PDA

View Full Version : Time and date changed


jamper
2011-11-10, 22:01
Hi, I turned on the computer today and it went to the F1 F2 option to start normally or go to set up I chose start normally, then i noticed the windows security alert shield and it said my virus definitions where out of date to I opened AVG and updated. when it was finished updating I noticed it said "last updated on Jan 01 2007 and I looked down at the time in the system tray and it said it was Jan 01 2007 @ 12:05 am. I tried to reset the time but it would not sync with any of the pre- set defaults, so I manually set the time and date.
Now Avg says it is up to date but Windows security alert says it is not. Also Windows update will not work. Thanks You in advance.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Run by Jeannie Lavender at 12:45:08 on 2011-11-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.271 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe
C:\program files\clearwire\connection manager\Location Finder\mylocal.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
StartupFolder: c:\users\jeanni~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 66.233.169.12 64.13.115.12
TCP: Interfaces\{02038206-7C08-4C51-8EF4-72B0822C863A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9FE84712-9608-4D73-87D6-B1AD39489673} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{B46D9F83-1D51-4D38-A6F3-6B2D6493ACF8} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{E6A6814A-4D6D-4A90-A15F-DE84F1E37853} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EE1FD3A5-99C1-43FC-A106-74EA610F1620} : DhcpNameServer = 66.233.169.12 64.13.115.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jeannie lavender\appdata\roaming\mozilla\firefox\profiles\5unxrik7.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jeannie lavender\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\jeannie lavender\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jeannie lavender\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-10-19 21504]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-15 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-13 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-13 399416]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2009-11-9 107856]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-5-21 401408]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-11-3 282112]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-11-3 51712]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\clearwire\connection manager\ConAppsSvc.exe [2009-11-9 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2009-11-9 120144]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S2 inewnetworks;Network Location Awarenes(NLA);c:\windows\system32\svchost.exe -k inetworks [2011-10-19 21504]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 98984]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-2-6 464384]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-10-15 523264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-09 02:31:29 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 02:27:58 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 02:27:55 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-08 05:52:08 -------- d-----w- c:\programdata\Big Fish Games
2011-11-08 05:45:49 -------- d-----w- C:\BigFishGamesCache
2011-11-04 01:43:25 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\FaxCtr
2011-11-04 00:25:08 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\Lexmark Productivity Studio
2011-11-04 00:18:59 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
2011-11-04 00:18:59 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
2011-11-04 00:18:39 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
2011-11-04 00:18:39 53248 ----a-w- c:\windows\system32\lxf3oem.dll
2011-11-04 00:18:39 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
2011-11-04 00:18:39 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
2011-11-04 00:18:38 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2011-11-04 00:18:38 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
2011-11-04 00:18:37 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2011-11-04 00:18:27 -------- d-----w- c:\programdata\FaxCtr
2011-11-04 00:18:07 -------- d-----w- c:\program files\Lexmark Fax Solutions
2011-11-04 00:17:45 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2011-11-04 00:17:21 -------- d-----w- c:\program files\Lexmark Tools for Office
2011-11-04 00:16:07 17064 ----a-w- c:\windows\system32\lxdnwupd.exe
2011-11-04 00:16:07 102400 ----a-w- c:\windows\system32\lxdnwupd.dll
2011-11-04 00:16:04 348160 ----a-w- c:\windows\system32\LXDNinst.dll
2011-11-04 00:16:03 438272 ----a-w- c:\windows\system32\LXDNhcp.dll
2011-11-04 00:13:17 -------- d-----w- c:\program files\Lexmark 2600 Series
2011-11-04 00:09:01 -------- d-----w- C:\logs
2011-11-04 00:08:49 115200 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdndrpp.dll
2011-11-03 23:51:14 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2011-11-03 23:44:56 -------- d-----w- c:\programdata\Ezprint
2011-11-03 23:44:13 -------- d-----w- c:\program files\Lexmark Toolbar
2011-11-03 23:14:20 -------- d-----w- c:\users\jeannie lavender\{8518fd66-cd08-478a-a9d6-c9edcdfd48be}
2011-11-03 22:59:17 -------- d-----w- c:\users\jeannie lavender\{aca43aac-32e0-46a2-8b24-c52481567b65}
2011-11-03 22:59:10 -------- d-----w- c:\program files\Lexmark 730 Series
2011-11-03 09:45:18 417792 ----a-w- c:\program files\windows media player\plugins\wmp_scrobbler.dll
2011-11-03 09:45:18 -------- d-----w- c:\programdata\Last.fm
2011-11-03 09:42:21 -------- d-----w- c:\users\jeannie lavender\appdata\local\Last.fm
2011-11-03 09:42:11 -------- d-----w- c:\program files\Last.fm
2011-11-03 06:27:09 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-11-03 06:27:08 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-11-03 06:26:08 -------- d-----w- c:\program files\ConsoleClassix.com
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-10-27 21:53:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 01:32:49 -------- d-----w- c:\windows\system32\Adobe
2011-10-24 01:32:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-23 21:43:10 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-21 20:59:11 -------- d-----w- c:\users\jeannie lavender\{c5a5264c-5203-4090-bfac-519b80c68280}
2011-10-21 20:58:32 -------- d-----w- c:\programdata\lx_Cats
2011-10-21 20:58:20 -------- d-----w- C:\Temp
2011-10-21 20:50:48 -------- d-----w- c:\users\jeannie lavender\{b35cdf18-9f7e-4656-b0f9-ab3b14386a0a}
2011-10-20 23:16:33 -------- d-----w- c:\program files\Windows Portable Devices
2011-10-20 22:44:48 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-10-20 22:44:47 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-10-20 22:44:47 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-10-20 22:36:54 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-10-20 22:35:52 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-10-20 22:35:52 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-10-20 22:35:51 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-10-20 22:35:48 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-10-20 22:35:46 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-10-20 22:35:45 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-10-20 22:35:45 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-10-20 21:40:57 -------- d-----w- c:\program files\VideoLAN
2011-10-20 20:38:22 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-20 20:38:22 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-20 20:38:22 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-20 20:38:22 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-20 20:38:20 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-10-20 20:36:38 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-10-20 20:36:38 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-10-20 20:36:38 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-20 20:36:38 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-20 20:36:38 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-10-20 20:36:37 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-10-20 20:36:36 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-10-20 20:36:36 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-20 20:36:36 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-20 20:36:36 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-10-20 20:36:36 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-10-20 20:36:35 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-10-20 20:34:39 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-20 20:32:34 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-20 20:32:34 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-20 20:32:33 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-20 20:32:32 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-20 20:32:13 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-20 20:32:12 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-20 20:30:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-20 09:48:32 -------- d-----w- c:\windows\system32\eu-ES
2011-10-20 09:48:32 -------- d-----w- c:\windows\system32\ca-ES
2011-10-20 09:48:31 -------- d-----w- c:\windows\system32\vi-VN
2011-10-20 09:18:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-20 09:18:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-20 09:09:15 -------- d-----w- c:\windows\system32\EventProviders
2011-10-20 08:29:41 -------- d-----w- C:\BC4933DC5E2E349A34DBF3D70E
2011-10-20 08:19:16 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-10-20 07:55:59 1216000 ----a-w- c:\windows\system32\AuxiliaryDisplayCpl.dll
2011-10-20 07:54:53 880640 ----a-w- c:\windows\system32\RacEngn.dll
