Jump to content

jboy_322

Members
  • Content Count

    11
  • Joined

  • Last visited

About jboy_322

  • Rank
    Member
  1. Thank you so much for your help!! The computer is working great and I have put your suggestion into action to prevent infections in the future on this computer.
  2. All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== File/Folder C:\Users\shawn\AppData\Local\Temp\tmp4108.tmp not found. C:\Users\shawn\Desktop\music\3oh3 - Punk:filtered:.mp3 moved successfully. C:\Users\shawn\Desktop\music\all luck.mp3 moved successfully. C:\Users\shawn\Desktop\music\Barenaked Ladies- testing 1 2 3.wma moved successfully. C:\Users\shawn\Desktop\music\boston celtics.mp3 moved successfully. C:\Users\shawn\Desktop\music\camera phone MTV.mp3 moved successfully. C:\Users\shawn\Desktop\music\Carrie Underwood- i dont even know his last name.mp3 moved successfully. File/Folder C:\Users\shawn\Desktop\music\in my pants CD quality*.mp3 not found. C:\Users\shawn\Desktop\music\Joey & Rory - Cheater Cheater(1).mp3 moved successfully. C:\Users\shawn\Desktop\music\kiss you through the phone(Club RMX).mp3 moved successfully. C:\Users\shawn\Desktop\music\Kristinia DeBarge-Goodbye.wma moved successfully. C:\Users\shawn\Desktop\music\Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3 moved successfully. C:\Users\shawn\Desktop\music\Lil Wayne - Tha Carter III - 08 - Tie My Hands.mp3 moved successfully. C:\Users\shawn\Desktop\music\love story remix taylor swift (hot remix).mp3 moved successfully. C:\Users\shawn\Desktop\music\low remix travis barker.mp3 moved successfully. C:\Users\shawn\Desktop\music\Mastermix 10 Years Of Pop.wma moved successfully. C:\Users\shawn\Desktop\music\Natasha Beddingfield - Take Me Away.mp3 moved successfully. C:\Users\shawn\Desktop\music\Saving Abel - She Got Over Me.mp3 moved successfully. C:\Users\shawn\Desktop\music\steamtrain to mallaig.mp3 moved successfully. C:\Users\shawn\Desktop\music\swagga like obama.mp3 moved successfully. C:\Users\shawn\Desktop\music\webzz-back it up(Club RMX).mp3 moved successfully. C:\Users\shawn\Shared\americas best dance crew mixes.mp3 moved successfully. File/Folder C:\Windows\Temp\161533419.tmp not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFWK75SB\desktop.ini scheduled to be deleted on reboot. File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUY9UVU2\desktop.ini scheduled to be deleted on reboot. File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2TS9O29S\desktop.ini scheduled to be deleted on reboot. File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2L92POQ9\desktop.ini scheduled to be deleted on reboot. File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot. File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFWK75SB\desktop.ini scheduled to be deleted on reboot. File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUY9UVU2\desktop.ini scheduled to be deleted on reboot. File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2TS9O29S\desktop.ini scheduled to be deleted on reboot. File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2L92POQ9\desktop.ini scheduled to be deleted on reboot. File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot. File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: Guest User: Public User: shawn ->Temp folder emptied: 92592 bytes ->Temporary Internet Files folder emptied: 1085133549 bytes ->Java cache emptied: 37770832 bytes ->FireFox cache emptied: 37689772 bytes %systemdrive% .tmp files removed: 0 bytes Folder delete failed. C:\Windows\msdownld.tmp scheduled to be deleted on reboot. %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 55416 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1107.03 mb OTM by OldTimer - Version 3.0.0.6 log created on 09292009_162727 DDS (Ver_09-07-30.01) - NTFSx86 Run by shawn at 16:41:16.67 on Tue 09/29/2009 Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1331 [GMT -4:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\dlcccoms.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchProtocolHost.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\SearchFilterHost.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\shawn\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uRun: [ssMonitorTool] uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll AppInit_DLLs: avgrsstx.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\shawn\appdata\roaming\mozilla\firefox\profiles\9jc1nbe4.default\ FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\users\shawn\appdata\roaming\move networks\plugins\npqmp071502000008.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-17 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-17 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-17 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-17 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-17 297752] R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480] =============== Created Last 30 ================ 2009-09-29 16:27 <DIR> --d----- C:\_OTM 2009-09-29 16:24 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-27 20:32 <DIR> --d----- c:\users\shawn\appdata\roaming\Auslogics 2009-09-27 20:32 <DIR> --d----- c:\program files\Auslogics 2009-09-27 11:18 <DIR> --d----- c:\program files\ESET 2009-09-25 18:39 <DIR> --d----- c:\windows\system32\eu-ES 2009-09-25 18:39 <DIR> --d----- c:\windows\system32\ca-ES 2009-09-25 18:39 <DIR> --d----- c:\windows\system32\vi-VN 2009-09-25 18:37 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-09-25 18:24 <DIR> --d----- c:\windows\system32\EventProviders 2009-09-25 18:03 <DIR> --d----- C:\NVIDIA 2009-09-25 17:04 <DIR> --d----- c:\program files\SystemRequirementsLab 2009-09-23 13:10 2,048 a------- c:\windows\system32\tzres.dll 2009-09-23 12:59 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll 2009-09-23 12:59 3,408,896 a------- c:\windows\system32\SLsvc.exe 2009-09-23 12:59 1,081,344 a------- c:\windows\system32\SLCExt.dll 2009-09-23 12:59 2,134,528 a------- c:\windows\system32\FunctionDiscoveryFolder.dll 2009-09-23 12:59 65,536 a------- c:\windows\system32\DevicePairingWizard.exe 2009-09-23 12:59 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll 2009-09-23 12:59 1,480,704 a------- c:\windows\system32\mssrch.dll 2009-09-23 12:57 3,662,128 a------- c:\windows\system32\locale.nls 2009-09-23 12:56 2,515,968 a------- c:\windows\system32\accessibilitycpl.dll 2009-09-23 12:55 247,808 a------- c:\windows\system32\drvstore.dll 2009-09-23 12:52 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2009-09-23 12:52 11,967,524 a------- c:\windows\system32\korwbrkr.lex 2009-09-23 12:22 41,984 a------- c:\windows\system32\netfxperf.dll 2009-09-23 12:07 91,136 a------- c:\windows\system32\avifil32.dll 2009-09-23 12:07 2,501,921 a------- c:\windows\system32\wlan.tmf 2009-09-23 12:07 513,536 a------- c:\windows\system32\wlansvc.dll 2009-09-23 12:07 293,376 a------- c:\windows\system32\wlanmsm.dll 2009-09-23 12:07 127,488 a------- c:\windows\system32\L2SecHC.dll 2009-09-23 12:07 68,096 a------- c:\windows\system32\wlanhlp.dll 2009-09-23 12:07 302,592 a------- c:\windows\system32\wlansec.dll 2009-09-23 12:07 65,024 a------- c:\windows\system32\wlanapi.dll 2009-09-17 23:28 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-09-17 21:51 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-09-17 21:51 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys 2009-09-17 21:51 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-09-17 21:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-09-17 21:51 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-09-17 21:50 <DIR> --d----- c:\programdata\AVG Security Toolbar 2009-09-17 21:50 <DIR> --d----- c:\progra~2\AVG Security Toolbar 2009-09-17 21:50 <DIR> --d----- c:\programdata\avg8 2009-09-17 21:50 <DIR> --d----- c:\program files\AVG 2009-09-17 21:50 <DIR> --d----- c:\progra~2\avg8 2009-09-17 20:20 <DIR> --d----- c:\program files\trend micro 2009-09-17 19:59 <DIR> --d----- c:\users\shawn\appdata\roaming\Malwarebytes 2009-09-17 19:57 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-17 19:57 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-17 19:57 <DIR> --d----- c:\programdata\Malwarebytes 2009-09-17 19:57 <DIR> --d----- c:\progra~2\Malwarebytes 2009-09-17 19:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-15 15:15 <DIR> --d----- c:\users\shawn\appdata\roaming\AVG8 ==================== Find3M ==================== 2009-09-25 19:00 143,360 a------- c:\windows\inf\infstrng.dat 2009-09-25 19:00 51,200 a------- c:\windows\inf\infpub.dat 2009-09-25 19:00 86,016 a------- c:\windows\inf\infstor.dat 2009-09-25 18:39 665,600 a------- c:\windows\inf\drvindex.dat 2009-09-15 14:16 38,711 a------- c:\users\shawn\appdata\roaming\nvModes.dat 2009-09-10 11:48 93,552 a------- c:\windows\help\oem\scripts\RegRestore.exe 2009-09-10 11:48 12,288 a------- c:\windows\help\oem\scripts\BackgroundCopyManager1_5.dll 2009-09-10 11:48 9,728 a------- c:\windows\help\oem\scripts\BackgroundCopyManager.DLL 2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-08-21 