bobbibo
2012-10-03, 08:05
My Windows XP SP3 PC has been "infected" by in.admedia.com. Symptoms are while browsing with latest Firefox continuous connection attempts to that URL.
Simultaneous other symptoms: Firefox cannot be closed any more (need to delete process via task manager) and D3D9 window does not close on shutting down Windows.
Tried ccleaner, PCcleaner, avast scan, malwarebytes scan and spybot scan. Two threats were removed.
Problem remained.
Ran log utilities as suggested.
I attach logs as requested.
Please help!
Thanks
Bob
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Mr. Upperfilter at 9:37:29 on 2012-10-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.464 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\afasrv32.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe
C:\Program Files\Sitecom MD-020 SIM Editor\iconcs35670031.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-160\AirNCFG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Cleaners\PCCleaners.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\twain_32\L12U16U2\SrvMod.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Corel\Draw70\programs\photopnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.privitize.com/?aff=7
mStart Page = hxxp://search.privitize.com/?aff=7
uInternet Settings,ProxyOverride = *.local
BHO: OneTab Add-on: {16adea98-d215-4f51-80af-5e5ed660b9c0} - c:\documents and settings\mr. upperfilter\application data\onetab\OneTab.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Go!Zilla IE Helper: {e1ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\gozilla\GozCatch.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CTDVDDet] c:\program files\creative\usb sbaudigy2 nx\dvdaudio\CTDVDDet.EXE
mRun: [CTSysVol] c:\program files\creative\usb sbaudigy2 nx\surround mixer\CTSysVol.exe /r
mRun: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [beidsccertprop] c:\program files\belgium identity card\beid certprop\beidsccertprop.exe
mRun: [USBestCR] c:\program files\sitecom md-020 sim editor\iconcs35670031.exe RunFromReg
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless N Dual Band DWA-160 ] c:\program files\d-link\dwa-160\AirNCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PC Cleaners] "c:\program files\pc cleaners\PCCleaners.exe" /minimize
StartupFolder: c:\docume~1\mrfd37~1.upp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\srvmod.lnk - c:\windows\twain_32\l12u16u2\SrvMod.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: samsungsetup.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6F9B1193-D85D-44C7-951C-757C1CCD8C22} : NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{6F9B1193-D85D-44C7-951C-757C1CCD8C22} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mr. upperfilter\application data\mozilla\firefox\profiles\djypd3a8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.startsearcher.com/?q=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q=
FF - plugin: c:\documents and settings\mr. upperfilter\application data\mozilla\firefox\profiles\djypd3a8.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - 2c727fd9-3aab-4fbd-bb0f-a20d5bf35317
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyOFk25x5&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 3479baf0000000000000f07d6817f21c
FF - user.js: extensions.incredibar_i.instlDay - 15603
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.147:58:08
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyOFk25x5
FF - user.js: extensions.incredibar_i.upn2n - 92262137322687143
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-24 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-24 355632]
R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2011-11-25 6144]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-9-19 232512]
R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [2012-6-22 65536]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2012-6-28 151552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-24 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-24 44808]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-9-13 95568]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-11-25 217088]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-6-28 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-26 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-10 676936]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2012-9-19 66944]
R3 arusb(Atheros);D-Link Wireless Network Adapter Service;c:\windows\system32\drivers\dwarusb.sys [2011-11-25 592384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-9-13 18120]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-11-25 36640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-10 22856]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-6-10 75904]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-6-10 168448]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\arcsec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-24 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-30 250288]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-24 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-10 114144]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2011-12-8 892160]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-11-25 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-11-25 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-11-25 121576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-01 07:12:18 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\PC Cleaners