2011-10-20 07:53:59 614376 ----a-w- c:\windows\system32\ci.dll
2011-10-20 07:52:59 282624 ----a-w- c:\windows\system32\w32time.dll
2011-10-20 07:51:58 197632 ----a-w- c:\windows\system32\SndVol.exe
2011-10-20 07:50:59 73216 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-10-20 07:49:59 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2011-10-20 07:48:57 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-10-20 07:48:57 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-10-20 07:48:57 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-10-20 07:48:57 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-10-20 07:48:57 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-10-20 07:48:56 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-10-20 07:48:56 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-10-20 07:48:52 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2011-10-20 07:48:46 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-10-20 07:48:46 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-10-20 07:48:27 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-10-20 07:38:15 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-20 07:38:15 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-20 07:38:15 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-20 07:38:15 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-20 07:38:15 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-20 07:11:36 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2011-10-20 07:11:36 515584 ----a-w- c:\program files\windows mail\wab.exe
2011-10-20 07:11:36 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2011-10-20 07:11:34 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-10-20 07:11:33 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-10-20 07:11:29 36864 ----a-w- c:\windows\system32\rtutils.dll
2011-10-20 07:11:26 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-20 07:11:25 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-10-20 07:11:25 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-20 07:11:14 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-10-20 07:11:07 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-10-20 07:10:54 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-10-20 07:10:53 17920 ----a-w- c:\windows\system32\netevent.dll
2011-10-20 07:10:45 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-10-20 07:10:32 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-10-20 07:10:31 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-10-20 07:10:14 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-10-20 07:10:13 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-10-20 07:10:12 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-10-20 07:10:11 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-10-20 07:10:11 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-10-20 07:10:11 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-10-20 07:08:38 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-20 07:08:38 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-20 07:08:35 81920 ----a-w- c:\windows\system32\consent.exe
2011-10-20 07:08:31 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-10-20 07:08:27 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-10-20 07:08:23 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2011-10-20 07:08:20 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2011-10-20 07:08:17 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-10-20 07:08:13 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-20 07:08:08 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-10-20 07:07:59 1248768 ----a-w- c:\windows\system32\msxml3.dll
2011-10-20 07:07:53 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-20 07:07:51 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-10-20 07:07:27 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-10-20 07:07:26 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-10-20 07:07:26 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-10-20 07:07:26 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-10-20 07:07:26 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-10-20 07:07:01 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-20 06:56:35 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-20 06:56:23 276992 ----a-w- c:\windows\system32\schannel.dll
2011-10-20 06:56:14 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-10-20 06:48:44 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-10-20 06:48:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-10-20 06:48:43 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-10-20 06:41:06 -------- d-----w- c:\program files\Microsoft
2011-10-20 06:40:49 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-10-20 06:38:30 -------- d-----w- c:\program files\common files\Windows Live
2011-10-20 06:29:45 -------- d-----w- c:\program files\MSECache
2011-10-20 06:24:44 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\HpUpdate
2011-10-20 06:24:08 -------- d-----w- c:\windows\Hewlett-Packard
2011-10-20 05:04:49 -------- d-----w- c:\users\jeannie lavender\appdata\local\Secunia PSI
2011-10-20 05:04:27 -------- d-----w- c:\program files\Secunia
2011-10-20 05:01:55 -------- d-s---w- C:\ComboFix
2011-10-20 00:25:16 305152 ----a-w- c:\windows\system32\msdelta.dll
2011-10-20 00:24:24 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\default\MpEngine.dll
2011-10-20 00:24:15 705536 ----a-w- c:\windows\system32\imagesp1.dll
2011-10-20 00:24:11 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2011-10-20 00:24:05 1008184 ----a-w- c:\program files\windows defender\MSASCui.exe
2011-10-20 00:22:59 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2011-10-20 00:21:59 79360 ----a-w- c:\windows\system32\QUTIL.DLL
2011-10-20 00:20:58 397312 ----a-w- c:\program files\windows mail\WinMail.exe
2011-10-20 00:19:58 7680 ----a-w- c:\windows\system32\spwizres.dll
2011-10-20 00:19:58 2048 ----a-w- c:\windows\system32\wertargets.wtl
2011-10-20 00:19:56 12198 ----a-w- c:\windows\system32\gatherWiredInfo.vbs
2011-10-20 00:19:06 89088 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-10-20 00:18:39 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2011-10-20 00:18:38 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2011-10-20 00:18:27 129536 ----a-w- c:\windows\system32\sqmapi.dll
2011-10-20 00:18:26 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2011-10-20 00:17:35 35328 ----a-w- c:\windows\system32\mspatcha.dll
2011-10-20 00:17:35 258560 ----a-w- c:\windows\system32\dpx.dll
2011-10-20 00:17:24 6656 ----a-w- c:\windows\system32\kbd106.dll
2011-10-19 08:36:14 -------- d-----w- c:\program files\common files\xing shared
2011-10-19 08:31:16 -------- d-----w- c:\users\jeannie lavender\appdata\local\Ilivid Player
2011-10-19 08:24:47 -------- dc-h--w- c:\programdata\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}
2011-10-19 08:24:27 -------- d-----w- c:\program files\iLivid
2011-10-19 08:22:54 -------- d-----w- c:\users\jeannie lavender\appdata\local\PackageAware
2011-10-19 07:56:22 645632 ----a-w- c:\windows\system32\xvidcore.dll
2011-10-19 07:56:22 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-10-19 07:56:22 153088 ----a-w- c:\windows\system32\xvid.ax
2011-10-19 07:56:13 -------- d-----w- c:\program files\Xvid
2011-10-18 09:40:19 -------- d-----w- c:\program files\ESET
2011-10-18 09:27:11 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-18 06:32:12 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-18 06:31:44 -------- d-----w- c:\users\jeannie lavender\appdata\local\temp
2011-10-17 22:43:50 -------- d-----w- c:\program files\CONEXANT
2011-10-17 22:13:21 0 ---ha-w- c:\users\jeannie lavender\appdata\local\BITF0B.tmp
2011-10-17 03:19:24 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-17 00:00:19 -------- d-----w- c:\users\jeannie lavender\appdata\local\Mozilla
2011-10-16 22:55:06 -------- d-----w- c:\users\jeannie lavender\appdata\local\Clearwire
2011-10-16 22:55:04 -------- d-----w- c:\program files\Skyhook Wireless
2011-10-16 22:51:28 -------- d-----w- c:\program files\common files\PctelEapPeer Authentication
2011-10-16 22:51:21 -------- d-----w- c:\programdata\Clearwire
2011-10-16 22:51:20 -------- d-----w- c:\program files\Clearwire
2011-10-16 21:33:03 -------- d-----w- c:\program files\CCleaner
2011-10-16 07:31:10 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-16 07:31:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-16 07:31:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-16 07:22:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-16 07:22:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-16 05:48:55 -------- d-----w- C:\$AVG
2011-10-16 04:57:15 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\AVG2012
2011-10-16 04:56:24 -------- d--h--w- c:\programdata\Common Files
2011-10-16 04:55:21 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-16 04:55:21 -------- d-----w- c:\programdata\AVG2012
2011-10-16 04:54:35 -------- d-----w- c:\program files\AVG
2011-10-16 04:54:12 523264 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
2011-10-16 04:50:02 -------- d-----w- c:\programdata\MFAData
.
==================== Find3M ====================
.
2011-10-20 22:36:54 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-10-20 22:35:54 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2011-10-20 01:35:23 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-10-20 01:35:11 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-10-19 08:35:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-07 13:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 13:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 13:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 12:48:03.04 ===============
Blottedisk
2011-11-17, 16:34
Hi jamper,