13:17 485,920 a------- c:\windows\system32\nvuninst.exe 2009-08-14 12:27 904,776 a------- c:\windows\system32\drivers\tcpip.sys 2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll 2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE 2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe 2009-08-14 09:48 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll 2009-08-11 20:51 17,160 a------- c:\windows\help\oem\scripts\HC_RegistrationRecovery.exe 2009-08-08 13:00 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-08-03 19:41 174 a--sh--- c:\program files\desktop.ini 2009-08-03 18:29 101,888 a------- c:\windows\system32\ifxcardm.dll 2009-08-03 18:29 82,432 a------- c:\windows\system32\axaltocm.dll 2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll 2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll 2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll 2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-07-17 09:54 71,680 a------- c:\windows\system32\atl.dll 2009-07-15 08:40 8,147,456 a------- c:\windows\system32\wmploc.DLL 2009-07-15 08:39 313,344 a------- c:\windows\system32\wmpdxm.dll 2009-07-15 08:39 4,096 a------- c:\windows\system32\dxmasf.dll 2009-07-15 08:39 7,680 a------- c:\windows\system32\spwmp.dll 2007-10-17 23:15 0 a------- c:\users\shawn\appdata\roaming\wklnhst.dat 2007-09-07 09:05 247,608 a------- c:\users\shawn\jre-1_5_0_07-windows-i586-p-iftw.exe 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-06-12 13:26 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2009-06-12 13:26 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat 2009-05-28 10:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat 2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat 2009-06-11 03:12 245,760 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\cookies\index.dat 2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat 2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 16:43:18.69 =============== Once again...cannot attach files...so im pasting the rest of the info UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/2/2007 2:40:04 AM System Uptime: 9/29/2009 4:35:45 PM (0 hours ago) Motherboard: Quanta | | 30BC Processor: Intel® Core2 CPU T5300 @ 1.73GHz | U2E1 | 1733/533mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 141 GiB total, 85.432 GiB free. D: is FIXED (NTFS) - 8 GiB total, 1.746 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== ==== Installed Programs ====================== Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9 Adobe Shockwave Player AIM 6 AOL Instant Messenger Apple Software Update ArcSoft Magic-i 3 ArcSoft VideoImpression 2 ArcSoft WebCam Companion 2 AudibleManager Auslogics Disk Defrag AVG 8.5 AXIS Camera Server Control BitPim 1.0.6 Conexant HD Audio Creative MediaSource Creative Removable Disk Manager Creative System Information Creative Zen Vision M DivX Web Player ESET Online Scanner v3 ESU for Microsoft Vista HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Active Support Library 32 bit components HP Button Manager HP Customer Experience Enhancements HP Doc Viewer HP Easy Setup - Frontend HP Help and Support HP Photosmart Essential 2.0 HP Photosmart Essential2.5 HP Quick Launch Buttons 6.20 B1 HP QuickPlay 3.6 HP Total Care Advisor HP Update HP User Guides 0082 HP Webcam User’s Guide HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant Java 6 Update 16 LightScribe 1.4.136.1 LimeWire 5.1.3 Malwarebytes' Anti-Malware Microsoft .NET Framework 3.5 SP1 Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Works Move Media Player Mozilla Firefox (3.5.3) MSCU for Microsoft Vista MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) muvee autoProducer 6.0 My HP Games NVIDIA Drivers OpenCASE Media Agent OpenOffice.org 2.2 PSSWCORE QuickPlay SlingPlayer 0.4.6 QuickTime Rescue Me screensaver Rhapsody Player Engine Roxio Activation Module Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 SAMSUNG CDMA Modem Driver Set Synaptics Pointing Device Driver System Requirements Lab TBS WMP Plug-in Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VC80CRTRedist - 8.0.50727.762 Winamp (remove only) Windows Media Player Firefox Plugin Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar ==== End Of File ===========================
  3. No lingering issues as far as I can tell...alot of the issues with the ESET scan come from downloaded music. I have had my own issues with viruses from downloading and have tried to tell my brother about the dangers but he doesnt listen...maybe he'll listen to me now ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=cc8a6229d5cde84aaa0823a7c5bf5d69 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-09-27 05:28:00 # local_time=2009-09-27 01:28:00 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1027 61 83 60 1792211208292 # compatibility_mode=5889 61 66 100 533441617491508 # scanned=201675 # found=23 # cleaned=0 # scan_time=7635 C:\Users\shawn\AppData\Local\Temp\tmp4108.tmp Win32/Olmarik.LT virus 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\3oh3 - Punk:filtered:.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\all luck.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\Barenaked Ladies- testing 1 2 3.wma WMA/TrojanDownloader.Wimad.NAA trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\boston celtics.mp3 WMA/TrojanDownloader.GetCodec.C trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\camera phone MTV.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\Carrie Underwood- i dont even know his last name.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\ in my pants CD quality.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\Joey & Rory - Cheater Cheater(1).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\kiss you through the phone(Club RMX).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\Kristinia DeBarge-Goodbye.wma WMA/TrojanDownloader.Wimad.NAA trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\Lil Wayne - Tha Carter III - 08 - Tie My Hands.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\love story remix taylor swift (hot remix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\low remix travis barker.mp3 WMA/TrojanDownloader.GetCodec.C trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\Mastermix 10 Years Of Pop.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\Natasha Beddingfield - Take Me Away.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\Saving Abel - She Got Over Me.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\steamtrain to mallaig.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\swagga like obama.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Desktop\music\webzz-back it up(Club RMX).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Users\shawn\Shared\americas best dance crew mixes.mp3 WMA/TrojanDownloader.GetCodec.C trojan 00000000000000000000000000000000 I C:\Windows\Temp\161533419.tmp a variant of Win32/Kryptik.UI trojan 00000000000000000000000000000000 I
  4. Computer is working as great as ever as far as I can tell. Malwarebytes log: Malwarebytes' Anti-Malware 1.41 Database version: 2863 Windows 6.0.6002 Service Pack 2 9/26/2009 9:17:26 PM mbam-log-2009-09-26 (21-17-26).txt Scan type: Full Scan (C:\|) Objects scanned: 317059 Time elapsed: 2 hour(s), 25 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Sysprot log: SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** Process: Name: [system Idle Process] PID: 0 Hidden: No Window Visible: No Name: System PID: 4 Hidden: No Window Visible: No Name: C:\Windows\System32\smss.exe PID: 492 Hidden: No Window Visible: No Name: C:\Windows\System32\csrss.exe PID: 560 Hidden: No Window Visible: No Name: C:\Windows\System32\wininit.exe PID: 612 Hidden: No Window Visible: No Name: C:\Windows\System32\csrss.exe PID: 624 Hidden: No Window Visible: No Name: C:\Windows\System32\services.exe PID: 664 Hidden: No Window Visible: No Name: C:\Windows\System32\lsass.exe PID: 680 Hidden: No Window Visible: No Name: C:\Windows\System32\lsm.exe PID: 688 Hidden: No Window Visible: No Name: C:\Windows\System32\winlogon.exe PID: 740 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 952 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1012 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1052 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1144 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1184 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1200 Hidden: No Window Visible: No Name: C:\Windows\System32\audiodg.exe PID: 1288 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1352 Hidden: No Window Visible: No Name: C:\Windows\System32\SLsvc.exe PID: 1368 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1448 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1612 Hidden: No Window Visible: No Name: C:\Windows\System32\spoolsv.exe PID: 1844 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 1868 Hidden: No Window Visible: No Name: C:\Windows\System32\dwm.exe PID: 1196 Hidden: No Window Visible: No Name: