via the Add/Remove Programs feature of your Control Panel.
If you chose to keep it see if it can be updated, if so please run a scan and have it remove any items found.

You have run Malwarebytes' can you please provide the log if it is still available?
C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

- - - - - Next - - - - -

Reboot

- - - - - Next - - - - -

Re-run DDS and supply a new log on your next post.

- - - - - Next - - - - -

On your next post please provide the following:
Malwarebytes' log (if available) DDS.txt Answer the question about AVG (if you chose to keep it) Any change in the performance of your computer?

Share this post


Link to post
Share on other sites

Chose to keep AVG, was able to update it and run it successfully, no suspicious items were found.

 

Computer seems to be running much better.

 

Here are two previous Malwarebytes scan:

 

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 6.0.6001 Service Pack 1

 

9/17/2009 8:11:06 PM

mbam-log-2009-09-17 (20-11-06).txt

 

Scan type: Quick Scan

Objects scanned: 98101

Time elapsed: 10 minute(s), 13 second(s)

 

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 9

Folders Infected: 0

Files Infected: 5

 

Memory Processes Infected:

C:\Windows\Temp\161533528.tmp (Trojan.Agent) -> Unloaded process successfully.

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{01e645d7-fbc5-43a2-989f-57cfc08970f4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{df40995a-9f5b-4762-9fa8-6f232d08222d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{01e645d7-fbc5-43a2-989f-57cfc08970f4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{df40995a-9f5b-4762-9fa8-6f232d08222d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{01e645d7-fbc5-43a2-989f-57cfc08970f4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{df40995a-9f5b-4762-9fa8-6f232d08222d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Windows\Temp\161533528.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\shawn\AppData\Local\Temp\tmp40D9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\System32\ESQULzcounter (Trojan.Agent) -> Delete on reboot.

C:\Users\shawn\AppData\Local\Temp\OmegaPlay.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 6.0.6001 Service Pack 1

 

9/18/2009 11:33:09 PM

mbam-log-2009-09-18 (23-33-09).txt

 

Scan type: Quick Scan

Objects scanned: 98624

Time elapsed: 17 minute(s), 50 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Windows\System32\ESQULofotpsnrsqedpmdpngldfpbdmoriuybf.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Windows\System32\ESQULwhdwblxwktmycyvswlbhdkjfiidorwha.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

 

DDS:

 

 

DDS (Ver_09-07-30.01) - NTFSx86

Run by shawn at 16:08:13.98 on Fri 09/25/2009

Internet Explorer: 8.0.6001.18813

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1236 [GMT -4:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Windows\system32\dlcccoms.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe

C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\shawn\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uRun: [ssMonitorTool]

uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\:filtered:.exe.exe" /runcleanupscript

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://216.220.227.130:8080/plugin/h263ctrl.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

AppInit_DLLs: avgrsstx.dll

 

============= SERVICES / DRIVERS ===============

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-17 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-17 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-17 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-17 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-17 297752]

R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

 

=============== Created Last 30 ================

 

2009-09-23 13:10 2,048 a------- c:\windows\system32\tzres.dll

2009-09-23 12:33 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-09-23 12:33 97,800 a------- c:\windows\system32\infocardapi.dll

2009-09-23 12:33 622,080 a------- c:\windows\system32\icardagt.exe

2009-09-23 12:33 37,384 a------- c:\windows\system32\infocardcpl.cpl

2009-09-23 12:33 11,264 a------- c:\windows\system32\icardres.dll

2009-09-23 12:33 43,544 a------- c:\windows\system32\PresentationHostProxy.dll

2009-09-23 12:33 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll

2009-09-23 12:33 326,160 a------- c:\windows\system32\PresentationHost.exe

2009-09-23 12:23 96,760 a------- c:\windows\system32\dfshim.dll

2009-09-23 12:23 282,112 a------- c:\windows\system32\mscoree.dll

2009-09-23 12:22 41,984 a------- c:\windows\system32\netfxperf.dll

2009-09-23 12:22 158,720 a------- c:\windows\system32\mscorier.dll

2009-09-23 12:22 83,968 a------- c:\windows\system32\mscories.dll

2009-09-23 12:10 147,456 a------- c:\windows\system32\Faultrep.dll

2009-09-23 12:10 125,952 a------- c:\windows\system32\wersvc.dll

2009-09-23 12:07 72,192 a------- c:\windows\system32\drivers\pacer.sys

2009-09-23 12:07 15,360 a------- c:\windows\system32\pacerprf.dll

2009-09-23 12:07 91,136 a------- c:\windows\system32\avifil32.dll

2009-09-23 12:07 2,501,921 a------- c:\windows\system32\wlan.tmf

2009-09-23 12:07 293,376 a------- c:\windows\system32\wlanmsm.dll

2009-09-23 12:07 127,488 a------- c:\windows\system32\L2SecHC.dll

2009-09-23 12:07 513,024 a------- c:\windows\system32\wlansvc.dll

2009-09-23 12:07 302,592 a------- c:\windows\system32\wlansec.dll

2009-09-23 12:06 71,680 a------- c:\windows\system32\atl.dll

2009-09-23 12:06 160,256 a------- c:\windows\system32\wkssvc.dll

2009-09-23 12:06 313,344 a------- c:\windows\system32\wmpdxm.dll

2009-09-23 12:06 7,680 a------- c:\windows\system32\spwmp.dll

2009-09-23 12:06 4,096 a------- c:\windows\system32\msdxm.ocx

2009-09-23 12:06 4,096 a------- c:\windows\system32\dxmasf.dll

2009-09-23 12:06 8,147,456 a------- c:\windows\system32\wmploc.DLL

2009-09-23 12:06 43,520 a------- c:\windows\system32\msdxm.tlb

2009-09-23 12:06 18,432 a------- c:\windows\system32\amcompat.tlb

2009-09-23 12:06 28,672 a------- c:\windows\system32\Apphlpdm.dll

2009-09-23 12:05 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

2009-09-23 12:05 180,224 a------- c:\windows\system32\scrobj.dll

2009-09-23 12:05 172,032 a------- c:\windows\system32\scrrun.dll

2009-09-23 12:05 155,648 a------- c:\windows\system32\wscript.exe

2009-09-23 12:05 135,168 a------- c:\windows\system32\wshom.ocx

2009-09-23 12:05 135,168 a------- c:\windows\system32\cscript.exe

2009-09-23 12:05 90,112 a------- c:\windows\system32\wshext.dll

2009-09-17 23:28 <DIR> --d-h--- C:\$AVG8.VAULT$

2009-09-17 21:51 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-09-17 21:51 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys

2009-09-17 21:51 108,552 a------- c:\windows\system32\drivers\avgtdix.sys

2009-09-17 21:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-09-17 21:51 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-09-17 21:50 <DIR> --d----- c:\programdata\AVG Security Toolbar