If you still need help, please follow these steps:


Step 1 | Please download OTL from one of the following mirrors:

This is THE Mirror (http://oldtimer.geekstogo.com/OTL.exe)

--------------------------------------------------------------------

Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.
Click the "Scan All Users" checkbox.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button.
Two reports will open, copy and paste them in your next reply:

OTListIt.txt <-- Will be opened
Extras.txt <-- Will be minimized



Step 2 | Please download GMER from one of the following locations and save it to your desktop:

Main Mirror (http://gmer.net/download.php) - This version will download a randomly named file (Recommended)
Zipped Mirror (http://gmer.net/gmer.zip) - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

--------------------------------------------------------------------


Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection (http://forums.whatthetech.com/index.php?showtopic=96260) so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.


Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif


GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Make sure all options are checked except:

IAT/EAT
Drives/Partition other than Systemdrive, which is typically C:\
Show All (This is important, so do not miss it.)

http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_th.gif (http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_screen2-1.gif)
Click the image to enlarge it

Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode (http://www.computerhope.com/issues/chsafe.htm).
jamper
2011-11-19, 07:32
Hello, Thanks for helping. Let me give you a little info on this computer, It is my neighbors computer and last month this forum with the help of Blade81 got it working fine. Last week when I checked to see if it was running alright is when I noticed the problem, since then a few more annoyances have occurred and Firefox automatically updated to its latest version and a few more things have been happening, so today(before I saw that you answered my post) i uninstalled the Firefox and installed a older version. So I am including with this post a new DDS log and attachment. Also I am unable to download OTL from anywhere, no matter what link (even from there own website) it will not download, it either goes to a cannot display page or attempts to download but disappears.
thanks again


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-18 22:10:21
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3320820AS rev.3.AAD
Running: gmer.exe; Driver: C:\Users\JEANNI~1\AppData\Local\Temp\pxldapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA8E7AF3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA8E7AFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA8E7B080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA8E7B11C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 5E1 82486BD8 4 Bytes [3C, AF, E7, A8] {CMP AL, 0xaf; OUT 0xa8, EAX}
.text ntoskrnl.exe!KeInsertQueue + 811 82486E08 8 Bytes [E4, AF, E7, A8, 80, B0, E7, ...]
.text ntoskrnl.exe!KeInsertQueue + 871 82486E68 4 Bytes [1C, B1, E7, A8] {SBB AL, 0xb1; OUT 0xa8, EAX}