C:\Windows\System32\taskeng.exe PID: 1172 Hidden: No Window Visible: No Name: C:\Windows\explorer.exe PID: 1728 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PID: 1964 Hidden: No Window Visible: No Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe PID: 1484 Hidden: No Window Visible: No Name: C:\Windows\System32\dlcccoms.exe PID: 832 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe PID: 868 Hidden: No Window Visible: No Name: C:\PROGRA~1\AVG\AVG8\avgam.exe PID: 2164 Hidden: No Window Visible: No Name: C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe PID: 2184 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG8\avgrsx.exe PID: 2204 Hidden: No Window Visible: No Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe PID: 2216 Hidden: No Window Visible: No Name: C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe PID: 2352 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG8\avgtray.exe PID: 2580 Hidden: No Window Visible: No Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PID: 2648 Hidden: No Window Visible: No Name: C:\Program Files\Hp\QuickPlay\QPService.exe PID: 2656 Hidden: No Window Visible: No Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PID: 2664 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 2748 Hidden: No Window Visible: No Name: C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe PID: 2784 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 2968 Hidden: No Window Visible: No Name: C:\Windows\System32\svchost.exe PID: 3044 Hidden: No Window Visible: No Name: C:\Windows\System32\SearchIndexer.exe PID: 3076 Hidden: No Window Visible: No Name: C:\Windows\System32\drivers\XAudio.exe PID: 3144 Hidden: No Window Visible: No Name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PID: 3192 Hidden: No Window Visible: No Name: C:\PROGRA~1\AVG\AVG8\avgemc.exe PID: 3252 Hidden: No Window Visible: No Name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe PID: 3264 Hidden: No Window Visible: No Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe PID: 3388 Hidden: No Window Visible: No Name: C:\Windows\System32\wbem\WmiPrvSE.exe PID: 3492 Hidden: No Window Visible: No Name: C:\Program Files\Hp\QuickPlay\Kernel\TV\QPSched.exe PID: 3536 Hidden: No Window Visible: No Name: C:\Windows\System32\wbem\WmiPrvSE.exe PID: 3792 Hidden: No Window Visible: No Name: C:\Program Files\Windows Defender\MSASCui.exe PID: 3840 Hidden: No Window Visible: No Name: C:\Windows\System32\wbem\unsecapp.exe PID: 4032 Hidden: No Window Visible: No Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe PID: 1512 Hidden: No Window Visible: No Name: C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe PID: 772 Hidden: No Window Visible: No Name: C:\Windows\System32\taskeng.exe PID: 3056 Hidden: No Window Visible: No Name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PID: 2700 Hidden: No Window Visible: No Name: C:\Program Files\Internet Explorer\iexplore.exe PID: 3860 Hidden: No Window Visible: No Name: C:\Program Files\Internet Explorer\iexplore.exe PID: 3976 Hidden: No Window Visible: No Name: C:\Program Files\Internet Explorer\iexplore.exe PID: 4696 Hidden: No Window Visible: No Name: C:\Program Files\Internet Explorer\iexplore.exe PID: 4736 Hidden: No Window Visible: No Name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe PID: 5296 Hidden: No Window Visible: No Name: C:\Windows\servicing\TrustedInstaller.exe PID: 4260 Hidden: No Window Visible: No Name: C:\Windows\System32\wbem\WMIADAP.exe PID: 5164 Hidden: No Window Visible: No Name: C:\Windows\System32\SearchProtocolHost.exe PID: 5856 Hidden: No Window Visible: No Name: C:\Program Files\Internet Explorer\ielowutil.exe PID: 2572 Hidden: No Window Visible: No Name: C:\Windows\System32\SearchFilterHost.exe PID: 1312 Hidden: No Window Visible: No Name: C:\Users\shawn\Desktop\SysProt\SysProt\SysProt.exe PID: 2880 Hidden: No Window Visible: Yes ****************************************************************************************** ****************************************************************************************** Kernel Modules: Module Name: \??\C:\Users\shawn\Desktop\SysProt\SysProt\SysProtDrv.sys Service Name: SysProtDrv.sys Module Base: 9BB89000 Module End: 9BB94000 Hidden: No Module Name: C:\Windows\system32\ntkrnlpa.exe Service Name: --- Module Base: 81E03000 Module End: 821BC000 Hidden: No Module Name: C:\Windows\system32\hal.dll Service Name: --- Module Base: 821BC000 Module End: 821EF000 Hidden: No Module Name: C:\Windows\system32\kdcom.dll Service Name: --- Module Base: 8040A000 Module End: 80411000 Hidden: No Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll Service Name: --- Module Base: 80411000 Module End: 80481000 Hidden: No Module Name: C:\Windows\system32\PSHED.dll Service Name: --- Module Base: 80481000 Module End: 80492000 Hidden: No Module Name: C:\Windows\system32\BOOTVID.dll Service Name: --- Module Base: 80492000 Module End: 8049A000 Hidden: No Module Name: C:\Windows\system32\CLFS.SYS Service Name: CLFS Module Base: 8049A000 Module End: 804DB000 Hidden: No Module Name: C:\Windows\system32\CI.dll Service Name: --- Module Base: 804DB000 Module End: 805BB000 Hidden: No Module Name: C:\Windows\system32\drivers\Wdf01000.sys Service Name: Wdf01000 Module Base: 80603000 Module End: 8067F000 Hidden: No Module Name: C:\Windows\system32\drivers\WDFLDR.SYS Service Name: --- Module Base: 8067F000 Module End: 8068C000 Hidden: No Module Name: C:\Windows\system32\drivers\acpi.sys Service Name: ACPI Module Base: 8068C000 Module End: 806D2000 Hidden: No Module Name: C:\Windows\system32\drivers\WMILIB.SYS Service Name: --- Module Base: 806D2000 Module End: 806DB000 Hidden: No Module Name: C:\Windows\system32\drivers\msisadrv.sys Service Name: msisadrv Module Base: 806DB000 Module End: 806E3000 Hidden: No Module Name: C:\Windows\system32\drivers\pci.sys Service Name: pci Module Base: 806E3000 Module End: 8070A000 Hidden: No Module Name: C:\Windows\System32\drivers\partmgr.sys Service Name: partmgr Module Base: 8070A000 Module End: 80719000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\compbatt.sys Service Name: Compbatt Module Base: 80719000 Module End: 8071C000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS Service Name: BattC Module Base: 8071C000 Module End: 80726000 Hidden: No Module Name: C:\Windows\system32\drivers\volmgr.sys Service Name: volmgr Module Base: 80726000 Module End: 80735000 Hidden: No Module Name: C:\Windows\System32\drivers\volmgrx.sys Service Name: volmgrx Module Base: 80735000 Module End: 8077F000 Hidden: No Module Name: C:\Windows\system32\drivers\intelide.sys Service Name: intelide Module Base: 8077F000 Module End: 80786000 Hidden: No Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS Service Name: --- Module Base: 80786000 Module End: 80794000 Hidden: No Module Name: C:\Windows\System32\drivers\mountmgr.sys Service Name: MountMgr Module Base: 80794000 Module End: 807A4000 Hidden: No Module Name: C:\Windows\system32\drivers\atapi.sys Service Name: atapi Module Base: 807A4000 Module End: 807AC000 Hidden: No Module Name: C:\Windows\system32\drivers\ataport.SYS Service Name: --- Module Base: 807AC000 Module End: 807CA000 Hidden: No Module Name: C:\Windows\system32\drivers\msahci.sys Service Name: msahci Module Base: 807CA000 Module End: 807D4000 Hidden: No Module Name: C:\Windows\system32\drivers\fltmgr.sys Service Name: FltMgr Module Base: 805BB000 Module End: 805ED000 Hidden: No Module Name: C:\Windows\system32\drivers\fileinfo.sys Service Name: FileInfo Module Base: 807D4000 Module End: 807E4000 Hidden: No Module Name: C:\Windows\System32\Drivers\PxHelp20.sys Service Name: PxHelp20 Module Base: 807E4000 Module End: 807ED000 Hidden: No Module Name: C:\Windows\System32\Drivers\ksecdd.sys Service Name: KSecDD Module Base: 82C0E000 Module End: 82C7F000 Hidden: No Module Name: C:\Windows\system32\drivers\ndis.sys Service Name: NDIS Module Base: 82C7F000 Module End: 82D8A000 Hidden: No Module Name: C:\Windows\system32\drivers\NETIO.SYS Service Name: --- Module Base: 82DB5000 Module End: 82DF0000 Hidden: No Module Name: C:\Windows\System32\drivers\tcpip.sys Service Name: Tcpip Module Base: 82E0D000 Module End: 82EF7000 Hidden: No Module Name: C:\Windows\System32\drivers\fwpkclnt.sys Service Name: --- Module Base: 82EF7000 Module End: 82F12000 Hidden: No Module Name: C:\Windows\System32\Drivers\Ntfs.sys Service Name: Ntfs Module Base: 87E03000 Module End: 87F13000 Hidden: No Module Name: C:\Windows\system32\drivers\volsnap.sys Service Name: volsnap Module Base: 87F13000 Module End: 87F4C000 Hidden: No Module Name: C:\Windows\System32\Drivers\spldr.sys Service Name: spldr Module Base: 87F4C000 Module End: 87F54000 Hidden: No Module Name: C:\Windows\System32\drivers\sfhlp01.sys Service Name: sfhlp01 Module Base: 87F54000 Module End: 87F56000 Hidden: No Module Name: C:\Windows\System32\drivers\prosync1.sys Service Name: prosync1 Module Base: 87F56000 Module End: 87F58000 Hidden: No Module Name: C:\Windows\System32\drivers\SCSIPORT.SYS Service Name: --- Module Base: 87F58000 