2009-09-17 21:50 <DIR> --d----- c:\progra~2\AVG Security Toolbar

2009-09-17 21:50 <DIR> --d----- c:\programdata\avg8

2009-09-17 21:50 <DIR> --d----- c:\program files\AVG

2009-09-17 21:50 <DIR> --d----- c:\progra~2\avg8

2009-09-17 20:20 <DIR> --d----- c:\program files\trend micro

2009-09-17 19:59 <DIR> --d----- c:\users\shawn\appdata\roaming\Malwarebytes

2009-09-17 19:57 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-17 19:57 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-09-17 19:57 <DIR> --d----- c:\programdata\Malwarebytes

2009-09-17 19:57 <DIR> --d----- c:\progra~2\Malwarebytes

2009-09-17 19:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-09-15 15:15 <DIR> --d----- c:\users\shawn\appdata\roaming\AVG8

 

==================== Find3M ====================

 

2009-09-15 14:16 38,711 a------- c:\users\shawn\appdata\roaming\nvModes.dat

2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll

2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll

2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll

2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll

2009-08-14 13:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys

2009-08-14 12:29 104,960 a------- c:\windows\system32\netiohlp.dll

2009-08-14 12:29 17,920 a------- c:\windows\system32\netevent.dll

2009-08-14 10:16 17,920 a------- c:\windows\system32\ROUTE.EXE

2009-08-14 10:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE

2009-08-14 10:16 11,264 a------- c:\windows\system32\MRINFO.EXE

2009-08-14 10:16 27,136 a------- c:\windows\system32\NETSTAT.EXE

2009-08-14 10:16 19,968 a------- c:\windows\system32\ARP.EXE

2009-08-14 10:16 10,240 a------- c:\windows\system32\finger.exe

2009-08-14 10:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE

2009-08-08 13:00 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-08-03 19:41 174 a--sh--- c:\program files\desktop.ini

2009-08-03 19:33 51,200 a------- c:\windows\inf\infpub.dat

2009-08-03 19:33 143,360 a------- c:\windows\inf\infstrng.dat

2009-08-03 19:33 86,016 a------- c:\windows\inf\infstor.dat

2009-08-03 19:21 665,600 a------- c:\windows\inf\drvindex.dat

2009-08-03 18:29 101,888 a------- c:\windows\system32\ifxcardm.dll

2009-08-03 18:29 82,432 a------- c:\windows\system32\axaltocm.dll

2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll

2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll

2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll

2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe

2007-10-17 23:15 0 a------- c:\users\shawn\appdata\roaming\wklnhst.dat

2007-09-07 09:05 247,608 a------- c:\users\shawn\jre-1_5_0_07-windows-i586-p-iftw.exe

2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2009-06-12 13:26 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

2009-06-12 13:26 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat

2009-05-28 10:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat

2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat

2009-06-11 03:12 245,760 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\cookies\index.dat

2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat

2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

 

============= FINISH: 16:11:16.56 ===============

Share this post


Link to post
Share on other sites

jboy_322,

Your logs show evidence that you had/have a nasty Rootkit, Id like to dig a bit deeper to make sure it's completely gone.

Please download Sysprot Antirootkit from here

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to.
  • Open the text file and copy/paste the log here.
- - - - - Next - - - - -

Please re-run Malwarebytes', get the latest updates and perform a full scan.

- - - - - Next - - - - -

On your next post please provide the following:
Sysprot log New MBAM log How is your computer running, do you have any remaining issues?

Share this post


Link to post
Share on other sites

Computer is working as great as ever as far as I can tell. :)

 

Malwarebytes log:

Malwarebytes' Anti-Malware 1.41

Database version: 2863

Windows 6.0.6002 Service Pack 2

 

9/26/2009 9:17:26 PM

mbam-log-2009-09-26 (21-17-26).txt

 

Scan type: Full Scan (C:\|)

Objects scanned: 317059

Time elapsed: 2 hour(s), 25 minute(s), 29 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

Sysprot log:

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

Process:

Name: [system Idle Process]

PID: 0

Hidden: No

Window Visible: No

 

Name: System

PID: 4

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\smss.exe

PID: 492

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\csrss.exe

PID: 560

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\wininit.exe

PID: 612

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\csrss.exe

PID: 624

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\services.exe

PID: 664

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\lsass.exe

PID: 680

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\lsm.exe

PID: 688

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\winlogon.exe

PID: 740

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 952

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 1012

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 1052

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 1144

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 1184

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 1200

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\audiodg.exe

PID: 1288

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 1352

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\SLsvc.exe

PID: 1368

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 1448

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 1612

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\spoolsv.exe

PID: 1844

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 1868

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\dwm.exe

PID: 1196

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\taskeng.exe

PID: 1172

Hidden: No

Window Visible: No

 

Name: C:\Windows\explorer.exe

PID: 1728

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PID: 1964

Hidden: No

Window Visible: No

 

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

PID: 1484

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\dlcccoms.exe

PID: 832

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PID: 868

Hidden: No

Window Visible: No

 

Name: C:\PROGRA~1\AVG\AVG8\avgam.exe

PID: 2164

Hidden: No

Window Visible: No

 

Name: C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe

PID: 2184

Hidden: No

Window Visible: No

 

Name: C:\Program Files\AVG\AVG8\avgrsx.exe

PID: 2204

Hidden: No

Window Visible: No

 

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

PID: 2216

Hidden: No

Window Visible: No

 

Name: C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe

PID: 2352

Hidden: No

Window Visible: No

 

Name: C:\Program Files\AVG\AVG8\avgtray.exe

PID: 2580

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

PID: 2648

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Hp\QuickPlay\QPService.exe

PID: 2656

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PID: 2664

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 2748

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe

PID: 2784

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 2968

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\svchost.exe

PID: 3044

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\SearchIndexer.exe

PID: 3076

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\drivers\XAudio.exe

PID: 3144

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PID: 3192

Hidden: No

Window Visible: No

 

Name: C:\PROGRA~1\AVG\AVG8\avgemc.exe

PID: 3252

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

PID: 3264

Hidden: No

Window Visible: No

 

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe

PID: 3388

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\wbem\WmiPrvSE.exe

PID: 3492

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Hp\QuickPlay\Kernel\TV\QPSched.exe

PID: 3536

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\wbem\WmiPrvSE.exe

PID: 3792

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Windows Defender\MSASCui.exe

PID: 3840

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\wbem\unsecapp.exe

PID: 4032

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

PID: 1512

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

PID: 772

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\taskeng.exe

PID: 3056

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

PID: 2700

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Internet Explorer\iexplore.exe

PID: 3860

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Internet Explorer\iexplore.exe

PID: 3976

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Internet Explorer\iexplore.exe

PID: 4696

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Internet Explorer\iexplore.exe

PID: 4736

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

PID: 5296

Hidden: No

Window Visible: No

 

Name: C:\Windows\servicing\TrustedInstaller.exe

PID: 4260

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\wbem\WMIADAP.exe

PID: 5164

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\SearchProtocolHost.exe

PID: 5856

Hidden: No

Window Visible: No

 