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----



DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Run by Jeannie Lavender at 22:11:21 on 2011-11-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.257 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe
C:\program files\clearwire\connection manager\Location Finder\mylocal.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\osk.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 66.233.169.12 64.13.115.12
TCP: Interfaces\{02038206-7C08-4C51-8EF4-72B0822C863A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9FE84712-9608-4D73-87D6-B1AD39489673} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{B46D9F83-1D51-4D38-A6F3-6B2D6493ACF8} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{E6A6814A-4D6D-4A90-A15F-DE84F1E37853} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EE1FD3A5-99C1-43FC-A106-74EA610F1620} : DhcpNameServer = 66.233.169.12 64.13.115.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jeannie lavender\appdata\roaming\mozilla\firefox\profiles\5unxrik7.default\
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\jeannie lavender\appdata\roaming\mozilla\firefox\profiles\5unxrik7.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jeannie lavender\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\jeannie lavender\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jeannie lavender\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-10-19 21504]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-15 1153368]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2009-11-9 107856]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-5-21 401408]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-11-3 282112]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-11-3 51712]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\clearwire\connection manager\ConAppsSvc.exe [2009-11-9 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2009-11-9 120144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S2 inewnetworks;Network Location Awarenes(NLA);c:\windows\system32\svchost.exe -k inetworks [2011-10-19 21504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-2-6 464384]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-10-15 523264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-19 01:06:33 17064 ----a-w- c:\windows\system32\lxdnwupd.exe
2011-11-19 01:06:32 102400 ----a-w- c:\windows\system32\lxdnwupd.dll
2011-11-19 01:06:25 438272 ----a-w- c:\windows\system32\LXDNhcp.dll
2011-11-19 01:06:25 348160 ----a-w- c:\windows\system32\LXDNinst.dll
2011-11-19 01:06:22 524288 ----a-w- c:\windows\system32\tmp593A.tmp
2011-11-19 01:06:20 569344 ----a-w- c:\windows\system32\tmp4FA4.tmp
2011-11-19 01:06:19 147456 ----a-w- c:\windows\system32\tmp4DBF.tmp
2011-11-19 01:06:16 983121 ----a-w- c:\windows\system32\tmp3EBA.tmp
2011-11-19 01:06:12 851968 ----a-w- c:\windows\system32\tmp31A9.tmp
2011-11-19 01:06:03 -------- d-----w- c:\program files\Lexmark 2600 Series
2011-11-19 00:06:40 115200 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdndrpp.dll
2011-11-18 23:38:33 -------- d-----w- c:\users\jeannie lavender\appdata\local\ElevatedDiagnostics
2011-11-18 22:45:55 -------- d-----w- c:\program files\MozBackup
2011-11-13 11:18:06 -------- d-----w- c:\users\jeannie lavender\appdata\local\Clearwire
2011-11-13 11:16:56 -------- d-----w- c:\program files\common files\PctelEapPeer Authentication
2011-11-13 11:13:35 -------- d-----w- c:\programdata\Clearwire
2011-11-13 09:15:07 -------- d-----w- c:\program files\CCleaner
2011-11-12 05:42:02 -------- d-----w- c:\windows\pss
2011-11-09 02:31:29 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 02:27:58 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 02:27:55 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-08 05:52:08 -------- d-----w- c:\programdata\Big Fish Games
2011-11-08 05:45:49 -------- d-----w- C:\BigFishGamesCache
2011-11-04 01:43:25 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\FaxCtr
2011-11-04 00:25:08 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\Lexmark Productivity Studio
2011-11-04 00:18:59 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
2011-11-04 00:18:59 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
2011-11-04 00:18:39 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
2011-11-04 00:18:39 53248 ----a-w- c:\windows\system32\lxf3oem.dll
2011-11-04 00:18:39 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
2011-11-04 00:18:39 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
2011-11-04 00:18:38 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2011-11-04 00:18:38 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
2011-11-04 00:18:37 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2011-11-04 00:18:27 -------- d-----w- c:\programdata\FaxCtr
2011-11-04 00:18:07 -------- d-----w- c:\program files\Lexmark Fax Solutions
2011-11-04 00:17:45 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2011-11-04 00:17:21 -------- d-----w- c:\program files\Lexmark Tools for Office
2011-11-04 00:09:01 -------- d-----w- C:\logs
2011-11-03 23:51:14 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2011-11-03 23:51:10 77906 ----a-w- c:\windows\system32\lxdncfg.dll
2011-11-03 23:44:56 -------- d-----w- c:\programdata\Ezprint
2011-11-03 23:44:13 -------- d-----w- c:\program files\Lexmark Toolbar
2011-11-03 23:14:20 -------- d-----w- c:\users\jeannie lavender\{8518fd66-cd08-478a-a9d6-c9edcdfd48be}
2011-11-03 22:59:17 -------- d-----w- c:\users\jeannie lavender\{aca43aac-32e0-46a2-8b24-c52481567b65}
2011-11-03 22:59:10 -------- d-----w- c:\program files\Lexmark 730 Series
2011-11-03 09:42:21 -------- d-----w- c:\users\jeannie lavender\appdata\local\Last.fm
2011-11-03 06:27:09 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-11-03 06:27:08 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-11-03 06:26:08 -------- d-----w- c:\program files\ConsoleClassix.com
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-10-27 21:53:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 01:32:49 -------- d-----w- c:\windows\system32\Adobe
2011-10-24 01:32:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-23 21:43:10 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-21 20:59:11 -------- d-----w- c:\users\jeannie lavender\{c5a5264c-5203-4090-bfac-519b80c68280}
2011-10-21 20:58:32 -------- d-----w- c:\programdata\lx_Cats
2011-10-21 20:58:20 -------- d-----w- C:\Temp
2011-10-21 20:50:48 -------- d-----w- c:\users\jeannie lavender\{b35cdf18-9f7e-4656-b0f9-ab3b14386a0a}
2011-10-20 23:16:33 -------- d-----w- c:\program files\Windows Portable Devices
2011-10-20 22:44:48 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-10-20 22:44:47 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-10-20 22:44:47 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-10-20 22:36:54 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-10-20 22:35:52 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-10-20 22:35:52 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-10-20 22:35:51 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-10-20 22:35:48 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-10-20 22:35:46 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-10-20 22:35:45 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-10-20 22:35:45 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-10-20 21:40:57 -------- d-----w- c:\program files\VideoLAN
2011-10-20 20:38:22 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-20 20:38:22 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-20 20:38:22 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-20 20:38:22 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-20 20:38:20 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-10-20 20:36:38 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-10-20 20:36:38 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-10-20 20:36:38 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-20 20:36:38 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-20 20:36:38 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-10-20 20:36:37 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-10-20 20:36:36 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-10-20 20:36:36 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-20 20:36:36 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-20 20:36:36 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-10-20 20:36:36 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-10-20 20:36:35 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-10-20 20:34:39 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-20 20:32:34 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-20 20:32:34 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-20 20:32:33 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-20 20:32:32 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-20 20:32:13 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-20 20:32:12 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-20 20:30:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-20 09:48:32 -------- d-----w- c:\windows\system32\eu-ES
2011-10-20 09:48:32 -------- d-----w- c:\windows\system32\ca-ES
2011-10-20 09:48:31 -------- d-----w- c:\windows\system32\vi-VN
2011-10-20 09:18:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-20 09:18:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-20 09:09:15 -------- d-----w- c:\windows\system32\EventProviders
2011-10-20 08:29:41 -------- d-----w- C:\BC4933DC5E2E349A34DBF3D70E
2011-10-20 08:19:16 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-10-20 07:55:59 1216000 ----a-w- c:\windows\system32\AuxiliaryDisplayCpl.dll
2011-10-20 07:54:53 880640 ----a-w- c:\windows\system32\RacEngn.dll
2011-10-20 07:53:59 614376 ----a-w- c:\windows\system32\ci.dll
2011-10-20 07:52:59 282624 ----a-w- c:\windows\system32\w32time.dll
2011-10-20 07:51:58 197632 ----a-w- c:\windows\system32\SndVol.exe
2011-10-20 07:50:59 73216 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-10-20 07:49:59 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2011-10-20 07:48:57 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-10-20 07:48:57 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-10-20 07:48:57 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-10-20 07:48:57 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-10-20 07:48:57 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-10-20 07:48:56 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-10-20 07:48:56 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-10-20 07:48:52 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2011-10-20 07:48:46 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-10-20 07:48:46 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-10-20 07:48:27 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-10-20 07:38:15 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-20 07:38:15 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-20 07:38:15 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-20 07:38:15 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-20 07:38:15 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-20 07:11:36 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2011-10-20 07:11:36 515584 ----a-w- c:\program files\windows mail\wab.exe
2011-10-20 07:11:36 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2011-10-20 07:11:34 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-10-20 07:11:33 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-10-20 07:11:29 36864 ----a-w- c:\windows\system32\rtutils.dll
2011-10-20 07:11:26 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-20 07:11:25 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-10-20 07:11:25 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-20 07:11:14 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-10-20 07:11:07 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-10-20 07:10:54 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-10-20 07:10:53 17920 ----a-w- c:\windows\system32\netevent.dll
2011-10-20 07:10:45 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-10-20 07:10:32 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-10-20 07:10:31 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-10-20 07:10:14 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-10-20 07:10:13 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-10-20 07:10:12 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-10-20 07:10:11 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-10-20 07:10:11 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-10-20 07:10:11 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-10-20 07:08:38 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-20 07:08:38 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-20 07:08:35 81920 ----a-w- c:\windows\system32\consent.exe
2011-10-20 07:08:31 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-10-20 07:08:27 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-10-20 07:08:23 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2011-10-20 07:08:20 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2011-10-20 07:08:17 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-10-20 07:08:13 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-20 07:08:08 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-10-20 07:07:59 1248768 ----a-w- c:\windows\system32\msxml3.dll
2011-10-20 07:07:53 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-20 07:07:51 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-10-20 07:07:27 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-10-20 07:07:26 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-10-20 07:07:26 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-10-20 07:07:26 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-10-20 07:07:26 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-10-20 07:07:01 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-20 06:56:35 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-20 06:56:23 276992 ----a-w- c:\windows\system32\schannel.dll
2011-10-20 06:56:14 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-10-20 06:48:44 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-10-20 06:48:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-10-20 06:48:43 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-10-20 06:41:06 -------- d-----w- c:\program files\Microsoft
2011-10-20 06:40:49 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-10-20 06:38:30 -------- d-----w- c:\program files\common files\Windows Live
2011-10-20 06:29:45 -------- d-----w- c:\program files\MSECache
2011-10-20 06:24:44 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\HpUpdate
2011-10-20 06:24:08 -------- d-----w- c:\windows\Hewlett-Packard
.
==================== Find3M ====================
.
2011-10-20 22:36:54 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-10-20 22:35:54 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2011-10-20 08:16:49 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-20 01:35:23 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-10-20 01:35:11 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-10-19 08:35:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-07 13:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 13:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 13:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 22:13:32.72 ===============
Blottedisk
2011-11-19, 12:06
Hi jamper,