Module End: 87F7E000 Hidden: No Module Name: C:\Windows\System32\Drivers\mup.sys Service Name: Mup Module Base: 87F96000 Module End: 87FA5000 Hidden: No Module Name: C:\Windows\System32\drivers\ecache.sys Service Name: Ecache Module Base: 87FA5000 Module End: 87FCC000 Hidden: No Module Name: C:\Windows\system32\drivers\disk.sys Service Name: disk Module Base: 87FCC000 Module End: 87FDD000 Hidden: No Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS Service Name: --- Module Base: 87FDD000 Module End: 87FFE000 Hidden: No Module Name: C:\Windows\system32\drivers\crcdisk.sys Service Name: crcdisk Module Base: 82F12000 Module End: 82F1B000 Hidden: No Module Name: C:\Windows\System32\Drivers\avgrkx86.sys Service Name: AvgRkx86 Module Base: 87FFE000 Module End: 88000000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\tunnel.sys Service Name: tunnel Module Base: 82F3D000 Module End: 82F48000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\tunmp.sys Service Name: tunmp Module Base: 82F48000 Module End: 82F51000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\intelppm.sys Service Name: intelppm Module Base: 82F51000 Module End: 82F60000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys Service Name: CmBatt Module Base: 82F60000 Module End: 82F64000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys Service Name: WmiAcpi Module Base: 82F64000 Module End: 82F6D000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys Service Name: nvlddmkm Module Base: 8BC08000 Module End: 8C04B000 Hidden: No Module Name: C:\Windows\System32\drivers\dxgkrnl.sys Service Name: DXGKrnl Module Base: 8C04B000 Module End: 8C0EA000 Hidden: No Module Name: C:\Windows\System32\drivers\watchdog.sys Service Name: --- Module Base: 8C0EA000 Module End: 8C0F6000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys Service Name: HDAudBus Module Base: 8C0F6000 Module End: 8C183000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\NETw5v32.sys Service Name: NETw5v32 Module Base: 8C203000 Module End: 8C58C000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\e1e6032.sys Service Name: e1express Module Base: 8C58C000 Module End: 8C5C4000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys Service Name: usbuhci Module Base: 8C5C4000 Module End: 8C5CF000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS Service Name: --- Module Base: 8C183000 Module End: 8C1C1000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbehci.sys Service Name: usbehci Module Base: 8C5CF000 Module End: 8C5DE000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys Service Name: ohci1394 Module Base: 8C5DE000 Module End: 8C5EE000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS Service Name: --- Module Base: 8C5EE000 Module End: 8C5FC000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\sdbus.sys Service Name: sdbus Module Base: 8C1C1000 Module End: 8C1DB000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rimmptsk.sys Service Name: rimmptsk Module Base: 8C1DB000 Module End: 8C1E9000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rimsptsk.sys Service Name: rimsptsk Module Base: 8C1E9000 Module End: 8C1FD000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rixdptsk.sys Service Name: rismxdp Module Base: 82F6D000 Module End: 82FBE000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\cpqbttn.sys Service Name: HBtnKey Module Base: 8C5FC000 Module End: 8C5FF000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS Service Name: --- Module Base: 82FBE000 Module End: 82FCE000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS Service Name: --- Module Base: 8BC00000 Module End: 8BC07000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys Service Name: i8042prt Module Base: 82FCE000 Module End: 82FE1000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys Service Name: kbdclass Module Base: 82FE1000 Module End: 82FEC000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\SynTP.sys Service Name: SynTP Module Base: 8C60A000 Module End: 8C63A000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\USBD.SYS Service Name: --- Module Base: 8C63A000 Module End: 8C63C000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mouclass.sys Service Name: mouclass Module Base: 8C63C000 Module End: 8C647000 Hidden: No Module Name: C:\Windows\system32\drivers\Afc.sys Service Name: Afc Module Base: 8C647000 Module End: 8C64F000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\cdrom.sys Service Name: cdrom Module Base: 8C64F000 Module End: 8C667000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ArcSoftVirtualCapture.sys Service Name: ARCSOFTVIRTUALCAPTURE Module Base: 8C667000 Module End: 8C66C000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\STREAM.SYS Service Name: --- Module Base: 8C66C000 Module End: 8C679000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ks.sys Service Name: --- Module Base: 8C679000 Module End: 8C6A3000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys Service Name: iScsiPrt Module Base: 8C6A3000 Module End: 8C6D2000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\storport.sys Service Name: --- Module Base: 8C6D2000 Module End: 8C713000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\TDI.SYS Service Name: --- Module Base: 8C713000 Module End: 8C71E000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\umpass.sys Service Name: UMPass Module Base: 8C71E000 Module End: 8C726000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys Service Name: Rasl2tp Module Base: 8C726000 Module End: 8C73D000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys Service Name: NdisTapi Module Base: 8C73D000 Module End: 8C748000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys Service Name: NdisWan Module Base: 8C748000 Module End: 8C76B000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys Service Name: RasPppoe Module Base: 8C76B000 Module End: 8C77A000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\raspptp.sys Service Name: PptpMiniport Module Base: 8C77A000 Module End: 8C78E000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rassstp.sys Service Name: RasSstp Module Base: 8C78E000 Module End: 8C7A3000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\termdd.sys Service Name: TermDD Module Base: 8C7A3000 Module End: 8C7B3000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\swenum.sys Service Name: swenum Module Base: 8C7B3000 Module End: 8C7B5000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys Service Name: mssmbios Module Base: 8C7B5000 Module End: 8C7BF000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\umbus.sys Service Name: umbus Module Base: 8C7BF000 Module End: 8C7CC000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\usbhub.sys Service Name: usbhub Module Base: 8CA05000 Module End: 8CA3A000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys Service Name: kbdhid Module Base: 8CA3A000 Module End: 8CA43000 Hidden: No Module Name: C:\Windows\System32\Drivers\NDProxy.SYS Service Name: NDProxy Module Base: 8CA43000 Module End: 8CA54000 Hidden: No Module Name: C:\Windows\system32\drivers\CHDRT32.sys Service Name: CnxtHdAudService Module Base: 8CA54000 Module End: 8CA85000 Hidden: No Module Name: C:\Windows\system32\drivers\portcls.sys Service Name: --- Module Base: 8CA85000 Module End: 8CAB2000 Hidden: No Module Name: C:\Windows\system32\drivers\drmk.sys Service Name: --- Module Base: 8CAB2000 Module End: 8CAD7000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys Service Name: HSXHWAZL Module Base: 8CAD7000 Module End: 8CB15000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys Service Name: HSF_DPV Module Base: 8CC0D000 Module End: 8CD10000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys Service Name: winachsf Module Base: 8CD10000 Module End: 8CDC5000 Hidden: No Module Name: C:\Windows\system32\drivers\modem.sys Service Name: Modem Module Base: 8CDC5000 Module End: 8CDD2000 Hidden: No Module Name: C:\Windows\System32\Drivers\Beep.SYS Service Name: Beep Module Base: 8CDE2000 Module End: 8CDE9000 Hidden: No Module Name: C:\Windows\System32\drivers\vga.sys Service Name: vga Module Base: 8CDE9000 Module End: 8CDF5000 Hidden: No Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS Service Name: --- Module Base: 8CB15000 Module End: 8CB36000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys Service Name: RDPCDD Module Base: 8CDF5000 Module End: 8CDFD000 Hidden: No Module Name: C:\Windows\system32\drivers\rdpencdd.sys Service Name: RDPENCDD Module Base: 8CC00000 Module End: 8CC08000 Hidden: No Module Name: C:\Windows\System32\Drivers\Npfs.SYS Service Name: Npfs Module Base: 8CB41000 Module End: 8CB4F000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\rasacd.sys Service Name: RasAcd Module Base: 8CB4F000 Module End: 8CB58000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\tdx.sys Service Name: tdx Module Base: 8CB58000 Module End: 8CB6E000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\smb.sys Service Name: Smb Module Base: 8CB6E000 Module End: 8CB82000 Hidden: No Module Name: C:\Windows\System32\Drivers\avgtdix.sys