Name: C:\Program Files\Internet Explorer\ielowutil.exe

PID: 2572

Hidden: No

Window Visible: No

 

Name: C:\Windows\System32\SearchFilterHost.exe

PID: 1312

Hidden: No

Window Visible: No

 

Name: C:\Users\shawn\Desktop\SysProt\SysProt\SysProt.exe

PID: 2880

Hidden: No

Window Visible: Yes

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \??\C:\Users\shawn\Desktop\SysProt\SysProt\SysProtDrv.sys

Service Name: SysProtDrv.sys

Module Base: 9BB89000

Module End: 9BB94000

Hidden: No

 

Module Name: C:\Windows\system32\ntkrnlpa.exe

Service Name: ---

Module Base: 81E03000

Module End: 821BC000

Hidden: No

 

Module Name: C:\Windows\system32\hal.dll

Service Name: ---

Module Base: 821BC000

Module End: 821EF000

Hidden: No

 

Module Name: C:\Windows\system32\kdcom.dll

Service Name: ---

Module Base: 8040A000

Module End: 80411000

Hidden: No

 

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll

Service Name: ---

Module Base: 80411000

Module End: 80481000

Hidden: No

 

Module Name: C:\Windows\system32\PSHED.dll

Service Name: ---

Module Base: 80481000

Module End: 80492000

Hidden: No

 

Module Name: C:\Windows\system32\BOOTVID.dll

Service Name: ---

Module Base: 80492000

Module End: 8049A000

Hidden: No

 

Module Name: C:\Windows\system32\CLFS.SYS

Service Name: CLFS

Module Base: 8049A000

Module End: 804DB000

Hidden: No

 

Module Name: C:\Windows\system32\CI.dll

Service Name: ---

Module Base: 804DB000

Module End: 805BB000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\Wdf01000.sys

Service Name: Wdf01000

Module Base: 80603000

Module End: 8067F000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS

Service Name: ---

Module Base: 8067F000

Module End: 8068C000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\acpi.sys

Service Name: ACPI

Module Base: 8068C000

Module End: 806D2000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\WMILIB.SYS

Service Name: ---

Module Base: 806D2000

Module End: 806DB000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\msisadrv.sys

Service Name: msisadrv

Module Base: 806DB000

Module End: 806E3000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\pci.sys

Service Name: pci

Module Base: 806E3000

Module End: 8070A000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\partmgr.sys

Service Name: partmgr

Module Base: 8070A000

Module End: 80719000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys

Service Name: Compbatt

Module Base: 80719000

Module End: 8071C000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS

Service Name: BattC

Module Base: 8071C000

Module End: 80726000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\volmgr.sys

Service Name: volmgr

Module Base: 80726000

Module End: 80735000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\volmgrx.sys

Service Name: volmgrx

Module Base: 80735000

Module End: 8077F000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\intelide.sys

Service Name: intelide

Module Base: 8077F000

Module End: 80786000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS

Service Name: ---

Module Base: 80786000

Module End: 80794000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\mountmgr.sys

Service Name: MountMgr

Module Base: 80794000

Module End: 807A4000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\atapi.sys

Service Name: atapi

Module Base: 807A4000

Module End: 807AC000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\ataport.SYS

Service Name: ---

Module Base: 807AC000

Module End: 807CA000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\msahci.sys

Service Name: msahci

Module Base: 807CA000

Module End: 807D4000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\fltmgr.sys

Service Name: FltMgr

Module Base: 805BB000

Module End: 805ED000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\fileinfo.sys

Service Name: FileInfo

Module Base: 807D4000

Module End: 807E4000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\PxHelp20.sys

Service Name: PxHelp20

Module Base: 807E4000

Module End: 807ED000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\ksecdd.sys

Service Name: KSecDD

Module Base: 82C0E000

Module End: 82C7F000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\ndis.sys

Service Name: NDIS

Module Base: 82C7F000

Module End: 82D8A000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\NETIO.SYS

Service Name: ---

Module Base: 82DB5000

Module End: 82DF0000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\tcpip.sys

Service Name: Tcpip

Module Base: 82E0D000

Module End: 82EF7000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys

Service Name: ---

Module Base: 82EF7000

Module End: 82F12000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\Ntfs.sys

Service Name: Ntfs

Module Base: 87E03000

Module End: 87F13000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\volsnap.sys

Service Name: volsnap

Module Base: 87F13000

Module End: 87F4C000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\spldr.sys

Service Name: spldr

Module Base: 87F4C000

Module End: 87F54000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\sfhlp01.sys

Service Name: sfhlp01

Module Base: 87F54000

Module End: 87F56000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\prosync1.sys

Service Name: prosync1

Module Base: 87F56000

Module End: 87F58000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\SCSIPORT.SYS

Service Name: ---

Module Base: 87F58000

Module End: 87F7E000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\mup.sys

Service Name: Mup

Module Base: 87F96000

Module End: 87FA5000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\ecache.sys

Service Name: Ecache

Module Base: 87FA5000

Module End: 87FCC000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\disk.sys

Service Name: disk

Module Base: 87FCC000

Module End: 87FDD000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS

Service Name: ---

Module Base: 87FDD000

Module End: 87FFE000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\crcdisk.sys

Service Name: crcdisk

Module Base: 82F12000

Module End: 82F1B000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\avgrkx86.sys

Service Name: AvgRkx86

Module Base: 87FFE000

Module End: 88000000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys

Service Name: tunnel

Module Base: 82F3D000

Module End: 82F48000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys

Service Name: tunmp

Module Base: 82F48000

Module End: 82F51000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys

Service Name: intelppm

Module Base: 82F51000

Module End: 82F60000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys

Service Name: CmBatt

Module Base: 82F60000

Module End: 82F64000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys

Service Name: WmiAcpi

Module Base: 82F64000

Module End: 82F6D000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys

Service Name: nvlddmkm

Module Base: 8BC08000

Module End: 8C04B000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys

Service Name: DXGKrnl

Module Base: 8C04B000

Module End: 8C0EA000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\watchdog.sys

Service Name: ---

Module Base: 8C0EA000

Module End: 8C0F6000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys

Service Name: HDAudBus

Module Base: 8C0F6000

Module End: 8C183000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\NETw5v32.sys

Service Name: NETw5v32

Module Base: 8C203000

Module End: 8C58C000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\e1e6032.sys

Service Name: e1express

Module Base: 8C58C000

Module End: 8C5C4000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys

Service Name: usbuhci

Module Base: 8C5C4000

Module End: 8C5CF000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS

Service Name: ---

Module Base: 8C183000

Module End: 8C1C1000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys

Service Name: usbehci

Module Base: 8C5CF000

Module End: 8C5DE000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys

Service Name: ohci1394

Module Base: 8C5DE000

Module End: 8C5EE000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS

Service Name: ---

Module Base: 8C5EE000

Module End: 8C5FC000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\sdbus.sys

Service Name: sdbus

Module Base: 8C1C1000

Module End: 8C1DB000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\rimmptsk.sys