I'm pretty sure this is not related to malware, but to the cmos battery. However, let's first finish with any malware onboard, and then I will give you some info on how to deal with the cmos battery.

Please follow these steps:

Step 1 | Please go to the following site to scan a file: Virus Total (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fwww.virustotal.com)

Click on Browse, and upload the following file for analysis:

c:\windows\system32\tmp593A.tmp
c:\windows\system32\tmp4FA4.tmp
c:\windows\system32\tmp4DBF.tmp
c:\windows\system32\tmp3EBA.tmp
c:\windows\system32\tmp31A9.tmp

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

Step 2 | Let's perform an ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).


Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif (Selecting Uninstall application on close if you so wish)
jamper
2011-11-20, 00:47
Hi, I am not sure if I did something wrong or not but c:\windows\system32\tmp593A.tmp etc can not be found the only ones are c:\windows\system32\tmp000.tmp to c:\windows\system32\tmp004.tmp maybe I deleted them without knowing
:confused:


ESET


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=36882
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=23a1e5f20b97104fb35ac65d574485b1
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2011-10-18 12:40:51
# local_time=2011-10-18 05:40:51 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=6.0.6000 NT
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 95 138245425 155539972 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=136684
# found=1
# cleaned=0
# scan_time=9202
C:\Users\Jeannie Lavender\AppData\Roaming\00961AFA8BEA2AD73D9284C2DD53A932\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application 8468629D8D2E984EB8E1D054B3DBB282 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=23a1e5f20b97104fb35ac65d574485b1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-19 02:22:49
# local_time=2011-11-19 06:22:49 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 2042550 2042550 0 0
# compatibility_mode=5892 16776574 100 95 1679175 158312553 0 0
# compatibility_mode=8192 67108863 100 0 1852606 1852606 0 0
# scanned=166257
# found=2
# cleaned=2
# scan_time=7546
C:\Users\Jeannie Lavender\AppData\Roaming\00961AFA8BEA2AD73D9284C2DD53A932\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Jeannie Lavender\Desktop\cnet_ZSoft_Uninstaller_2_5_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=23a1e5f20b97104fb35ac65d574485b1
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-19 08:19:37
# local_time=2011-11-19 12:19:37 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 2071290 2071290 0 0
# compatibility_mode=5892 16776574 100 95 1707915 158341293 0 0
# compatibility_mode=8192 67108863 100 0 1881346 1881346 0 0
# scanned=3526
# found=0
# cleaned=0
# scan_time=212
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=23a1e5f20b97104fb35ac65d574485b1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-19 10:45:50
# local_time=2011-11-19 02:45:50 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 2071705 2071705 0 0
# compatibility_mode=5892 16776574 100 95 1708330 158341708 0 0
# compatibility_mode=8192 67108863 100 0 1881761 1881761 0 0
# scanned=166065
# found=1
# cleaned=0
# scan_time=8567
C:\Users\Jeannie Lavender\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\70ee13c8-2ecc806d Java/TrojanDownloader.OpenStream.NCA trojan (unable to clean) 00000000000000000000000000000000 I
Blottedisk
2011-11-20, 01:55
Thanks for the log.

There are remnants of the infection in your Java's cache. Let's clean it.

Click Start > Control Panel.
Double-click the Java icon in the control panel.
http://www.java.com/en/img/download/plugin_cache1.jpg
Click Settings under Temporary Internet Files.
http://www.java.com/en/img/download/plugin_cache2.jpg
Click Delete Files.
http://www.java.com/en/img/download/plugin_cache3.jpg
Click OK on Delete Temporary Files window.
Click OK on Temporary Files Settings window.


After that, please delete the following files (right-click on them and send to the recicle bin):

c:\windows\system32\tmp000.tmp
c:\windows\system32\tmp002.tmp
c:\windows\system32\tmp003.tmp
c:\windows\system32\tmp004.tmp

After that, run DDS again and paste the log.