Service Name: AvgTdiX Module Base: 8CB82000 Module End: 8CB9B000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\netbt.sys Service Name: netbt Module Base: 8CB9B000 Module End: 8CBCD000 Hidden: No Module Name: C:\Windows\system32\drivers\afd.sys Service Name: AFD Module Base: 8D20E000 Module End: 8D256000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\pacer.sys Service Name: PSched Module Base: 8D256000 Module End: 8D26C000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\netbios.sys Service Name: NetBIOS Module Base: 8D26C000 Module End: 8D27A000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\eabfiltr.sys Service Name: eabfiltr Module Base: 8D27A000 Module End: 8D27C000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\wanarp.sys Service Name: Wanarp Module Base: 8D27C000 Module End: 8D28F000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rdbss.sys Service Name: rdbss Module Base: 8D28F000 Module End: 8D2CB000 Hidden: No Module Name: C:\Windows\system32\drivers\nsiproxy.sys Service Name: nsiproxy Module Base: 8D2D8000 Module End: 8D2E2000 Hidden: No Module Name: C:\Windows\System32\Drivers\dfsc.sys Service Name: DfsC Module Base: 8D2E2000 Module End: 8D2F9000 Hidden: No Module Name: C:\Windows\System32\Drivers\avgmfx86.sys Service Name: AvgMfx86 Module Base: 8D2F9000 Module End: 8D2FF000 Hidden: No Module Name: C:\Windows\System32\Drivers\avgldx86.sys Service Name: AvgLdx86 Module Base: 8D2FF000 Module End: 8D350000 Hidden: No Module Name: C:\Windows\System32\Drivers\crashdmp.sys Service Name: --- Module Base: 8D350000 Module End: 8D35D000 Hidden: No Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys Service Name: --- Module Base: 8D35D000 Module End: 8D368000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_msahci.sys Service Name: --- Module Base: 8D368000 Module End: 8D372000 Hidden: Yes Module Name: C:\Windows\System32\drivers\Dxapi.sys Service Name: --- Module Base: 8D372000 Module End: 8D37C000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\monitor.sys Service Name: monitor Module Base: 8D37C000 Module End: 8D38B000 Hidden: No Module Name: C:\Windows\system32\drivers\luafv.sys Service Name: luafv Module Base: 8D38B000 Module End: 8D3A6000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\lltdio.sys Service Name: lltdio Module Base: 8D3AE000 Module End: 8D3BE000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\nwifi.sys Service Name: NativeWifiP Module Base: 8D3BE000 Module End: 8D3E8000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys Service Name: Ndisuio Module Base: 8D3E8000 Module End: 8D3F2000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\rspndr.sys Service Name: rspndr Module Base: 8CBCD000 Module End: 8CBE0000 Hidden: No Module Name: C:\Windows\system32\drivers\spsys.sys Service Name: --- Module Base: 9A20D000 Module End: 9A2BD000 Hidden: No Module Name: C:\Windows\system32\drivers\HTTP.sys Service Name: HTTP Module Base: 9A2BD000 Module End: 9A328000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\srvnet.sys Service Name: srvnet Module Base: 9A328000 Module End: 9A345000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\bowser.sys Service Name: bowser Module Base: 9A345000 Module End: 9A35E000 Hidden: No Module Name: C:\Windows\System32\drivers\mpsdrv.sys Service Name: mpsdrv Module Base: 9A35E000 Module End: 9A373000 Hidden: No Module Name: C:\Windows\system32\drivers\mrxdav.sys Service Name: MRxDAV Module Base: 9A373000 Module End: 9A394000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys Service Name: mrxsmb Module Base: 9A394000 Module End: 9A3B3000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys Service Name: mrxsmb10 Module Base: 9A3B3000 Module End: 9A3EC000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys Service Name: mrxsmb20 Module Base: 8CBE0000 Module End: 8CBF8000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\srv2.sys Service Name: srv2 Module Base: 8C7CC000 Module End: 8C7F3000 Hidden: No Module Name: C:\Windows\System32\DRIVERS\srv.sys Service Name: srv Module Base: 9BA0D000 Module End: 9BA59000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys Service Name: mdmxsdk Module Base: 9BA71000 Module End: 9BA75000 Hidden: No Module Name: C:\Windows\system32\drivers\peauth.sys Service Name: PEAUTH Module Base: 9BA75000 Module End: 9BB53000 Hidden: No Module Name: C:\Windows\System32\Drivers\secdrv.SYS Service Name: secdrv Module Base: 9BB53000 Module End: 9BB5D000 Hidden: No Module Name: C:\Windows\System32\drivers\tcpipreg.sys Service Name: tcpipreg Module Base: 9BB5D000 Module End: 9BB69000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\xaudio.sys Service Name: XAudio Module Base: 9BB69000 Module End: 9BB71000 Hidden: No Module Name: C:\Windows\system32\DRIVERS\cdfs.sys Service Name: cdfs Module Base: 9BB73000 Module End: 9BB89000 Hidden: No Module Name: C:\Windows\System32\drivers\prodrv06.sys Service Name: prodrv06 Module Base: 8D2CB000 Module End: 8D2D8000 Hidden: No Module Name: C:\Windows\System32\drivers\prohlp02.sys Service Name: prohlp02 Module Base: 87F7E000 Module End: 87F96000 Hidden: No Module Name: C:\Windows\System32\Drivers\Null.SYS Service Name: Null Module Base: 8CDDB000 Module End: 8CDE2000 Hidden: No Module Name: C:\Windows\System32\Drivers\Msfs.SYS Service Name: Msfs Module Base: 8CB36000 Module End: 8CB41000 Hidden: No ****************************************************************************************** ****************************************************************************************** No SSDT Hooks found ****************************************************************************************** ****************************************************************************************** No Kernel Hooks found ****************************************************************************************** ****************************************************************************************** IRP Hooks: Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 87F56651 Hooking Module: C:\Windows\System32\drivers\prosync1.sys Hooked Module: C:\Windows\System32\drivers\prodrv06.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8A3DD008 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\drivers\prodrv06.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8A3DD008 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\drivers\prodrv06.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8A3DD008 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\drivers\prohlp02.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8879DD68 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\drivers\prohlp02.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8879DD68 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\drivers\prohlp02.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8879DD68 Hooking Module: _unknown_ ****************************************************************************************** ****************************************************************************************** Ports: Local Address: SHAWN-PC.BELKIN:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: SHAWN-PC:18080 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: SHAWN-PC:15190 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: SHAWN-PC:15050 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: SHAWN-PC:13128 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: SHAWN-PC:11863 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: SHAWN-PC:10110 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe State: LISTENING Local Address: SHAWN-PC:10080 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe State: LISTENING Local Address: SHAWN-PC:8999 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe State: LISTENING Local Address: SHAWN-PC:10025 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\dlcccoms.exe State: LISTENING Local Address: SHAWN-PC:5357 Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: SHAWN-PC:5004 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\services.exe State: LISTENING Local Address: SHAWN-PC:5003 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\lsass.exe State: LISTENING Local Address: SHAWN-PC:5002 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\svchost.exe State: LISTENING Local Address: SHAWN-PC:5001 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\svchost.exe State: LISTENING Local Address: SHAWN-PC:5000 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\wininit.exe State: LISTENING Local Address: SHAWN-PC:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: SHAWN-PC:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Windows\System32\svchost.exe State: LISTENING Local Address: SHAWN-PC.BELKIN:SSDP Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: SHAWN-PC.BELKIN:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: SHAWN-PC.BELKIN:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: SHAWN-PC:63300 Remote Address: NA Type: UDP Process: C:\Program Files\Internet Explorer\iexplore.exe State: NA Local Address: SHAWN-PC:56732 Remote Address: NA Type: UDP Process: C:\Program Files\Internet Explorer\iexplore.exe State: NA Local Address: SHAWN-PC:52524 Remote Address: NA Type: UDP Process: C:\Program Files\Internet Explorer\iexplore.exe State: NA Local Address: SHAWN-PC:52515 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: SHAWN-PC:SSDP Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: SHAWN-PC:54928 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: SHAWN-PC:LLMNR Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: SHAWN-PC:IPSEC-MSFT Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: SHAWN-PC:UPNP-DISCOVERY Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: SHAWN-PC:UPNP-DISCOVERY Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: SHAWN-PC:500 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA Local Address: SHAWN-PC:123 Remote Address: NA Type: UDP Process: C:\Windows\System32\svchost.exe State: NA ****************************************************************************************** ****************************************************************************************** No hidden files/folders found