Service Name: rimmptsk

Module Base: 8C1DB000

Module End: 8C1E9000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\rimsptsk.sys

Service Name: rimsptsk

Module Base: 8C1E9000

Module End: 8C1FD000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\rixdptsk.sys

Service Name: rismxdp

Module Base: 82F6D000

Module End: 82FBE000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\cpqbttn.sys

Service Name: HBtnKey

Module Base: 8C5FC000

Module End: 8C5FF000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS

Service Name: ---

Module Base: 82FBE000

Module End: 82FCE000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS

Service Name: ---

Module Base: 8BC00000

Module End: 8BC07000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys

Service Name: i8042prt

Module Base: 82FCE000

Module End: 82FE1000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys

Service Name: kbdclass

Module Base: 82FE1000

Module End: 82FEC000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\SynTP.sys

Service Name: SynTP

Module Base: 8C60A000

Module End: 8C63A000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS

Service Name: ---

Module Base: 8C63A000

Module End: 8C63C000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys

Service Name: mouclass

Module Base: 8C63C000

Module End: 8C647000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\Afc.sys

Service Name: Afc

Module Base: 8C647000

Module End: 8C64F000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys

Service Name: cdrom

Module Base: 8C64F000

Module End: 8C667000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\ArcSoftVirtualCapture.sys

Service Name: ARCSOFTVIRTUALCAPTURE

Module Base: 8C667000

Module End: 8C66C000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\STREAM.SYS

Service Name: ---

Module Base: 8C66C000

Module End: 8C679000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\ks.sys

Service Name: ---

Module Base: 8C679000

Module End: 8C6A3000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys

Service Name: iScsiPrt

Module Base: 8C6A3000

Module End: 8C6D2000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\storport.sys

Service Name: ---

Module Base: 8C6D2000

Module End: 8C713000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS

Service Name: ---

Module Base: 8C713000

Module End: 8C71E000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\umpass.sys

Service Name: UMPass

Module Base: 8C71E000

Module End: 8C726000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys

Service Name: Rasl2tp

Module Base: 8C726000

Module End: 8C73D000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys

Service Name: NdisTapi

Module Base: 8C73D000

Module End: 8C748000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys

Service Name: NdisWan

Module Base: 8C748000

Module End: 8C76B000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys

Service Name: RasPppoe

Module Base: 8C76B000

Module End: 8C77A000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys

Service Name: PptpMiniport

Module Base: 8C77A000

Module End: 8C78E000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys

Service Name: RasSstp

Module Base: 8C78E000

Module End: 8C7A3000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\termdd.sys

Service Name: TermDD

Module Base: 8C7A3000

Module End: 8C7B3000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\swenum.sys

Service Name: swenum

Module Base: 8C7B3000

Module End: 8C7B5000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys

Service Name: mssmbios

Module Base: 8C7B5000

Module End: 8C7BF000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\umbus.sys

Service Name: umbus

Module Base: 8C7BF000

Module End: 8C7CC000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys

Service Name: usbhub

Module Base: 8CA05000

Module End: 8CA3A000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys

Service Name: kbdhid

Module Base: 8CA3A000

Module End: 8CA43000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS

Service Name: NDProxy

Module Base: 8CA43000

Module End: 8CA54000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\CHDRT32.sys

Service Name: CnxtHdAudService

Module Base: 8CA54000

Module End: 8CA85000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\portcls.sys

Service Name: ---

Module Base: 8CA85000

Module End: 8CAB2000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\drmk.sys

Service Name: ---

Module Base: 8CAB2000

Module End: 8CAD7000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys

Service Name: HSXHWAZL

Module Base: 8CAD7000

Module End: 8CB15000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys

Service Name: HSF_DPV

Module Base: 8CC0D000

Module End: 8CD10000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys

Service Name: winachsf

Module Base: 8CD10000

Module End: 8CDC5000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\modem.sys

Service Name: Modem

Module Base: 8CDC5000

Module End: 8CDD2000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\Beep.SYS

Service Name: Beep

Module Base: 8CDE2000

Module End: 8CDE9000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\vga.sys

Service Name: vga

Module Base: 8CDE9000

Module End: 8CDF5000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS

Service Name: ---

Module Base: 8CB15000

Module End: 8CB36000

Hidden: No

 

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys

Service Name: RDPCDD

Module Base: 8CDF5000

Module End: 8CDFD000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\rdpencdd.sys

Service Name: RDPENCDD

Module Base: 8CC00000

Module End: 8CC08000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\Npfs.SYS

Service Name: Npfs

Module Base: 8CB41000

Module End: 8CB4F000

Hidden: No

 

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys

Service Name: RasAcd

Module Base: 8CB4F000

Module End: 8CB58000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\tdx.sys

Service Name: tdx

Module Base: 8CB58000

Module End: 8CB6E000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\smb.sys

Service Name: Smb

Module Base: 8CB6E000

Module End: 8CB82000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\avgtdix.sys

Service Name: AvgTdiX

Module Base: 8CB82000

Module End: 8CB9B000

Hidden: No

 

Module Name: C:\Windows\System32\DRIVERS\netbt.sys

Service Name: netbt

Module Base: 8CB9B000

Module End: 8CBCD000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\afd.sys

Service Name: AFD

Module Base: 8D20E000

Module End: 8D256000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\pacer.sys

Service Name: PSched

Module Base: 8D256000

Module End: 8D26C000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\netbios.sys

Service Name: NetBIOS

Module Base: 8D26C000

Module End: 8D27A000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\eabfiltr.sys

Service Name: eabfiltr

Module Base: 8D27A000

Module End: 8D27C000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys

Service Name: Wanarp

Module Base: 8D27C000

Module End: 8D28F000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys

Service Name: rdbss

Module Base: 8D28F000

Module End: 8D2CB000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\nsiproxy.sys

Service Name: nsiproxy

Module Base: 8D2D8000

Module End: 8D2E2000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\dfsc.sys

Service Name: DfsC

Module Base: 8D2E2000

Module End: 8D2F9000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\avgmfx86.sys

Service Name: AvgMfx86

Module Base: 8D2F9000

Module End: 8D2FF000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\avgldx86.sys

Service Name: AvgLdx86

Module Base: 8D2FF000

Module End: 8D350000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\crashdmp.sys

Service Name: ---

Module Base: 8D350000

Module End: 8D35D000

Hidden: No

 

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys

Service Name: ---

Module Base: 8D35D000

Module End: 8D368000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_msahci.sys

Service Name: ---

Module Base: 8D368000

Module End: 8D372000

Hidden: Yes

 

Module Name: C:\Windows\System32\drivers\Dxapi.sys

Service Name: ---

Module Base: 8D372000

Module End: 8D37C000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\monitor.sys

Service Name: monitor

Module Base: 8D37C000

Module End: 8D38B000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\luafv.sys