After running DDS, please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

--------------------------------------------------------------------
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
c:\windows\system32\*.tmp

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
jamper
2011-11-20, 02:40
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Run by Jeannie Lavender at 17:28:58 on 2011-11-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.203 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe
C:\program files\clearwire\connection manager\Location Finder\mylocal.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\osk.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 66.233.169.12 64.13.115.12
TCP: Interfaces\{02038206-7C08-4C51-8EF4-72B0822C863A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9FE84712-9608-4D73-87D6-B1AD39489673} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{B46D9F83-1D51-4D38-A6F3-6B2D6493ACF8} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{E6A6814A-4D6D-4A90-A15F-DE84F1E37853} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EE1FD3A5-99C1-43FC-A106-74EA610F1620} : DhcpNameServer = 66.233.169.12 64.13.115.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jeannie lavender\appdata\roaming\mozilla\firefox\profiles\qo91xb17.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jeannie lavender\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\jeannie lavender\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jeannie lavender\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-10-19 21504]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-15 1153368]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2009-11-9 107856]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-5-21 401408]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-11-3 282112]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-11-3 51712]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\clearwire\connection manager\ConAppsSvc.exe [2009-11-9 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2009-11-9 120144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S2 inewnetworks;Network Location Awarenes(NLA);c:\windows\system32\svchost.exe -k inetworks [2011-10-19 21504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-2-6 464384]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2011-10-15 523264]
.
=============== Created Last 30 ================
.
2011-11-19 09:04:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-19 01:06:33 17064 ----a-w- c:\windows\system32\lxdnwupd.exe
2011-11-19 01:06:32 102400 ----a-w- c:\windows\system32\lxdnwupd.dll
2011-11-19 01:06:25 438272 ----a-w- c:\windows\system32\LXDNhcp.dll
2011-11-19 01:06:25 348160 ----a-w- c:\windows\system32\LXDNinst.dll
2011-11-19 01:06:03 -------- d-----w- c:\program files\Lexmark 2600 Series
2011-11-19 00:06:40 115200 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdndrpp.dll
2011-11-18 22:45:55 -------- d-----w- c:\program files\MozBackup
2011-11-13 11:18:06 -------- d-----w- c:\users\jeannie lavender\appdata\local\Clearwire
2011-11-13 11:16:56 -------- d-----w- c:\program files\common files\PctelEapPeer Authentication
2011-11-13 11:13:35 -------- d-----w- c:\programdata\Clearwire
2011-11-13 09:15:07 -------- d-----w- c:\program files\CCleaner
2011-11-12 05:42:02 -------- d-----w- c:\windows\pss
2011-11-09 02:31:29 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 02:27:58 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 02:27:55 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-08 05:52:08 -------- d-----w- c:\programdata\Big Fish Games
2011-11-08 05:45:49 -------- d-----w- C:\BigFishGamesCache
2011-11-04 01:43:25 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\FaxCtr
2011-11-04 00:25:08 -------- d-----w- c:\users\jeannie lavender\appdata\roaming\Lexmark Productivity Studio
2011-11-04 00:18:59 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
2011-11-04 00:18:59 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
2011-11-04 00:18:39 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
2011-11-04 00:18:39 53248 ----a-w- c:\windows\system32\lxf3oem.dll
2011-11-04 00:18:39 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
2011-11-04 00:18:39 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
2011-11-04 00:18:38 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2011-11-04 00:18:38 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
2011-11-04 00:18:37 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2011-11-04 00:18:27 -------- d-----w- c:\programdata\FaxCtr
2011-11-04 00:18:07 -------- d-----w- c:\program files\Lexmark Fax Solutions
2011-11-04 00:17:45 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2011-11-04 00:17:21 -------- d-----w- c:\program files\Lexmark Tools for Office
2011-11-04 00:09:01 -------- d-----w- C:\logs
2011-11-03 23:51:14 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2011-11-03 23:51:10 77906 ----a-w- c:\windows\system32\lxdncfg.dll
2011-11-03 23:44:56 -------- d-----w- c:\programdata\Ezprint
2011-11-03 23:44:13 -------- d-----w- c:\program files\Lexmark Toolbar
2011-11-03 23:14:20 -------- d-----w- c:\users\jeannie lavender\{8518fd66-cd08-478a-a9d6-c9edcdfd48be}
2011-11-03 22:59:17 -------- d-----w- c:\users\jeannie lavender\{aca43aac-32e0-46a2-8b24-c52481567b65}
2011-11-03 22:59:10 -------- d-----w- c:\program files\Lexmark 730 Series
2011-11-03 09:42:21 -------- d-----w- c:\users\jeannie lavender\appdata\local\Last.fm
2011-11-03 06:27:09 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-11-03 06:27:08 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-11-03 06:26:08 -------- d-----w- c:\program files\ConsoleClassix.com
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-10-27 21:53:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-10-27 21:53:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 01:32:49 -------- d-----w- c:\windows\system32\Adobe
2011-10-23 21:43:10 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-21 20:59:11 -------- d-----w- c:\users\jeannie lavender\{c5a5264c-5203-4090-bfac-519b80c68280}
2011-10-21 20:58:32 -------- d-----w- c:\programdata\lx_Cats
2011-10-21 20:58:20 -------- d-----w- C:\Temp
2011-10-21 20:50:48 -------- d-----w- c:\users\jeannie lavender\{b35cdf18-9f7e-4656-b0f9-ab3b14386a0a}
.
==================== Find3M ====================
.
2011-10-20 22:36:54 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-10-20 22:35:54 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2011-10-20 22:35:52 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-10-20 22:35:52 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-10-20 22:35:51 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-10-20 22:35:48 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-10-20 22:35:46 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-10-20 22:35:45 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-10-20 22:35:45 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-10-20 08:16:49 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-20 01:35:23 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-10-20 01:35:11 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-10-19 08:35:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-07 13:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 13:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 13:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 17:32:20.32 ===============



DDS

SystemLook 30.07.11 by jpshortstuff
Log created at 17:36 on 19/11/2011 by Jeannie Lavender
Administrator - Elevation successful

========== filefind ==========

Searching for "c:\windows\system32\*.tmp"
No files found.

-= EOF =-
Blottedisk
2011-11-22, 15:17
Hi jamper,

Please download ComboFix from one of the following locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)


Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
jamper
2011-11-22, 21:02
Hello, I think you are right about the cmos battery because I unplugged the computer to bring it to my house to work on it and when I started it up it did the same thing so I will replace it.