2012-10-01 07:12:12 4589880 ----a-w- c:\windows\uninst.exe
2012-10-01 07:12:10 -------- d-----w- c:\program files\PC Cleaners
2012-10-01 07:12:10 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\PCPro
2012-10-01 07:12:10 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2012-09-30 20:07:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-30 20:07:13 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-30 20:05:00 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 06:27:54 -------- d--h--w- c:\windows\msdownld.tmp
2012-09-30 06:26:44 -------- d-----w- c:\windows\system32\appmgmt
2012-09-30 06:17:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-09-30 06:17:41 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-30 06:06:20 -------- d-----w- c:\windows\Logs
2012-09-26 07:56:20 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2012-09-26 07:56:15 -------- d-----w- c:\program files\DejaConnect
2012-09-26 07:56:15 -------- d-----w- c:\documents and settings\mr. upperfilter\.android
2012-09-26 07:51:30 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\CompanionLink
2012-09-26 07:51:18 -------- d-----w- c:\program files\CompanionLink
2012-09-22 16:24:41 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\SupRip
2012-09-22 16:05:27 -------- d-----w- c:\program files\suprip
2012-09-22 16:02:22 -------- d-----w- c:\program files\subrip
2012-09-22 14:00:44 -------- d-----w- c:\program files\eac3to317
2012-09-22 05:23:28 -------- d-----w- c:\windows\system32\NtmsData
2012-09-20 05:57:09 -------- d-----w- c:\program files\Yontoo
2012-09-20 05:57:07 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-09-19 21:37:58 -------- d-----w- c:\documents and settings\mr. upperfilter\local settings\application data\ArcSoft
2012-09-19 21:37:57 -------- d-----w- c:\documents and settings\all users\application data\ArcSoft
2012-09-19 15:29:50 -------- d-----w- c:\documents and settings\all users\application data\vsosdk
2012-09-19 14:15:50 -------- d-----w- C:\IDEAL_MEDIA_SOLUTION
2012-09-19 14:15:34 -------- d-----w- c:\program files\IdealMediaSolution
2012-09-19 14:06:36 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-19 14:06:24 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-09-19 14:04:03 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\DAEMON Tools Lite
2012-09-19 14:03:59 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2012-09-19 13:59:40 -------- d-----w- C:\IDEALBDCOPY_TEMP
2012-09-19 13:59:40 -------- d-----w- c:\documents and settings\all users\application data\IdealSoftware
2012-09-19 13:59:17 66944 ----a-w- c:\windows\system32\drivers\thdudf.sys
2012-09-19 13:59:14 -------- d-----w- c:\program files\IdealBDCopy
2012-09-10 16:17:11 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\Malwarebytes
2012-09-10 16:16:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-10 16:16:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-10 16:16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-09 15:16:57 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-08 08:12:16 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\OneTab
.
==================== Find3M ====================
.
2012-09-30 20:07:02 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-30 20:07:00 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-30 20:05:00 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 9:38:09,98 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 09:40:15
-----------------------------
09:40:15.468 OS Version: Windows 5.1.2600 Service Pack 3
09:40:15.468 Number of processors: 2 586 0x170A
09:40:15.468 ComputerName: MR-UPPERFILTER UserName:
09:40:16.265 Initialize success
09:40:17.265 AVAST engine defs: 12100101
09:40:21.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
09:40:21.218 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3
09:40:21.296 Disk 0 MBR read successfully
09:40:21.296 Disk 0 MBR scan
09:40:21.375 Disk 0 Windows XP default MBR code
09:40:21.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 2048
09:40:21.515 Disk 0 scanning sectors +976769024
09:40:21.625 Disk 0 scanning C:\WINDOWS\system32\drivers
09:40:32.328 Service scanning
09:40:42.078 Modules scanning
09:40:46.015 Disk 0 trace - called modules:
09:40:46.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:40:46.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6e3ab8]
09:40:46.421 3 CLASSPNP.SYS[b98e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a6e7510]
09:40:46.421 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8a6e6d98]
09:40:47.140 AVAST engine scan C:\WINDOWS
09:40:51.765 AVAST engine scan C:\WINDOWS\system32
09:43:05.296 AVAST engine scan C:\WINDOWS\system32\drivers
09:43:27.718 AVAST engine scan C:\Documents and Settings\Mr. Upperfilter
09:54:02.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mr. Upperfilter\My Documents\MBR.dat"
09:54:02.015 The log file has been saved successfully to "C:\Documents and Settings\Mr. Upperfilter\My Documents\(spybot) aswMBR.txt"
9959
Simultaneous other symptoms: Firefox cannot be closed any more (need to delete process via task manager) and D3D9 window does not close on shutting down Windows.