Service Name: luafv

Module Base: 8D38B000

Module End: 8D3A6000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys

Service Name: lltdio

Module Base: 8D3AE000

Module End: 8D3BE000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys

Service Name: NativeWifiP

Module Base: 8D3BE000

Module End: 8D3E8000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys

Service Name: Ndisuio

Module Base: 8D3E8000

Module End: 8D3F2000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys

Service Name: rspndr

Module Base: 8CBCD000

Module End: 8CBE0000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\spsys.sys

Service Name: ---

Module Base: 9A20D000

Module End: 9A2BD000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\HTTP.sys

Service Name: HTTP

Module Base: 9A2BD000

Module End: 9A328000

Hidden: No

 

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys

Service Name: srvnet

Module Base: 9A328000

Module End: 9A345000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\bowser.sys

Service Name: bowser

Module Base: 9A345000

Module End: 9A35E000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\mpsdrv.sys

Service Name: mpsdrv

Module Base: 9A35E000

Module End: 9A373000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\mrxdav.sys

Service Name: MRxDAV

Module Base: 9A373000

Module End: 9A394000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys

Service Name: mrxsmb

Module Base: 9A394000

Module End: 9A3B3000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys

Service Name: mrxsmb10

Module Base: 9A3B3000

Module End: 9A3EC000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys

Service Name: mrxsmb20

Module Base: 8CBE0000

Module End: 8CBF8000

Hidden: No

 

Module Name: C:\Windows\System32\DRIVERS\srv2.sys

Service Name: srv2

Module Base: 8C7CC000

Module End: 8C7F3000

Hidden: No

 

Module Name: C:\Windows\System32\DRIVERS\srv.sys

Service Name: srv

Module Base: 9BA0D000

Module End: 9BA59000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys

Service Name: mdmxsdk

Module Base: 9BA71000

Module End: 9BA75000

Hidden: No

 

Module Name: C:\Windows\system32\drivers\peauth.sys

Service Name: PEAUTH

Module Base: 9BA75000

Module End: 9BB53000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\secdrv.SYS

Service Name: secdrv

Module Base: 9BB53000

Module End: 9BB5D000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\tcpipreg.sys

Service Name: tcpipreg

Module Base: 9BB5D000

Module End: 9BB69000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\xaudio.sys

Service Name: XAudio

Module Base: 9BB69000

Module End: 9BB71000

Hidden: No

 

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys

Service Name: cdfs

Module Base: 9BB73000

Module End: 9BB89000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\prodrv06.sys

Service Name: prodrv06

Module Base: 8D2CB000

Module End: 8D2D8000

Hidden: No

 

Module Name: C:\Windows\System32\drivers\prohlp02.sys

Service Name: prohlp02

Module Base: 87F7E000

Module End: 87F96000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\Null.SYS

Service Name: Null

Module Base: 8CDDB000

Module End: 8CDE2000

Hidden: No

 

Module Name: C:\Windows\System32\Drivers\Msfs.SYS

Service Name: Msfs

Module Base: 8CB36000

Module End: 8CB41000

Hidden: No

 

******************************************************************************************

******************************************************************************************

No SSDT Hooks found

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

IRP Hooks:

Hooked Module: C:\Windows\system32\drivers\atapi.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 87F56651

Hooking Module: C:\Windows\System32\drivers\prosync1.sys

 

Hooked Module: C:\Windows\System32\drivers\prodrv06.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A3DD008

Hooking Module: _unknown_

 

Hooked Module: C:\Windows\System32\drivers\prodrv06.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A3DD008

Hooking Module: _unknown_

 

Hooked Module: C:\Windows\System32\drivers\prodrv06.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A3DD008

Hooking Module: _unknown_

 

Hooked Module: C:\Windows\System32\drivers\prohlp02.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8879DD68

Hooking Module: _unknown_

 

Hooked Module: C:\Windows\System32\drivers\prohlp02.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8879DD68

Hooking Module: _unknown_

 

Hooked Module: C:\Windows\System32\drivers\prohlp02.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8879DD68

Hooking Module: _unknown_

 

******************************************************************************************

******************************************************************************************

Ports:

Local Address: SHAWN-PC.BELKIN:NETBIOS-SSN

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: SHAWN-PC:18080

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: LISTENING

 

Local Address: SHAWN-PC:15190

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: LISTENING

 

Local Address: SHAWN-PC:15050

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: LISTENING

 

Local Address: SHAWN-PC:13128

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: LISTENING

 

Local Address: SHAWN-PC:11863

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: LISTENING

 

Local Address: SHAWN-PC:10110

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe

State: LISTENING

 

Local Address: SHAWN-PC:10080

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: LISTENING

 

Local Address: SHAWN-PC:8999

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe

State: LISTENING

 

Local Address: SHAWN-PC:10025

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\dlcccoms.exe

State: LISTENING

 

Local Address: SHAWN-PC:5357

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: SHAWN-PC:5004

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\services.exe

State: LISTENING

 

Local Address: SHAWN-PC:5003

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\lsass.exe

State: LISTENING

 

Local Address: SHAWN-PC:5002

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\svchost.exe

State: LISTENING

 

Local Address: SHAWN-PC:5001

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\svchost.exe

State: LISTENING

 

Local Address: SHAWN-PC:5000

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\wininit.exe

State: LISTENING

 

Local Address: SHAWN-PC:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: SHAWN-PC:EPMAP

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Windows\System32\svchost.exe

State: LISTENING

 

Local Address: SHAWN-PC.BELKIN:SSDP

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: SHAWN-PC.BELKIN:138

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: SHAWN-PC.BELKIN:NETBIOS-NS

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: SHAWN-PC:63300

Remote Address: NA

Type: UDP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: NA

 

Local Address: SHAWN-PC:56732

Remote Address: NA

Type: UDP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: NA

 

Local Address: SHAWN-PC:52524

Remote Address: NA

Type: UDP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: NA

 

Local Address: SHAWN-PC:52515

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: SHAWN-PC:SSDP

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: SHAWN-PC:54928

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: SHAWN-PC:LLMNR

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: SHAWN-PC:IPSEC-MSFT

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: SHAWN-PC:UPNP-DISCOVERY

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: SHAWN-PC:UPNP-DISCOVERY

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: SHAWN-PC:500

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

Local Address: SHAWN-PC:123

Remote Address: NA

Type: UDP

Process: C:\Windows\System32\svchost.exe

State: NA

 

******************************************************************************************

******************************************************************************************

No hidden files/folders found

Share this post


Link to post
Share on other sites

jboy_322,

Run the following scan: ESET Online Scanner
(you will need Internet Explorer to run this scan)

You will need to run this scan with Administrator privileges:

  • Simply hit the button “Restart browser as Admin” in ESET Online Scanner or
  • Right-click on the browser icon in the Start Menu and select "Run as administrator" from the context menu.
ESET Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
- - - - - Next - - - - -

On your next post please provide the following:
ESET log.txt Tell me if you have any remaining issues.