The computer seems to be running fine here is the ComboFix log:


ComboFix 11-11-22.01 - Jeannie Lavender 11/22/2011 10:18:39.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.344 [GMT -8:00]
Running from: c:\users\Jeannie Lavender\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Jeannie Lavender\AppData\Local\{FD05E442-AFC2-48A8-9CE8-72A4B0D1719C}
c:\users\Jeannie Lavender\AppData\Local\{FD05E442-AFC2-48A8-9CE8-72A4B0D1719C}\chrome\content\overlay.xul
c:\users\Jeannie Lavender\AppData\Local\{FD05E442-AFC2-48A8-9CE8-72A4B0D1719C}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-22 18:27 . 2011-11-22 18:27 -------- d-----w- c:\users\Jeannie Lavender\AppData\Local\temp
2011-11-22 05:10 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2011-11-22 05:10 . 2011-07-16 14:17 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-11-22 05:10 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-11-22 05:10 . 2011-10-28 08:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-11-22 05:10 . 2011-11-22 05:11 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-11-19 09:04 . 2011-11-19 09:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-19 01:06 . 2008-02-27 23:07 17064 ----a-w- c:\windows\system32\lxdnwupd.exe
2011-11-19 01:06 . 2007-11-21 14:39 102400 ----a-w- c:\windows\system32\lxdnwupd.dll
2011-11-19 01:06 . 2007-11-28 23:09 438272 ----a-w- c:\windows\system32\LXDNhcp.dll
2011-11-19 01:06 . 2007-11-28 23:09 348160 ----a-w- c:\windows\system32\LXDNinst.dll
2011-11-19 01:06 . 2011-11-19 01:08 -------- d-----w- c:\program files\Lexmark 2600 Series
2011-11-19 00:06 . 2008-02-27 11:05 115200 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll
2011-11-18 22:45 . 2011-11-18 22:45 -------- d-----w- c:\program files\MozBackup
2011-11-13 11:18 . 2011-11-13 11:18 -------- d-----w- c:\users\Jeannie Lavender\AppData\Local\Clearwire
2011-11-13 11:16 . 2011-11-13 11:16 -------- d-----w- c:\program files\Common Files\PctelEapPeer Authentication
2011-11-13 11:13 . 2011-11-13 11:13 -------- d-----w- c:\programdata\Clearwire
2011-11-13 09:15 . 2011-11-13 09:15 -------- d-----w- c:\program files\CCleaner
2011-11-10 20:44 . 2011-11-10 20:44 -------- d-----w- c:\program files\ERUNT
2011-11-09 02:31 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 02:27 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 02:27 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 05:52 . 2011-11-10 20:40 -------- d-----w- c:\programdata\Big Fish Games
2011-11-08 05:45 . 2011-11-10 20:40 -------- d-----w- C:\BigFishGamesCache
2011-11-04 01:43 . 2011-11-04 01:43 -------- d-----w- c:\users\Jeannie Lavender\AppData\Roaming\FaxCtr
2011-11-04 00:25 . 2011-11-19 01:09 -------- d-----w- c:\users\Jeannie Lavender\AppData\Roaming\Lexmark Productivity Studio
2011-11-04 00:18 . 2007-11-01 14:29 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
2011-11-04 00:18 . 2007-11-01 14:28 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
2011-11-04 00:18 . 2007-11-01 14:33 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
2011-11-04 00:18 . 2007-08-27 17:44 53248 ----a-w- c:\windows\system32\lxf3oem.dll
2011-11-04 00:18 . 2007-05-02 02:05 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
2011-11-04 00:18 . 2007-05-02 02:05 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
2011-11-04 00:18 . 2007-05-02 02:05 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2011-11-04 00:18 . 2007-05-02 02:05 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
2011-11-04 00:18 . 2007-05-02 02:05 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2011-11-04 00:18 . 2011-11-04 00:18 -------- d-----w- c:\programdata\FaxCtr
2011-11-04 00:18 . 2011-11-04 00:21 -------- d-----w- c:\program files\Lexmark Fax Solutions
2011-11-04 00:17 . 2011-11-04 00:29 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2011-11-04 00:17 . 2011-11-19 01:08 -------- d-----w- c:\program files\Lexmark Tools for Office
2011-11-04 00:09 . 2011-11-04 00:09 -------- d-----w- C:\logs
2011-11-03 23:51 . 2008-02-15 04:52 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2011-11-03 23:51 . 2007-11-05 14:32 77906 ----a-w- c:\windows\system32\lxdncfg.dll
2011-11-03 23:44 . 2011-11-03 23:44 -------- d-----w- c:\programdata\Ezprint
2011-11-03 23:44 . 2011-11-04 00:17 -------- d-----w- c:\program files\Lexmark Toolbar
2011-11-03 23:14 . 2011-11-03 23:14 -------- d-----w- c:\users\Jeannie Lavender\{8518fd66-cd08-478a-a9d6-c9edcdfd48be}
2011-11-03 22:59 . 2011-11-03 23:02 -------- d-----w- c:\users\Jeannie Lavender\{aca43aac-32e0-46a2-8b24-c52481567b65}
2011-11-03 22:59 . 2011-11-03 23:07 -------- d-----w- c:\program files\Lexmark 730 Series
2011-11-03 09:42 . 2011-11-03 09:42 -------- d-----w- c:\users\Jeannie Lavender\AppData\Local\Last.fm
2011-11-03 06:27 . 2007-04-05 01:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-11-03 06:27 . 2007-03-12 23:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-11-03 06:26 . 2011-11-03 23:29 -------- d-----w- c:\program files\ConsoleClassix.com
2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-10-27 21:53 . 2011-10-27 21:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-10-27 21:52 . 2011-11-18 23:54 -------- d-----w- c:\program files\QuickTime
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 01:32 . 2011-10-24 01:32 -------- d-----w- c:\windows\system32\Adobe
2011-10-23 21:43 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-20 22:38 . 2011-10-20 22:38 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-20 22:38 . 2011-10-20 22:38 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-10-20 22:38 . 2011-10-20 22:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-20 22:38 . 2011-10-20 22:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-20 22:38 . 2011-10-20 22:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-20 22:38 . 2011-10-20 22:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-20 22:38 . 2011-10-20 22:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-20 22:38 . 2011-10-20 22:38 367104 ----a-w- c:\windows\system32\html.iec
2011-10-20 22:38 . 2011-10-20 22:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-20 22:38 . 2011-10-20 22:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-20 22:38 . 2011-10-20 22:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-20 22:38 . 2011-10-20 22:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-20 22:38 . 2011-10-20 22:38 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-20 22:38 . 2011-10-20 22:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-20 22:38 . 2011-10-20 22:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-20 22:38 . 2011-10-20 22:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-20 22:38 . 2011-10-20 22:38 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-10-20 22:38 . 2011-10-20 22:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-20 22:38 . 2011-10-20 22:38 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-20 22:38 . 2011-10-20 22:38 101888 ----a-w- c:\windows\system32\admparse.dll
2011-10-20 22:38 . 2011-10-20 22:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-20 22:36 . 2011-10-20 22:36 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-10-20 22:36 . 2011-10-20 22:36 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-10-20 22:36 . 2011-10-20 22:36 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-10-20 22:36 . 2011-10-20 22:36 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-10-20 22:36 . 2011-10-20 22:36 98816 ----a-w- c:\windows\system32\mfps.dll
2011-10-20 22:36 . 2011-10-20 22:36 2873344 ----a-w- c:\windows\system32\mf.dll
2011-10-20 22:36 . 2011-10-20 22:36 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-10-20 22:36 . 2011-10-20 22:36 586240 ----a-w- c:\windows\system32\stobject.dll
2011-10-20 22:36 . 2011-10-20 22:36 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-10-20 22:36 . 2011-10-20 22:36 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-20 22:36 . 2011-10-20 22:36 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-10-20 22:36 . 2011-10-20 22:36 37376 ----a-w- c:\windows\system32\cdd.dll
2011-10-20 22:36 . 2011-10-20 22:36 258048 ----a-w- c:\windows\system32\winspool.drv
2011-10-20 22:36 . 2011-10-20 22:36 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-10-20 22:36 . 2011-10-20 22:36 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-10-20 22:35 . 2011-10-20 22:35 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-10-20 22:35 . 2011-10-20 22:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-10-20 22:35 . 2011-10-20 22:35 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-10-20 22:35 . 2011-10-20 22:35 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-10-20 22:35 . 2011-10-20 22:35 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-10-20 22:35 . 2011-10-20 22:35 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-10-20 22:35 . 2011-10-20 22:35 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-10-20 22:35 . 2011-10-20 22:35 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-10-20 08:16 . 2011-10-18 09:27 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-20 01:35 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-10-20 01:35 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-10-19 08:35 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-17 22:13 . 2011-10-17 22:13 0 ---ha-w- c:\users\Jeannie Lavender\AppData\Local\BITF0B.tmp
2011-10-08 02:29 . 2011-05-03 18:36 0 ----a-w- c:\users\Jeannie Lavender\AppData\Local\Dceloho.bin
2011-10-07 13:23 . 2011-10-07 13:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 13:21 . 2011-10-04 13:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 13:30 . 2011-09-13 13:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30 . 2011-10-20 20:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00 . 2011-10-16 07:31 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-20 20:32 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-20 20:32 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-20 20:32 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 13:31 . 2011-10-20 20:32 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-29 06:53 . 2011-11-19 08:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-12-01 54608]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jeannie Lavender^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\users\Jeannie Lavender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2009-01-29 15:43 320168 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
"Google Update"="c:\users\Jeannie Lavender\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"WPCUMI"=c:\windows\system32\WpcUmi.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R2 inewnetworks;Network Location Awarenes(NLA);c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\Clearwire\Connection Manager\ConAppsSvc.exe [2009-11-09 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [2009-11-09 120144]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2010-02-07 464384]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-12-10 523264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2008-02-27 594600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2009-11-09 107856]
S3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-04-09 401408]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2009-11-04 282112]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2009-11-04 51712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
inetworks REG_MULTI_SZ inewnetworks
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 06:30]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 06:30]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822510456-4128253031-764409555-1000Core.job
- c:\users\Jeannie Lavender\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 01:51]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822510456-4128253031-764409555-1000UA.job
- c:\users\Jeannie Lavender\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 01:51]
.
2011-11-22 c:\windows\Tasks\User_Feed_Synchronization-{6FC22B2E-2EDB-403E-9883-BED2008ACD31}.job
- c:\windows\system32\msfeedssync.exe [2011-10-20 22:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 66.233.169.12 64.13.115.12
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Jeannie Lavender\AppData\Roaming\Mozilla\Firefox\Profiles\qo91xb17.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-22 10:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-22 10:31:13
ComboFix-quarantined-files.txt 2011-11-22 18:31
ComboFix2.txt 2011-10-18 06:31
.
Pre-Run: 275,624,095,744 bytes free
Post-Run: 275,599,495,168 bytes free
.
- - End Of File - - 5F2C9A5C9CA9234B7DBE297A239ED1A3
Blottedisk
2011-11-23, 02:32
Nice job.