Tried ccleaner, PCcleaner, avast scan, malwarebytes scan and spybot scan. Two threats were removed.
Problem remained.
Ran log utilities as suggested.
I attach logs as requested.
Please help!
Thanks
Bob
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Mr. Upperfilter at 9:37:29 on 2012-10-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.464 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\afasrv32.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe
C:\Program Files\Sitecom MD-020 SIM Editor\iconcs35670031.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-160\AirNCFG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Cleaners\PCCleaners.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\twain_32\L12U16U2\SrvMod.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Corel\Draw70\programs\photopnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.privitize.com/?aff=7
mStart Page = hxxp://search.privitize.com/?aff=7
uInternet Settings,ProxyOverride = *.local
BHO: OneTab Add-on: {16adea98-d215-4f51-80af-5e5ed660b9c0} - c:\documents and settings\mr. upperfilter\application data\onetab\OneTab.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Go!Zilla IE Helper: {e1ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\gozilla\GozCatch.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CTDVDDet] c:\program files\creative\usb sbaudigy2 nx\dvdaudio\CTDVDDet.EXE
mRun: [CTSysVol] c:\program files\creative\usb sbaudigy2 nx\surround mixer\CTSysVol.exe /r
mRun: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [beidsccertprop] c:\program files\belgium identity card\beid certprop\beidsccertprop.exe
mRun: [USBestCR] c:\program files\sitecom md-020 sim editor\iconcs35670031.exe RunFromReg
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless N Dual Band DWA-160 ] c:\program files\d-link\dwa-160\AirNCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PC Cleaners] "c:\program files\pc cleaners\PCCleaners.exe" /minimize
StartupFolder: c:\docume~1\mrfd37~1.upp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\srvmod.lnk - c:\windows\twain_32\l12u16u2\SrvMod.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: samsungsetup.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6F9B1193-D85D-44C7-951C-757C1CCD8C22} : NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{6F9B1193-D85D-44C7-951C-757C1CCD8C22} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mr. upperfilter\application data\mozilla\firefox\profiles\djypd3a8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.startsearcher.com/?q=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q=
FF - plugin: c:\documents and settings\mr. upperfilter\application data\mozilla\firefox\profiles\djypd3a8.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - 2c727fd9-3aab-4fbd-bb0f-a20d5bf35317
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyOFk25x5&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 3479baf0000000000000f07d6817f21c
FF - user.js: extensions.incredibar_i.instlDay - 15603
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.147:58:08
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyOFk25x5
FF - user.js: extensions.incredibar_i.upn2n - 92262137322687143
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-24 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-24 355632]
R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2011-11-25 6144]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-9-19 232512]
R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [2012-6-22 65536]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2012-6-28 151552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-24 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-24 44808]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-9-13 95568]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-11-25 217088]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-6-28 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-26 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-10 676936]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2012-9-19 66944]
R3 arusb(Atheros);D-Link Wireless Network Adapter Service;c:\windows\system32\drivers\dwarusb.sys [2011-11-25 592384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-9-13 18120]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-11-25 36640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-10 22856]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-6-10 75904]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-6-10 168448]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\arcsec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-24 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-30 250288]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-24 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-10 114144]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2011-12-8 892160]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-11-25 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-11-25 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-11-25 121576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-01 07:12:18 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\PC Cleaners