Share this post


Link to post
Share on other sites

No lingering issues as far as I can tell...alot of the issues with the ESET scan come from downloaded music. I have had my own issues with viruses from downloading and have tried to tell my brother about the dangers but he doesnt listen...maybe he'll listen to me now

 

[email protected] as CAB hook log:

OnlineScanner.ocx - registred OK

# version=6

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6050

# api_version=3.0.2

# EOSSerial=cc8a6229d5cde84aaa0823a7c5bf5d69

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-09-27 05:28:00

# local_time=2009-09-27 01:28:00 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1027 61 83 60 1792211208292

# compatibility_mode=5889 61 66 100 533441617491508

# scanned=201675

# found=23

# cleaned=0

# scan_time=7635

C:\Users\shawn\AppData\Local\Temp\tmp4108.tmp Win32/Olmarik.LT virus 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\3oh3 - Punk:filtered:.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\all luck.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\Barenaked Ladies- testing 1 2 3.wma WMA/TrojanDownloader.Wimad.NAA trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\boston celtics.mp3 WMA/TrojanDownloader.GetCodec.C trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\camera phone MTV.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\Carrie Underwood- i dont even know his last name.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\:filtered: in my pants CD quality.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\Joey & Rory - Cheater Cheater(1).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\kiss you through the phone(Club RMX).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\Kristinia DeBarge-Goodbye.wma WMA/TrojanDownloader.Wimad.NAA trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\Lil Wayne - Tha Carter III - 08 - Tie My Hands.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\love story remix taylor swift (hot remix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\low remix travis barker.mp3 WMA/TrojanDownloader.GetCodec.C trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\Mastermix 10 Years Of Pop.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\Natasha Beddingfield - Take Me Away.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\Saving Abel - She Got Over Me.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\steamtrain to mallaig.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\swagga like obama.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Desktop\music\webzz-back it up(Club RMX).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

C:\Users\shawn\Shared\americas best dance crew mixes.mp3 WMA/TrojanDownloader.GetCodec.C trojan 00000000000000000000000000000000 I

C:\Windows\Temp\161533419.tmp a variant of Win32/Kryptik.UI trojan 00000000000000000000000000000000 I

Share this post


Link to post
Share on other sites

jboy_322,

Your Java is outdated.
Please follow these steps to remove older version Java components.

  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.
Then download the latest version of Java , which is Version 6 Update 16, and click Yes at the page warning. Under "Platform" select Windows, then check the box to accept the Licence Agreement. Click Yes at the second page warning before downloading the Offline file.
There is no need to download the Sun Dowload manager but it is optional.

- - - - - Next - - - - -

You are correct. These music files were probably downloaded via LimeWire. Hopefully your brother will heed your advice.

Please download OTM by OldTimer.
  • Save it to your desktop.
  • Please click OTM and then click >> run.
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes
explorer.exe

:Files
C:\Users\shawn\AppData\Local\Temp\tmp4108.tmp
C:\Users\shawn\Desktop\music\3oh3 - Punk*.mp3
C:\Users\shawn\Desktop\music\all luck.mp3
C:\Users\shawn\Desktop\music\Barenaked Ladies- testing 1 2 3.wma
C:\Users\shawn\Desktop\music\boston celtics.mp3
C:\Users\shawn\Desktop\music\camera phone MTV.mp3
C:\Users\shawn\Desktop\music\Carrie Underwood- i dont even know his last name.mp3
C:\Users\shawn\Desktop\music\in my pants CD quality*.mp3
C:\Users\shawn\Desktop\music\Joey & Rory - Cheater Cheater(1).mp3
C:\Users\shawn\Desktop\music\kiss you through the phone(Club RMX).mp3
C:\Users\shawn\Desktop\music\Kristinia DeBarge-Goodbye.wma
C:\Users\shawn\Desktop\music\Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3
C:\Users\shawn\Desktop\music\Lil Wayne - Tha Carter III - 08 - Tie My Hands.mp3 
C:\Users\shawn\Desktop\music\love story remix taylor swift (hot remix).mp3
C:\Users\shawn\Desktop\music\low remix travis barker.mp3
C:\Users\shawn\Desktop\music\Mastermix 10 Years Of Pop.wma
C:\Users\shawn\Desktop\music\Natasha Beddingfield - Take Me Away.mp3
C:\Users\shawn\Desktop\music\Saving Abel - She Got Over Me.mp3
C:\Users\shawn\Desktop\music\steamtrain to mallaig.mp3
C:\Users\shawn\Desktop\music\swagga like obama.mp3
C:\Users\shawn\Desktop\music\webzz-back it up(Club RMX).mp3
C:\Users\shawn\Shared\americas best dance crew mixes.mp3
C:\Windows\Temp\161533419.tmp

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


- - - - - Next - - - - -

Please re-run DDS and post the new logs generated.

Be sure to disable your script blocking software BEFORE running the DDS scan. Use the link below if you need assistance.
  • Disable any script blocking protection (How to Disable your Security Programs) < - - Important
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
- - - - - Next - - - - -

On your next post please provide the following:
  • OTM log
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

Share this post


Link to post
Share on other sites

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

File/Folder C:\Users\shawn\AppData\Local\Temp\tmp4108.tmp not found.

C:\Users\shawn\Desktop\music\3oh3 - Punk:filtered:.mp3 moved successfully.

C:\Users\shawn\Desktop\music\all luck.mp3 moved successfully.

C:\Users\shawn\Desktop\music\Barenaked Ladies- testing 1 2 3.wma moved successfully.

C:\Users\shawn\Desktop\music\boston celtics.mp3 moved successfully.

C:\Users\shawn\Desktop\music\camera phone MTV.mp3 moved successfully.

C:\Users\shawn\Desktop\music\Carrie Underwood- i dont even know his last name.mp3 moved successfully.

File/Folder C:\Users\shawn\Desktop\music\in my pants CD quality*.mp3 not found.

C:\Users\shawn\Desktop\music\Joey & Rory - Cheater Cheater(1).mp3 moved successfully.

C:\Users\shawn\Desktop\music\kiss you through the phone(Club RMX).mp3 moved successfully.

C:\Users\shawn\Desktop\music\Kristinia DeBarge-Goodbye.wma moved successfully.

C:\Users\shawn\Desktop\music\Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3 moved successfully.

C:\Users\shawn\Desktop\music\Lil Wayne - Tha Carter III - 08 - Tie My Hands.mp3 moved successfully.

C:\Users\shawn\Desktop\music\love story remix taylor swift (hot remix).mp3 moved successfully.

C:\Users\shawn\Desktop\music\low remix travis barker.mp3 moved successfully.

C:\Users\shawn\Desktop\music\Mastermix 10 Years Of Pop.wma moved successfully.

C:\Users\shawn\Desktop\music\Natasha Beddingfield - Take Me Away.mp3 moved successfully.

C:\Users\shawn\Desktop\music\Saving Abel - She Got Over Me.mp3 moved successfully.

C:\Users\shawn\Desktop\music\steamtrain to mallaig.mp3 moved successfully.

C:\Users\shawn\Desktop\music\swagga like obama.mp3 moved successfully.