Please let me know once you have changed the battery.

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform Quick scan, then click on Scan
When done, you will be prompted. Click OK. If Items are found, then click on Show Results
Check all items then click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply.

The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
jamper
2011-11-23, 06:08
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8221

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/22/2011 9:06:02 PM
mbam-log-2011-11-22 (21-06-02).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 334435
Time elapsed: 1 hour(s), 29 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Blottedisk
2011-11-23, 12:04
How's the machine working now?
jamper
2011-11-23, 22:50
Everything seems to be fine now.
Thank you very much
Blottedisk
2011-11-25, 03:38
You are very welcome :)

So we are finished now. One last effort, and then we are done:


Step 1 | Delete ComboFix and Clean Up

The following will implement some cleanup procedures as well as reset System Restore points. Click Start > Run and copy/paste the following underlined text into the Run box and click OK:

ComboFix /Uninstall

Please advise if this step is missed for any reason as it performs some important actions.

Step 2 | Clean up with OTL

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
Now, from the desktop, delete any logs that you have left over.

Step 3 | I don't see any evidence of a 3rd Party Firewall installed on your computer. If you have one installed, make sure it's functioning properly. As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access from the outside world. Firewalls protect against hackers and malicious intruders.

If you do not have a firewall installed...
I strongly recommend you download a free (for personal use) firewall NOW that monitors traffic in both directions... from one of these vendors:

Comodo (http://personalfirewall.comodo.com/download_firewall.html ) (Is now bundled with AV software, toolbar and search provider. Opt to install only the firewall software... uncheck the rest)
Online Armor Free (http://www.tallemu.com/downloads.php ) (Free version at bottom of page (XP/Vista/W7 (32bit).) 64bit version not available yet. Some reported conflicts with Avira AntiVir.
ZoneAlarm (http://download.cnet.com/ZoneAlarm/3000-10435_4-10039884.html ) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
Ashampoo (http://www.download.com/Ashampoo-FireWall/3000-10435_4-10575187.html )

Remember to install and have active, only one firewall at the same time. If you install one of these firewalls, remember to turn off Windows' firewall.

Last Step | Now, in order to avoid future infections, please take time to read the following article:

So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?t=279 )

Thank you for your patience, and performing all of the procedures requested. I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed :)
jamper
2011-11-25, 23:21
All done , computer running fine, Thank You very much.
Blottedisk
2011-11-26, 01:22
You are welcome :)

Since this issue appears to be resolved, this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please read the guidelines to request assistance (http://forums.spybot.info/showthread.php?t=288 ) and then begin a New Topic.