2012-10-01 07:12:12 4589880 ----a-w- c:\windows\uninst.exe
2012-10-01 07:12:10 -------- d-----w- c:\program files\PC Cleaners
2012-10-01 07:12:10 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\PCPro
2012-10-01 07:12:10 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2012-09-30 20:07:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-30 20:07:13 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-30 20:05:00 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 06:27:54 -------- d--h--w- c:\windows\msdownld.tmp
2012-09-30 06:26:44 -------- d-----w- c:\windows\system32\appmgmt
2012-09-30 06:17:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-09-30 06:17:41 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-30 06:06:20 -------- d-----w- c:\windows\Logs
2012-09-26 07:56:20 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2012-09-26 07:56:15 -------- d-----w- c:\program files\DejaConnect
2012-09-26 07:56:15 -------- d-----w- c:\documents and settings\mr. upperfilter\.android
2012-09-26 07:51:30 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\CompanionLink
2012-09-26 07:51:18 -------- d-----w- c:\program files\CompanionLink
2012-09-22 16:24:41 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\SupRip
2012-09-22 16:05:27 -------- d-----w- c:\program files\suprip
2012-09-22 16:02:22 -------- d-----w- c:\program files\subrip
2012-09-22 14:00:44 -------- d-----w- c:\program files\eac3to317
2012-09-22 05:23:28 -------- d-----w- c:\windows\system32\NtmsData
2012-09-20 05:57:09 -------- d-----w- c:\program files\Yontoo
2012-09-20 05:57:07 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-09-19 21:37:58 -------- d-----w- c:\documents and settings\mr. upperfilter\local settings\application data\ArcSoft
2012-09-19 21:37:57 -------- d-----w- c:\documents and settings\all users\application data\ArcSoft
2012-09-19 15:29:50 -------- d-----w- c:\documents and settings\all users\application data\vsosdk
2012-09-19 14:15:50 -------- d-----w- C:\IDEAL_MEDIA_SOLUTION
2012-09-19 14:15:34 -------- d-----w- c:\program files\IdealMediaSolution
2012-09-19 14:06:36 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-19 14:06:24 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-09-19 14:04:03 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\DAEMON Tools Lite
2012-09-19 14:03:59 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2012-09-19 13:59:40 -------- d-----w- C:\IDEALBDCOPY_TEMP
2012-09-19 13:59:40 -------- d-----w- c:\documents and settings\all users\application data\IdealSoftware
2012-09-19 13:59:17 66944 ----a-w- c:\windows\system32\drivers\thdudf.sys
2012-09-19 13:59:14 -------- d-----w- c:\program files\IdealBDCopy
2012-09-10 16:17:11 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\Malwarebytes
2012-09-10 16:16:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-10 16:16:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-10 16:16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-09 15:16:57 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-08 08:12:16 -------- d-----w- c:\documents and settings\mr. upperfilter\application data\OneTab
.
==================== Find3M ====================
.
2012-09-30 20:07:02 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-30 20:07:00 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-30 20:05:00 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 9:38:09,98 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 09:40:15
-----------------------------
09:40:15.468 OS Version: Windows 5.1.2600 Service Pack 3
09:40:15.468 Number of processors: 2 586 0x170A
09:40:15.468 ComputerName: MR-UPPERFILTER UserName:
09:40:16.265 Initialize success
09:40:17.265 AVAST engine defs: 12100101
09:40:21.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
09:40:21.218 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3
09:40:21.296 Disk 0 MBR read successfully
09:40:21.296 Disk 0 MBR scan
09:40:21.375 Disk 0 Windows XP default MBR code
09:40:21.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 2048
09:40:21.515 Disk 0 scanning sectors +976769024
09:40:21.625 Disk 0 scanning C:\WINDOWS\system32\drivers
09:40:32.328 Service scanning
09:40:42.078 Modules scanning
09:40:46.015 Disk 0 trace - called modules:
09:40:46.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:40:46.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6e3ab8]
09:40:46.421 3 CLASSPNP.SYS[b98e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a6e7510]
09:40:46.421 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8a6e6d98]
09:40:47.140 AVAST engine scan C:\WINDOWS
09:40:51.765 AVAST engine scan C:\WINDOWS\system32
09:43:05.296 AVAST engine scan C:\WINDOWS\system32\drivers
09:43:27.718 AVAST engine scan C:\Documents and Settings\Mr. Upperfilter
09:54:02.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mr. Upperfilter\My Documents\MBR.dat"
09:54:02.015 The log file has been saved successfully to "C:\Documents and Settings\Mr. Upperfilter\My Documents\(spybot) aswMBR.txt"
9959