  5. Chose to keep AVG, was able to update it and run it successfully, no suspicious items were found. Computer seems to be running much better. Here are two previous Malwarebytes scan: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 6.0.6001 Service Pack 1 9/17/2009 8:11:06 PM mbam-log-2009-09-17 (20-11-06).txt Scan type: Quick Scan Objects scanned: 98101 Time elapsed: 10 minute(s), 13 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 9 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: C:\Windows\Temp\161533528.tmp (Trojan.Agent) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{01e645d7-fbc5-43a2-989f-57cfc08970f4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{df40995a-9f5b-4762-9fa8-6f232d08222d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{01e645d7-fbc5-43a2-989f-57cfc08970f4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{df40995a-9f5b-4762-9fa8-6f232d08222d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{01e645d7-fbc5-43a2-989f-57cfc08970f4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{df40995a-9f5b-4762-9fa8-6f232d08222d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.136,85.255.112.145 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Windows\Temp\161533528.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\shawn\AppData\Local\Temp\tmp40D9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\System32\ESQULzcounter (Trojan.Agent) -> Delete on reboot. C:\Users\shawn\AppData\Local\Temp\OmegaPlay.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 6.0.6001 Service Pack 1 9/18/2009 11:33:09 PM mbam-log-2009-09-18 (23-33-09).txt Scan type: Quick Scan Objects scanned: 98624 Time elapsed: 17 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\ESQULofotpsnrsqedpmdpngldfpbdmoriuybf.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Windows\System32\ESQULwhdwblxwktmycyvswlbhdkjfiidorwha.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. DDS: DDS (Ver_09-07-30.01) - NTFSx86 Run by shawn at 16:08:13.98 on Fri 09/25/2009 Internet Explorer: 8.0.6001.18813 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1236 [GMT -4:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Windows\system32\dlcccoms.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\shawn\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uRun: [ssMonitorTool] uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\.exe.exe" /runcleanupscript mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://216.220.227.130:8080/plugin/h263ctrl.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll AppInit_DLLs: avgrsstx.dll ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-17 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-17 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-17 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-17 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-17 297752] R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] =============== Created Last 30 ================ 2009-09-23 13:10 2,048 a------- c:\windows\system32\tzres.dll 2009-09-23 12:33 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-09-23 12:33 97,800 a------- c:\windows\system32\infocardapi.dll 2009-09-23 12:33 622,080 a------- c:\windows\system32\icardagt.exe 2009-09-23 12:33 37,384 a------- c:\windows\system32\infocardcpl.cpl 2009-09-23 12:33 11,264 a------- c:\windows\system32\icardres.dll 2009-09-23 12:33 43,544 a------- c:\windows\system32\PresentationHostProxy.dll 2009-09-23 12:33 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll 2009-09-23 12:33 326,160 a------- c:\windows\system32\PresentationHost.exe 2009-09-23 12:23 96,760 a------- c:\windows\system32\dfshim.dll 2009-09-23 12:23 282,112 a------- c:\windows\system32\mscoree.dll 2009-09-23 12:22 41,984 a------- c:\windows\system32\netfxperf.dll 2009-09-23 12:22 158,720 a------- c:\windows\system32\mscorier.dll 2009-09-23 12:22 83,968 a------- c:\windows\system32\mscories.dll 2009-09-23 12:10 147,456 a------- c:\windows\system32\Faultrep.dll 2009-09-23 12:10 125,952 a------- c:\windows\system32\wersvc.dll 2009-09-23 12:07 72,192 a------- c:\windows\system32\drivers\pacer.sys 2009-09-23 12:07 15,360 a------- c:\windows\system32\pacerprf.dll 2009-09-23 12:07 91,136 a------- c:\windows\system32\avifil32.dll 2009-09-23 12:07 2,501,921 a------- c:\windows\system32\wlan.tmf 2009-09-23 12:07 293,376 a------- c:\windows\system32\wlanmsm.dll 2009-09-23 12:07 127,488 a------- c:\windows\system32\L2SecHC.dll 2009-09-23 12:07 513,024 a------- c:\windows\system32\wlansvc.dll 2009-09-23 12:07 302,592 a------- c:\windows\system32\wlansec.dll 2009-09-23 12:06 71,680 a------- c:\windows\system32\atl.dll 2009-09-23 12:06 160,256 a------- c:\windows\system32\wkssvc.dll 2009-09-23 12:06 313,344 a------- c:\windows\system32\wmpdxm.dll 2009-09-23 12:06 7,680 a------- c:\windows\system32\spwmp.dll 2009-09-23 12:06 4,096 a------- c:\windows\system32\msdxm.ocx 2009-09-23 12:06 4,096 a------- c:\windows\system32\dxmasf.dll 2009-09-23 12:06 8,147,456 a------- c:\windows\system32\wmploc.DLL 2009-09-23 12:06 43,520 a------- c:\windows\system32\msdxm.tlb 2009-09-23 12:06 18,432 a------- c:\windows\system32\amcompat.tlb 2009-09-23 12:06 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-09-23 12:05 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-09-23 12:05 180,224 a------- c:\windows\system32\scrobj.dll 2009-09-23 12:05 172,032 a------- c:\windows\system32\scrrun.dll 2009-09-23 12:05 155,648 a------- c:\windows\system32\wscript.exe 2009-09-23 12:05 135,168 a------- c:\windows\system32\wshom.ocx 2009-09-23 12:05 135,168 a------- c:\windows\system32\cscript.exe 2009-09-23 12:05 90,112 a------- c:\windows\system32\wshext.dll 2009-09-17 23:28 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-09-17 21:51 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-09-17 21:51 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys 2009-09-17 21:51 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-09-17 21:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-09-17 21:51 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-09-17 21:50 <DIR> --d----- c:\programdata\AVG Security Toolbar 2009-09-17 21:50 <DIR> --d----- c:\progra~2\AVG Security Toolbar 2009-09-17 21:50 <DIR> --d----- c:\programdata\avg8 2009-09-17 21:50 <DIR> --d----- c:\program files\AVG 2009-09-17 21:50 <DIR> --d----- c:\progra~2\avg8 2009-09-17 20:20 <DIR> --d----- c:\program files\trend micro 2009-09-17 19:59 <DIR> --d----- c:\users\shawn\appdata\roaming\Malwarebytes 2009-09-17 19:57 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-17 19:57 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-17 19:57 <DIR> --d----- c:\programdata\Malwarebytes 2009-09-17 19:57 <DIR> --d----- c:\progra~2\Malwarebytes 2009-09-17 19:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-15 15:15 <DIR> --d----- c:\users\shawn\appdata\roaming\AVG8 ==================== Find3M ==================== 2009-09-15 14:16 38,711 a------- c:\users\shawn\appdata\roaming\nvModes.dat 2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-14 13:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys 2009-08-14 12:29 104,960 a------- c:\windows\system32\netiohlp.dll 2009-08-14 12:29 17,920 a------- c:\windows\system32\netevent.dll 2009-08-14 10:16 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-08-14 10:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-08-14 10:16 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-08-14 10:16 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-08-14 10:16 19,968 a------- c:\windows\system32\ARP.EXE 2009-08-14 10:16 10,240 a------- c:\windows\system32\finger.exe 2009-08-14 10:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-08-08 13:00 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-08-03 19:41 174 a--sh--- c:\program files\desktop.ini 2009-08-03 19:33 51,200 a------- c:\windows\inf\infpub.dat 2009-08-03 19:33 143,360 a------- c:\windows\inf\infstrng.dat 2009-08-03 19:33 86,016 a------- c:\windows\inf\infstor.dat 2009-08-03 19:21 665,600 a------- c:\windows\inf\drvindex.dat 2009-08-03 18:29 101,888 a------- c:\windows\system32\ifxcardm.dll 2009-08-03 18:29 82,432 a------- c:\windows\system32\axaltocm.dll 2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll 2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll 2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll 2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe 2007-10-17 23:15 0 a------- c:\users\shawn\appdata\roaming\wklnhst.dat 2007-09-07 09:05 247,608 a------- c:\users\shawn\jre-1_5_0_07-windows-i586-p-iftw.exe 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-06-12 13:26 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2009-06-12 13:26 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat 2009-05-28 10:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat 2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat 2009-06-11 03:12 245,760 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\cookies\index.dat 2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat 2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 16:11:16.56 ===============