C:\Users\shawn\Desktop\music\webzz-back it up(Club RMX).mp3 moved successfully.

C:\Users\shawn\Shared\americas best dance crew mixes.mp3 moved successfully.

File/Folder C:\Windows\Temp\161533419.tmp not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFWK75SB\desktop.ini scheduled to be deleted on reboot.

File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUY9UVU2\desktop.ini scheduled to be deleted on reboot.

File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2TS9O29S\desktop.ini scheduled to be deleted on reboot.

File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2L92POQ9\desktop.ini scheduled to be deleted on reboot.

File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.

File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFWK75SB\desktop.ini scheduled to be deleted on reboot.

File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUY9UVU2\desktop.ini scheduled to be deleted on reboot.

File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2TS9O29S\desktop.ini scheduled to be deleted on reboot.

File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2L92POQ9\desktop.ini scheduled to be deleted on reboot.

File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.

File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Guest

 

User: Public

 

User: shawn

->Temp folder emptied: 92592 bytes

->Temporary Internet Files folder emptied: 1085133549 bytes

->Java cache emptied: 37770832 bytes

->FireFox cache emptied: 37689772 bytes

 

%systemdrive% .tmp files removed: 0 bytes

Folder delete failed. C:\Windows\msdownld.tmp scheduled to be deleted on reboot.

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 55416 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1107.03 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 09292009_162727

 

 

DDS (Ver_09-07-30.01) - NTFSx86

Run by shawn at 16:41:16.67 on Tue 09/29/2009

Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1331 [GMT -4:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Windows\system32\dlcccoms.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchProtocolHost.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\SearchFilterHost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\shawn\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uRun: [ssMonitorTool]

uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

AppInit_DLLs: avgrsstx.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\shawn\appdata\roaming\mozilla\firefox\profiles\9jc1nbe4.default\

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\users\shawn\appdata\roaming\move networks\plugins\npqmp071502000008.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

 

============= SERVICES / DRIVERS ===============

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-17 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-17 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-17 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-17 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-17 297752]

R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

 

=============== Created Last 30 ================

 

2009-09-29 16:27 <DIR> --d----- C:\_OTM

2009-09-29 16:24 411,368 a------- c:\windows\system32\deploytk.dll

2009-09-27 20:32 <DIR> --d----- c:\users\shawn\appdata\roaming\Auslogics

2009-09-27 20:32 <DIR> --d----- c:\program files\Auslogics

2009-09-27 11:18 <DIR> --d----- c:\program files\ESET

2009-09-25 18:39 <DIR> --d----- c:\windows\system32\eu-ES

2009-09-25 18:39 <DIR> --d----- c:\windows\system32\ca-ES

2009-09-25 18:39 <DIR> --d----- c:\windows\system32\vi-VN

2009-09-25 18:37 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-09-25 18:24 <DIR> --d----- c:\windows\system32\EventProviders

2009-09-25 18:03 <DIR> --d----- C:\NVIDIA

2009-09-25 17:04 <DIR> --d----- c:\program files\SystemRequirementsLab

2009-09-23 13:10 2,048 a------- c:\windows\system32\tzres.dll

2009-09-23 12:59 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll

2009-09-23 12:59 3,408,896 a------- c:\windows\system32\SLsvc.exe

2009-09-23 12:59 1,081,344 a------- c:\windows\system32\SLCExt.dll

2009-09-23 12:59 2,134,528 a------- c:\windows\system32\FunctionDiscoveryFolder.dll

2009-09-23 12:59 65,536 a------- c:\windows\system32\DevicePairingWizard.exe

2009-09-23 12:59 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll

2009-09-23 12:59 1,480,704 a------- c:\windows\system32\mssrch.dll

2009-09-23 12:57 3,662,128 a------- c:\windows\system32\locale.nls

2009-09-23 12:56 2,515,968 a------- c:\windows\system32\accessibilitycpl.dll

2009-09-23 12:55 247,808 a------- c:\windows\system32\drvstore.dll

2009-09-23 12:52 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin

2009-09-23 12:52 11,967,524 a------- c:\windows\system32\korwbrkr.lex

2009-09-23 12:22 41,984 a------- c:\windows\system32\netfxperf.dll

2009-09-23 12:07 91,136 a------- c:\windows\system32\avifil32.dll

2009-09-23 12:07 2,501,921 a------- c:\windows\system32\wlan.tmf

2009-09-23 12:07 513,536 a------- c:\windows\system32\wlansvc.dll

2009-09-23 12:07 293,376 a------- c:\windows\system32\wlanmsm.dll

2009-09-23 12:07 127,488 a------- c:\windows\system32\L2SecHC.dll

2009-09-23 12:07 68,096 a------- c:\windows\system32\wlanhlp.dll

2009-09-23 12:07 302,592 a------- c:\windows\system32\wlansec.dll

2009-09-23 12:07 65,024 a------- c:\windows\system32\wlanapi.dll

2009-09-17 23:28 <DIR> --d-h--- C:\$AVG8.VAULT$

2009-09-17 21:51 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-09-17 21:51 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys

2009-09-17 21:51 108,552 a------- c:\windows\system32\drivers\avgtdix.sys

2009-09-17 21:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-09-17 21:51 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-09-17 21:50 <DIR> --d----- c:\programdata\AVG Security Toolbar

2009-09-17 21:50 <DIR> --d----- c:\progra~2\AVG Security Toolbar

2009-09-17 21:50 <DIR> --d----- c:\programdata\avg8

2009-09-17 21:50 <DIR> --d----- c:\program files\AVG

2009-09-17 21:50 <DIR> --d----- c:\progra~2\avg8

2009-09-17 20:20 <DIR> --d----- c:\program files\trend micro

2009-09-17 19:59 <DIR> --d----- c:\users\shawn\appdata\roaming\Malwarebytes

2009-09-17 19:57 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-17 19:57 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-09-17 19:57 <DIR> --d----- c:\programdata\Malwarebytes

2009-09-17 19:57 <DIR> --d----- c:\progra~2\Malwarebytes

2009-09-17 19:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-09-15 15:15 <DIR> --d----- c:\users\shawn\appdata\roaming\AVG8

 

==================== Find3M ====================

 

2009-09-25 19:00 143,360 a------- c:\windows\inf\infstrng.dat

2009-09-25 19:00 51,200 a------- c:\windows\inf\infpub.dat

2009-09-25 19:00 86,016 a------- c:\windows\inf\infstor.dat

2009-09-25 18:39 665,600 a------- c:\windows\inf\drvindex.dat

2009-09-15 14:16 38,711 a------- c:\users\shawn\appdata\roaming\nvModes.dat

2009-09-10 11:48 93,552 a------- c:\windows\help\oem\scripts\RegRestore.exe

2009-09-10 11:48 12,288 a------- c:\windows\help\oem\scripts\BackgroundCopyManager1_5.dll

2009-09-10 11:48 9,728 a------- c:\windows\help\oem\scripts\BackgroundCopyManager.DLL