  6. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/23 11:32 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8DC6B000 Size: 45056 File Visible: No Signed: - Status: - Name: dump_msahci.sys Image Path: C:\Windows\System32\Drivers\dump_msahci.sys Address: 0x8DC76000 Size: 40960 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA63B0000 Size: 49152 File Visible: No Signed: - Status: - Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1280 Status: Locked to the Windows API! SSDT ------------------- #: 013 Function Name: NtAlertResumeThread Status: Hooked by "<unknown>" at address 0x86d63980 #: 014 Function Name: NtAlertThread Status: Hooked by "<unknown>" at address 0x86d63a60 #: 018 Function Name: NtAllocateVirtualMemory Status: Hooked by "<unknown>" at address 0x86dd1c78 #: 054 Function Name: NtConnectPort Status: Hooked by "<unknown>" at address 0x86d0f468 #: 067 Function Name: NtCreateMutant Status: Hooked by "<unknown>" at address 0x86d636d0 #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x86dd1e08 #: 147 Function Name: NtFreeVirtualMemory Status: Hooked by "<unknown>" at address 0x86d99ef0 #: 156 Function Name: NtImpersonateAnonymousToken Status: Hooked by "<unknown>" at address 0x86d637c0 #: 158 Function Name: NtImpersonateThread Status: Hooked by "<unknown>" at address 0x86d638a0 #: 177 Function Name: NtMapViewOfSection Status: Hooked by "<unknown>" at address 0x86d99df0 #: 184 Function Name: NtOpenEvent Status: Hooked by "<unknown>" at address 0x86d635f0 #: 195 Function Name: NtOpenProcessToken Status: Hooked by "<unknown>" at address 0x86dd1d48 #: 202 Function Name: NtOpenThreadToken Status: Hooked by "<unknown>" at address 0x86d63f38 #: 282 Function Name: NtResumeThread Status: Hooked by "<unknown>" at address 0x86dcfd78 #: 289 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x86d63e58 #: 305 Function Name: NtSetInformationProcess Status: Hooked by "<unknown>" at address 0x86d99c20 #: 306 Function Name: NtSetInformationThread Status: Hooked by "<unknown>" at address 0x86d63d68 #: 330 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x86d63510 #: 331 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x86d63ba8 #: 334 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x86dd56e8 #: 335 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x86d63c88 #: 348 Function Name: NtUnmapViewOfSection Status: Hooked by "<unknown>" at address 0x86d99d10 #: 358 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x86d99fc0 ==EOF== Computer seems better, its allowing Windows to update and IE to access the internet now.
  7. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/2/2007 2:40:04 AM System Uptime: 9/18/2009 11:34:56 PM (108 hours ago) Motherboard: Quanta | | 30BC Processor: Intel® Core2 CPU T5300 @ 1.73GHz | U2E1 | 800/533mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 141 GiB total, 77.567 GiB free. D: is FIXED (NTFS) - 8 GiB total, 1.746 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP694: 8/3/2009 6:12:26 PM - Windows Vista Service Pack 1 RP695: 8/3/2009 7:48:16 PM - Removed NBC Direct Beta RP696: 8/3/2009 7:50:07 PM - Removed NBC Direct Beta RP697: 8/3/2009 7:52:54 PM - Removed Rhapsody Player Engine RP699: 8/3/2009 8:00:12 PM - Configured VeohTV BETA RP700: 8/5/2009 7:44:13 PM - Scheduled Checkpoint RP701: 8/8/2009 2:01:50 PM - Scheduled Checkpoint RP703: 8/11/2009 9:16:15 AM - Windows Defender Checkpoint RP704: 8/19/2009 7:00:52 PM - Scheduled Checkpoint RP705: 9/14/2009 7:26:23 PM - Scheduled Checkpoint RP707: 9/15/2009 2:40:22 PM - Windows Defender Checkpoint RP708: 9/17/2009 6:07:20 PM - Scheduled Checkpoint RP710: 9/17/2009 7:47:19 PM - Windows Defender Checkpoint RP711: 9/17/2009 8:34:00 PM - Windows Update RP712: 9/17/2009 9:49:57 PM - Installed AVG 8.5 RP713: 9/19/2009 12:19:43 AM - Scheduled Checkpoint RP714: 9/20/2009 11:39:20 AM - Scheduled Checkpoint ==== Installed Programs ====================== Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9 Adobe Shockwave Player AIM 6 AOL Instant Messenger AppCore Apple Software Update ArcSoft Magic-i 3 ArcSoft VideoImpression 2 ArcSoft WebCam Companion 2 AudibleManager AV AVG 8.5 AXIS Camera Server Control BitPim 1.0.6 ccCommon Conexant HD Audio Creative MediaSource Creative Removable Disk Manager Creative System Information Creative Zen Vision M DivX Web Player ESU for Microsoft Vista HDAUDIO Soft Data Fax Modem with SmartCP HP Active Support Library HP Active Support Library 32 bit components HP Button Manager HP Customer Experience Enhancements HP Doc Viewer HP Easy Setup - Frontend HP Help and Support HP Photosmart Essential 2.0 HP Photosmart Essential2.5 HP Quick Launch Buttons 6.20 B1 HP QuickPlay 3.2 HP Total Care Advisor HP Update HP User Guides 0082 HP Webcam User’s Guide HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant Java SE Runtime Environment 6 LightScribe 1.4.136.1 LimeWire 5.1.3 LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Malwarebytes' Anti-Malware Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Works Move Media Player MSCU for Microsoft Vista MSRedist MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) muvee autoProducer 6.0 My HP Games Norton AntiVirus Norton Confidential Browser Component Norton Confidential Web Protection Component Norton Internet Security Norton Internet Security (Symantec Corporation) Norton PC Checkup Norton Protection Center Norton Security Scan Norton Security Scan (Symantec Corporation) NVIDIA Drivers OpenCASE Media Agent OpenOffice.org 2.2 PSSWCORE QuickTime Rescue Me screensaver Rhapsody Player Engine Roxio Activation Module Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 SAMSUNG CDMA Modem Driver Set SPBBC 32bit Symantec Real Time Storage Protection Component SymNet Synaptics Pointing Device Driver TBS WMP Plug-in VC80CRTRedist - 8.0.50727.762 Viewpoint Media Player Winamp (remove only) Windows Media Player Firefox Plugin Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar ==== Event Viewer Messages From Past Week ======== 9/18/2009 11:34:12 PM, Error: Service Control Manager [7016] - The MgiSvr service has reported an invalid current state 32. 9/17/2009 8:12:47 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001B779D2F55 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). 9/17/2009 8:00:43 PM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find message text for message number 0xMBAMSwissArmy in the message file for The system cannot find message text for message number 0x%1 in the message file for %2.. 9/17/2009 7:56:43 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting. 9/17/2009 7:56:43 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state. 9/17/2009 7:55:52 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 9/17/2009 7:55:51 PM, Error: Service Control Manager [7023] - The Secure Socket Tunneling Protocol Service service terminated with the following error: The RPC server is unavailable. 9/17/2009 7:55:51 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The RPC server is unavailable. 9/17/2009 7:49:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.114 for the Network Card with network address 001B779D2F55 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). 9/17/2009 7:45:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 001B779D2F55 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). ==== End Of File =========================== DDS (Ver_09-07-30.01) - NTFSx86 Run by shawn at 11:39:50.31 on Wed 09/23/2009 Internet Explorer: 8.0.6001.18783 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1085 [GMT -4:00] AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\dlcccoms.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG8\avgupd.exe C:\Windows\system32\msfeedssync.