2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll

2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll

2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll

2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll

2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll

2009-08-21 13:17 485,920 a------- c:\windows\system32\nvuninst.exe

2009-08-14 12:27 904,776 a------- c:\windows\system32\drivers\tcpip.sys

2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll

2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE

2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE

2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE

2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE

2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE

2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE

2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe

2009-08-14 09:48 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys

2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll

2009-08-11 20:51 17,160 a------- c:\windows\help\oem\scripts\HC_RegistrationRecovery.exe

2009-08-08 13:00 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-08-03 19:41 174 a--sh--- c:\program files\desktop.ini

2009-08-03 18:29 101,888 a------- c:\windows\system32\ifxcardm.dll

2009-08-03 18:29 82,432 a------- c:\windows\system32\axaltocm.dll

2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll

2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll

2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll

2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe

2009-07-17 09:54 71,680 a------- c:\windows\system32\atl.dll

2009-07-15 08:40 8,147,456 a------- c:\windows\system32\wmploc.DLL

2009-07-15 08:39 313,344 a------- c:\windows\system32\wmpdxm.dll

2009-07-15 08:39 4,096 a------- c:\windows\system32\dxmasf.dll

2009-07-15 08:39 7,680 a------- c:\windows\system32\spwmp.dll

2007-10-17 23:15 0 a------- c:\users\shawn\appdata\roaming\wklnhst.dat

2007-09-07 09:05 247,608 a------- c:\users\shawn\jre-1_5_0_07-windows-i586-p-iftw.exe

2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2009-06-12 13:26 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

2009-06-12 13:26 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat

2009-05-28 10:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat

2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat

2009-06-11 03:12 245,760 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\cookies\index.dat

2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat

2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

 

============= FINISH: 16:43:18.69 ===============

 

Once again...cannot attach files...so im pasting the rest of the info

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-07-30.01)

 

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/2/2007 2:40:04 AM

System Uptime: 9/29/2009 4:35:45 PM (0 hours ago)

 

Motherboard: Quanta | | 30BC

Processor: Intel® Core2 CPU T5300 @ 1.73GHz | U2E1 | 1733/533mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 141 GiB total, 85.432 GiB free.

D: is FIXED (NTFS) - 8 GiB total, 1.746 GiB free.

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

 

==== Installed Programs ======================

 

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9

Adobe Shockwave Player

AIM 6

AOL Instant Messenger

Apple Software Update

ArcSoft Magic-i 3

ArcSoft VideoImpression 2

ArcSoft WebCam Companion 2

AudibleManager

Auslogics Disk Defrag

AVG 8.5

AXIS Camera Server Control

BitPim 1.0.6

Conexant HD Audio

Creative MediaSource

Creative Removable Disk Manager

Creative System Information

Creative Zen Vision M

DivX Web Player

ESET Online Scanner v3

ESU for Microsoft Vista

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Active Support Library 32 bit components

HP Button Manager

HP Customer Experience Enhancements

HP Doc Viewer

HP Easy Setup - Frontend

HP Help and Support

HP Photosmart Essential 2.0

HP Photosmart Essential2.5

HP Quick Launch Buttons 6.20 B1

HP QuickPlay 3.6

HP Total Care Advisor

HP Update

HP User Guides 0082

HP Webcam User’s Guide

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

Java 6 Update 16

LightScribe 1.4.136.1

LimeWire 5.1.3

Malwarebytes' Anti-Malware

Microsoft .NET Framework 3.5 SP1

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Move Media Player

Mozilla Firefox (3.5.3)

MSCU for Microsoft Vista

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

muvee autoProducer 6.0

My HP Games

NVIDIA Drivers

OpenCASE Media Agent

OpenOffice.org 2.2

PSSWCORE

QuickPlay SlingPlayer 0.4.6

QuickTime

Rescue Me screensaver

Rhapsody Player Engine

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Roxio MyDVD Basic v9

SAMSUNG CDMA Modem Driver Set

Synaptics Pointing Device Driver

System Requirements Lab

TBS WMP Plug-in

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VC80CRTRedist - 8.0.50727.762

Winamp (remove only)

Windows Media Player Firefox Plugin

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

jboy_322,

Congratulations, your logs appear clean. Now for a little housekeeping and my recommendations to help you stay clean.

- - - - - Next - - - - -

Please locate the file in red and delete it. Please be sure to only delete the file that is designated.
(Not the folder they are contained in)

  • C:\Users\shawn\Desktop\music\*in my pants CD quality.mp3
    The * in the file name is in place of a word or phrase that the scan filtered out, look for a file that ends with the above phrase.
- - - - - Next - - - - -

I don't see any evidence of a Firewall on your computer.
This must be taken care of first.

Firewall:- - - - - Next - - - - -

Clean up with OTM
  • Right-click OTM.exe and select Run As Administrator... to run it.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
- - - - - Next - - - - -

You can now delete any other tools I had you download and use, unless you wish to keep them.
(they should be located on your desktop, if they are no longer there just continue)
  • RootRepeal
  • Sysprot
  • DDS
  • OTM
- - - - - Next - - - - -

Here comes the "All Clean Speech":

You need to set a new clean System Restore Point

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points
We need to set a new system restore point:

Click Start > Run > copy and paste the following into the run box:


%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create,
when the confirmation screen shows the restore point has been created click Close.

- - - - - Next - - - - -

Now remove all previous Restore Points:

Click Start > Run > copy and paste the following into the run box:


cleanmgr

At the top, click on More Options tab. Click the Clean up button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

- - - - - Next - - - - -

Here are some tips to reduce the potential for spyware infection in the future:

You have two (2) options to get Windows Vista Updates:

To update Windows Vista
Here is the link if you would like to download just the SP2 - http://www.microsoft.com/downloads/details...;DisplayLang=en

OR

Automatic Updates: (Recommended Option)

The easiest way to ensure you don't miss any of the critical Windows Updates is to set your computer up to receive Automatic Updates.
To set your computer up for Automatic Updates please do the following:
  • Click Start button > All Programs > Windows Update > Change Settings.
  • Make sure that Automatic Updating is checked.
  • Click OK
  • Close the Control Panel.
- - - - - Next - - - - -

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

For Firefox, I highly recommend this add-on to keep your PC even more secure.
NoScript - for blocking ads and other potential website attacks

You are using AVG8 as your anti virus software. It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Firewall - I cannot stress how important it is that you keep the Firewall on your computer active at all times. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

Update all security programs regularly - Make sure you update all the programs regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

Remember to have only one (1) Firewall and one (1) Anti-Virus program running at any one time.

I would also suggest you read "So how did I get infected in the first place"?: by Tony Klein

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Share this post


Link to post
Share on other sites

Thank you so much for your help!! The computer is working great and I have put your suggestion into action to prevent infections in the future on this computer.

Share this post


Link to post
Share on other sites

jboy_322,

 

I'm happy everything is working well for you. It has been a pleasure to help.

 

Have a great day! :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...