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\shawn\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uRun: [ssMonitorTool] uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\.exe.exe" /runcleanupscript mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://216.220.227.130:8080/plugin/h263ctrl.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll AppInit_DLLs: avgrsstx.dll ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-17 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-17 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-17 108552] R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20071002.003\IDSvix86.sys [2007-10-4 180272] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-17 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-17 297752] R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-10 24652] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-10-7 112688] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-10-30 37936] =============== Created Last 30 ================ 2009-09-17 23:28 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-09-17 21:51 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-09-17 21:51 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys 2009-09-17 21:51 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-09-17 21:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-09-17 21:51 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-09-17 21:50 <DIR> --d----- c:\programdata\AVG Security Toolbar 2009-09-17 21:50 <DIR> --d----- c:\progra~2\AVG Security Toolbar 2009-09-17 21:50 <DIR> --d----- c:\programdata\avg8 2009-09-17 21:50 <DIR> --d----- c:\program files\AVG 2009-09-17 21:50 <DIR> --d----- c:\progra~2\avg8 2009-09-17 20:20 <DIR> --d----- c:\program files\trend micro 2009-09-17 19:59 <DIR> --d----- c:\users\shawn\appdata\roaming\Malwarebytes 2009-09-17 19:57 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-17 19:57 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-17 19:57 <DIR> --d----- c:\programdata\Malwarebytes 2009-09-17 19:57 <DIR> --d----- c:\progra~2\Malwarebytes 2009-09-17 19:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-15 15:15 <DIR> --d----- c:\users\shawn\appdata\roaming\AVG8 ==================== Find3M ==================== 2009-09-15 14:16 38,711 a------- c:\users\shawn\appdata\roaming\nvModes.dat 2009-08-08 13:00 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-08-03 19:41 174 a--sh--- c:\program files\desktop.ini 2009-08-03 19:33 51,200 a------- c:\windows\inf\infpub.dat 2009-08-03 19:33 143,360 a------- c:\windows\inf\infstrng.dat 2009-08-03 19:33 86,016 a------- c:\windows\inf\infstor.dat 2009-08-03 19:21 665,600 a------- c:\windows\inf\drvindex.dat 2009-08-03 18:29 101,888 a------- c:\windows\system32\ifxcardm.dll 2009-08-03 18:29 82,432 a------- c:\windows\system32\axaltocm.dll 2007-10-17 23:15 0 a------- c:\users\shawn\appdata\roaming\wklnhst.dat 2007-09-07 09:05 247,608 a------- c:\users\shawn\jre-1_5_0_07-windows-i586-p-iftw.exe 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-06-12 13:26 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2009-06-12 13:26 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat 2009-05-28 10:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat 2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat 2009-06-11 03:12 245,760 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\cookies\index.dat 2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat 2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 11:41:43.35 ===============
  8. DDS (Ver_09-07-30.01) - NTFSx86 Run by shawn at 11:39:50.31 on Wed 09/23/2009 Internet Explorer: 8.0.6001.18783 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1085 [GMT -4:00] AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\dlcccoms.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG8\avgupd.exe C:\Windows\system32\msfeedssync.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\shawn\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uRun: [ssMonitorTool] uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\.exe.exe" /runcleanupscript mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://216.220.227.130:8080/plugin/h263ctrl.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll AppInit_DLLs: avgrsstx.dll ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-17 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-17 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-17 108552] R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20071002.003\IDSvix86.sys [2007-10-4 180272] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-17 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-17 297752] R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-10 24652] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-10-7 112688] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-10-30 37936] =============== Created Last 30 ================ 2009-09-17 23:28 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-09-17 21:51 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-09-17 21:51 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys 2009-09-17 21:51 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-09-17 21:51 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-09-17 21:51 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-09-17 21:50 <DIR> --d----- c:\programdata\AVG Security Toolbar 2009-09-17 21:50 <DIR> --d----- c:\progra~2\AVG Security Toolbar 2009-09-17 21:50 <DIR> --d----- c:\programdata\avg8 2009-09-17 21:50 <DIR> --d----- c:\program files\AVG 2009-09-17 21:50 <DIR> --d----- c:\progra~2\avg8 2009-09-17 20:20 <DIR> --d----- c:\program files\trend micro 2009-09-17 19:59 <DIR> --d----- c:\users\shawn\appdata\roaming\Malwarebytes 2009-09-17 19:57 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-17 19:57 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-17 19:57 <DIR> --d----- c:\programdata\Malwarebytes 2009-09-17 19:57 <DIR> --d----- c:\progra~2\Malwarebytes 2009-09-17 19:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-15 15:15 <DIR> --d----- c:\users\shawn\appdata\roaming\AVG8 ==================== Find3M ==================== 2009-09-15 14:16 38,711 a------- c:\users\shawn\appdata\roaming\nvModes.dat 2009-08-08 13:00 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-08-03 19:41 174 a--sh--- c:\program files\desktop.ini 2009-08-03 19:33 51,200 a------- c:\windows\inf\infpub.dat 2009-08-03 19:33 143,360 a------- c:\windows\inf\infstrng.dat 2009-08-03 19:33 86,016 a------- c:\windows\inf\infstor.dat 2009-08-03 19:21 665,600 a------- c:\windows\inf\drvindex.dat 2009-08-03 18:29 101,888 a------- c:\windows\system32\ifxcardm.dll 2009-08-03 18:29 82,432 a------- c:\windows\system32\axaltocm.dll 2007-10-17 23:15 0 a------- c:\users\shawn\appdata\roaming\wklnhst.dat 2007-09-07 09:05 247,608 a------- c:\users\shawn\jre-1_5_0_07-windows-i586-p-iftw.exe 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-06-12 13:26 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-06-12 13:26 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2009-06-12 13:26 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat 2009-05-28 10:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat 2009-05-28 10:35 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat 2009-06-11 03:12 245,760 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\cookies\index.dat 2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat 2008-11-27 04:09 16,384 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 11:41:43.35 =============== I dont believe the Administrator of this board has given me access to Attach a file to my post Access to the internet is back as of now
  9. This computer is my brother's, so I'm trying to fix it for him. For anti-virus it had Norton, however it is now expired and was not renewed. Upon my receipt of the computer I attempted to install AVG, which gave me trouble, but installed sucessfully, however the virus/malware is blocking its access to the internet so it cannot update. And for firewall, I believe its just the stock Windows Firewall unless Norton has something on its own
  10. Thank you OCD. Any help is much appreciated. Some more information about the computer: there is some virus/malware thats blocking access to the internet from several programs. I am unable to use internet explorer, update windows, update AVG, etc. It had blocked Malwarebytes when I tried to install it from a flash drive, and I had to rename the .exe file to run it. Programs like AIM have internet access.
  11. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:35:24 PM, on 9/17/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Users\shawn\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file) O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\.exe.exe" /runcleanupscript O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://216.220.227.130:8080/plugin/h263ctrl.cab O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: dlcc_device - - C:\Windows\system32\dlcccoms.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 8108 bytes
×
×
  • Create New...